Encrypt home folder using ecryptfs

According to Ecryptfs kernel module, ecryptfs is bundled with ClearLinux, but commands such as ecryptfs-migrate-home seem not to be available and I can’t find them in any of the swupd bundles.

sudo cat /lib/kernel/config-5.2.15-834.native | grep ECRYPT_FS

shows:

CONFIG_ECRYPT_FS=m

but the ecryptfs tools ecryptfs-* are not installed.

What should be the steps to encrypt a user’s home folder in ClearLinux?

I would recommend installing with full rootfs encryption enabled, since that is supported by the installer. @mhorn can elaborate. Docs are here:

https://docs.01.org/clearlinux/latest/get-started/bare-metal-install-server.html#encryption-passphrase

I want to avoid full disk encryption to enable rebooting the system remotely. I assume a full encryption would require entering the encryption passphrase every time the system boots before allowing any external ssh connection.

These are part of ecryptfs-utils https://launchpad.net/ecryptfs which are not packaged in CL currently. I’ll see if we can get it added.