Encrypting /home on Dell XPS 13 7390

The following procedure adds encryption to pre-installed Ubuntu 18.04 on Dell XPS 13 7390:

  1. Within a console or terminal, sudo into root.
  2. $ sudo su -
  3. Create LUKS encrypted file container (20,000 Megabytes or 20GB, for example).
  4. # dd status=progress if=/dev/zero bs=1M count=20000 of=/.hostname-home.img
    # cryptsetup luksFormat /.hostname-home.img
  5. Open LUKS encrypted file container.
  6. # cryptsetup luksOpen /.hostname-home.img hostname-home
  7. Format encrypted filesystem.
  8. # mkfs.ext4 /dev/mapper/hostname-home
  9. Move original /home content to temporary location.
  10. # mkdir /root/home
    # mv /home/* /root/home/.
  11. Mount the encrypted filesystem.
  12. # mount /dev/mapper/hostname-home /home
  13. Move /home content into encrypted filesystem.
  14. # mv /root/home/* /home/.
    # rmdir /root/home
  15. Unmount the encrypted container, potentially flushing (writing) pending data to disk.
  16. # umount /home
  17. Close the LUKS encrypted file container, potentially flushing (writing) pending data to disk.
  18. # cryptsetup luksClose hostname-home
  19. Add entry into /etc/crypttab.
  20. # echo \
    "hostname-home /.hostname-home.img - tries=0" \
    >> /etc/crypttab
  21. Add entry into /etc/fstab.
  22. # echo \
    "/dev/mapper/hostname-home /home ext4 defaults 0 0" \
    >> /etc/fstab

I recently received my Dell XPS 13 7390 with pre-installed Ubuntu 18.04. My top concern is securing data such as private SSH keys and passwords saved by Internet browsers from the real possibility of losing my laptop to absent-mindedness or theft. My purist side insists on configuring full disk encryption by performing a fresh install from a publicly available Ubuntu download. My pragmatic side pushed me toward adopting the above procedure. Without the needed transparency from Dell on their additions to Ubuntu, it is difficult to determine whether a publicly available Ubuntu download will fully support the features of my new Dell XPS 7390. The above procedure encrypts any data writable by unprivileged users while remaining unprivileged. It introduces a basic layer of security while allowing enjoyment of a system configured by Dell.

Questions, comments, and responses are welcomed and appreciated.

One Response to “Encrypting /home on Dell XPS 13 7390”

  1. Noel Says:

    Hi Steve, not sure what I stumbled upon but let me know when you post next in English. Thanks and happy holidays!

Leave a Reply