LUKS Encrypting Linux Filesystems

https://www.howtogeek.com/116742/how-to-create-a-separate-home-partition-after-installing-ubuntu/

9LNv6vfkkefdfbjnunlvgbccndeiubfl

sudo dd bs=4M if=/run/media/kapper/Seagate\ Portable\ Drive/Distros/kali-linux-2019.2-amd64.iso of=/dev/sdi conv=fdatasync status=progress

Create a mount point

mkdir /mnt/hdd

New entry in /etc/fstab

/dev/mapper/hddencrypted /mnt/hdd ext4 defaults 0 2

Validate fstab without reboot:

sudo mount -a

https://askubuntu.com/questions/450895/mount-luks-encrypted-hard-drive-at-boot

A key file in the /boot directory can be read by any other operation system booted on your machine that is able to mount the filesystem on that /boot is located. Thus, encryption is not really effective. This argument applies to all key file locations on unencrypted file systems.

To avoid key files on unencrypted file systems a password can be used for decryption. Create a strong password for the device. Then, change the line in /etc/crypttab to

hddencrypted UUID=b3024cc1-93d1-439f-80ce-1b1ceeafda1e none luks

and keep the entry in /etc/fstab unmodified. Ubuntu 14.04/16.04/18.04 asks you for the password on startup.