Hi, I'm posting this here in case anyone else wants to encrypt their /home/phablet
directory, I'd strongly suggest that only people who know their way around Linux via the command line do this…
This is easier to do if you have ssh
access to the phone, to enable that use the UT Tweak Tool or do it using the command line, in this example $GITHUBUSERNAME
is your GitHub username and it assumes your public SSH keys are available at this URL, you could also use adb
to push your public keys to the phone:
android-gadget-service enable ssh
cd
mkdir .ssh
chmod 700 .ssh
cd .ssh
wget https://github.com/$GITHUBUSERNAME.keys -O authorized_keys
chmod 600 authorized_keys
You can then ssh
to the phone as the phablet
user.
Install cryptsetup
, by remounting root read write (do not run apt-get upgrade
— only install packages that are essential to you like this):
mount -o rw,remount /
apt-get update
apt-get install cryptsetup
mount -o ro,remount /
Create a 2G disk, encrypt it, format it, mount it, rsync data to it, unmount and remount it and restart the display manager:
sudo -i
cd /home
fallocate -l 2G phablet.img
cryptsetup luksFormat phablet.img
cryptsetup luksOpen phablet.img phablet
mkfs.ext4 /dev/mapper/phablet
mkdir /media/phablet
mount /dev/mapper/phablet /media/phablet
rsync -av /home/phablet/ /media/phablet/
umount /media/phablet/
mount /dev/mapper/phablet /home/phablet
cd /tmp
nohup /etc/init.d/lightdm force-reload
If everything is OK you might then want to delete the extra copy of the data at /home/phablet
, or if you have done this on an initial install install of the phone you might want to leave that where it is since the phone will then appear to have no data on it when booted and your data will only appear after you have decrypted and mounted the disk:
sudo -i
cryptsetup luksOpen phablet.img phablet
e2fsck /dev/mapper/phablet
mount /dev/mapper/phablet /home/phablet
cd /tmp
nohup /etc/init.d/lightdm force-reload