Encrypting /home on Dell XPS 13 7390

The following procedure adds encryption to pre-installed Ubuntu 18.04 on Dell XPS 13 7390:

  1. Within a console or terminal, sudo into root.
    2. $ sudo su -
  2. Create LUKS encrypted file container (20,000 Megabytes or 20GB, for example).
    3. # dd status=progress if=/dev/zero bs=1M count=20000 of=/.hostname-home.img
# cryptsetup luksFormat /.hostname-home.img
  3. Open LUKS encrypted file container.
    4. # cryptsetup luksOpen /.hostname-home.img hostname-home
  4. Format encrypted filesystem.
    5. # mkfs.ext4 /dev/mapper/hostname-home
  5. Move original /home content to temporary location.
    6. # mkdir /root/home
# mv /home/* /root/home/.
  6. Mount the encrypted filesystem.
    7. # mount /dev/mapper/hostname-home /home
  7. Move /home content into encrypted filesystem.
    8. # mv /root/home/* /home/.
# rmdir /root/home
  8. Unmount the encrypted container, potentially flushing (writing) pending data to disk.
    9. # umount /home
  9. Close the LUKS encrypted file container, potentially flushing (writing) pending data to disk.
    10. # cryptsetup luksClose hostname-home
  10. Add entry into /etc/crypttab.
    11. # echo \
"hostname-home /.hostname-home.img - tries=0" \
>> /etc/crypttab
  11. Add entry into /etc/fstab.
    12. # echo \
"/dev/mapper/hostname-home /home ext4 defaults 0 0" \
>> /etc/fstab

I recently received my Dell XPS 13 7390 with pre-installed Ubuntu 18.04. My top concern is securing data such as private SSH keys and passwords saved by Internet browsers from the real possibility of losing my laptop to absent-mindedness or theft. My purist side insists on configuring full disk encryption by performing a fresh install from a publicly available Ubuntu download. My pragmatic side pushed me toward adopting the above procedure. Without the needed transparency from Dell on their additions to Ubuntu, it is difficult to determine whether a publicly available Ubuntu download will fully support the features of my new Dell XPS 7390. The above procedure encrypts any data writable by unprivileged users while remaining unprivileged. It introduces a basic layer of security while allowing enjoyment of a system configured by Dell.

This entry was posted on Thursday, November 28th, 2019 at 3:52 am and is filed under Security. You can follow any responses to this entry through the RSS 2.0 feed. You can leave a response, or trackback from your own site.

Questions, comments, and responses are welcomed and appreciated.

One Response to “Encrypting /home on Dell XPS 13 7390”

  1. Noel Says:
    December 25th, 2019 at 8:08 pm

    Hi Steve, not sure what I stumbled upon but let me know when you post next in English. Thanks and happy holidays!

Leave a Reply