This is a quick summary of how to set up encryption during the installation of a Debian based system. It is actually not full disk, but full partition. It assumes you want a separate /, /home and swap, all encrypted. It uses LUKS and dm-crypt. For a detailed explanation, see https://xo.tc/full-disk-encryption-on-linux.html.
This is a summary of the excellent article at [https://xo.tc/setting-up-full-disk-encryption-on-debian-jessie.html]. I'm writing this more because he is very, very detailed with lots of pretty pictures, and I wanted a quick and dirty. Thus, if you want to “know” what you're doing, read his article. If you are pretty sure what you're doing and just want a recipe, use this.
mkdir /etc/keys dd if=/dev/random of=/etc/keys/sda6.key bs=1 count=32 # create 32 byte key chmod 400 /etc/keys/sda6.key # add key file to /dev/sda6. When asked, use the key you created during install cryptsetup luksAddKey /dev/sda6 /etc/keys/sda6.key # add key to /home # now, remove the key you used at install for sda6 (you'll be asked which to to remove) cryptsetup luksRemoveKey /dev/sda6
At this point, you should be able to reboot. You will be asked one time for the encryption key (the one for sda5, to be mounted on /). sda6 (mounted /home) should be decrypted automatically as soon as / is mounted and key can be found, and swap should also be mounted with a generated key.
Don't forget to Donate. The xkpasswd site is free, but they have to pay for hosting. Devuan is also free, but they have a lot of overhead. Donating to them ensures they are able to continue development of a systemd free Linux.