I originally posted this here, but have reposted it here as suggested by omns:
Does anyone have any experience reinstalling with encrypted /home and swap? I have / on one partition, encrypted /home on another, and encrypted swap on a third, running updated Waldorf 20120430. If I install the 20120806 release to the / partition and leave the /home partition unformatted, will the installer detect it is encrypted and set it up accordingly?
Edit: This post suggests that the Debian installer does not recognize existing encrypted partitions. The work-around looks suitably complex...
Last edited by SabreWolfy (2012-10-22 11:24:09)
I managed to update my install, keeping my home. This is what I did:
* backup the / partition files in case you need them later.
* reinstall the new distro. Do *not* specify a /home mount point.
* once booted into the new system:
+ install cryptsetup
+ change /etc/fstab to use /dev/mapper for your /home mount point
# <file system> <mount point> <type> <options> <dump> <pass> /dev/mapper/vault /home ext4 rw,errors=remount-ro 0 0
+ change /etc/crypttab to match
# <target name> <source device> <key file> <options> vault /dev/HOME none luks
This is a subset of the instructions I posted here, in "Phase 2".
I guessed my old dotfiles (~/.*) may leave historical cruft and outdated application configs, so before rebooting, I used the "luksOpen" command, mounted the /home container and replaced my old dotfiles with the ones from the current session.
I did not use encrypted swap this time, so I can only suggest: during install, do not specify swap (or format as normal swap), and use the procedure in the link above to convert to encrypted swap.