Help about : using ecryptfs to ecrypt user home directory

I have installed ecryptfs-utils and recompile kerenl with ecryptfs support

after I create -new user and using ecryptfs-migrate-home -u user
I reboot and press ctrl alt f1 to enter consle mode
I login with user and check it works well,
then I enter gui mode after login all file can’t be written or read.

I check dmesg and found this:

anyone can help or give me some advice? thanks very much, I have spend 3 days to fingure out this question!!!

[ 449.838155] tegra-se-nvhost 15820000.se: no free key slot
[ 449.838156] crypt_scatterlist: Error setting key; rc = [-12]
[ 449.838158] crypt_extent: Error attempting to crypt page with page_index = [0], extent_offset = [0]; rc = [-22]
[ 449.838159] ecryptfs_encrypt_page: Error encrypting extent; rc = [-22]
[ 449.838160] ecryptfs_write_end: Error encrypting page (upper index [0x0000000000000000])

how do you enter the GUI mode?

I mean desktop environment, ubuntu desktop

do you use reboot or startx or init5 to enter the GUI mode after the cntrl+alt+f1?

I think you may face mismatch in usernames or mismatch in group permissions.
Reference:
https://unix.stackexchange.com/questions/60133/setup-filename-encryption-for-encrypted-home-folder-in-ecryptfs/60139
https://askubuntu.com/questions/56344/how-to-move-home-to-an-encrypted-partition
http://manpages.ubuntu.com/manpages/xenial/man8/ecryptfs-migrate-home.8.html
https://stackexchange.com/search?q=ecryptfs

Try adding the user to the group “video”, e.g.:

sudo usermod the_new_user_name -a -G video

source

 WARNING: Make a complete backup  copy  of  the  non-encrypted  data  to
   another  system or external media. This script is dangerous and in case
   of an error, could result in data lost,  or  USER  locked  out  of  the
   system!

   This program must be executed by root.

   This  program  will  attempt  to  migrate a user's home directory to an
   encrypted home directory.

   This program requires free disk space 2.5x the current size of the home
   directory  to  be  migrated.   Once successful, you can recover most of
   this space by deleting the cleartext directory.

   The USER must be logged out of all sessions in  order  to  perform  the
   migration, and have no open files according to lsof(1).

 [b]  Once  the  migration  has  completed,  the USER must login immediately,
   BEFORE THE NEXT REBOOT in order to complete the migration.

[/b]
After logging in, if USER can read and write files in their home
directory successfully, then the migration has completed successfully
and can remove the cleartext backup in /home/.

   After a successful migration, the USER really must run ecryptfs-unwrap-
   passphrase(1)  or  zescrow(1) and record their randomly generated mount
   passphrase.

   If swap is not already encrypted, it is highly  recommended  that  your
   administrator setup encrypted swap using ecryptfs-setup-swap(1).

http://manpages.ubuntu.com/manpages/xenial/man8/ecryptfs-migrate-home.8.html

thanks Andrey

I have add user to many groups before I use ecryptfs-migrate-home -u user
I doesn’t work so far.

I am wondering why it works on console but failed on X mode,
I don’t know if it because gnome-keying or something else keying problem
and from log error it call tegra-se-nvhost, the drive in the kernel.

thanks for your reply again!

according to my test:
every time after I create 29 files in ecrypt directory it will fail to create new file and error log as above