Encrypt home folder using ecryptfs

According to Ecryptfs kernel module, ecryptfs is bundled with ClearLinux, but commands such as ecryptfs-migrate-home seem not to be available and I can’t find them in any of the swupd bundles.

sudo cat /lib/kernel/config-5.2.15-834.native | grep ECRYPT_FS



but the ecryptfs tools ecryptfs-* are not installed.

What should be the steps to encrypt a user’s home folder in ClearLinux?

I would recommend installing with full rootfs encryption enabled, since that is supported by the installer. @mhorn can elaborate. Docs are here:


I want to avoid full disk encryption to enable rebooting the system remotely. I assume a full encryption would require entering the encryption passphrase every time the system boots before allowing any external ssh connection.

These are part of ecryptfs-utils https://launchpad.net/ecryptfs which are not packaged in CL currently. I’ll see if we can get it added.