I found that we can encrypt full disk with old version of Ubuntu. I want to do the same with Ubuntu 12.10 but I don't understand the scripts that run when starting with initramfs. So anyone is ever did it?
Asked
Active
Viewed 1.4k times
1
-
Yes, like in the link with ubuntu 8.10. – thanhtv Apr 23 '13 at 18:17
-
1Possible duplicate of Enable disk encryption after installation – amc Jul 12 '16 at 18:15
-
I did it with Ubuntu 16.04 and posted the details here - https://askubuntu.com/a/1107295/723997 – Craig Hicks Jan 05 '19 at 23:42
1 Answers
1
The process of encryption is destructive to your data as you "should" first write random data to the disk, which will over write your data.
IMO the best way to use LUKS (full encryption) is to back up your data re-install.
In terms of the initramfs, it is a set of commands that run in busybox (a minimal shell) to initialize your hardware, peform LVM or manage LUKS, and load the kernel. These days distros build an initramfs for you so you do not need to manually edit the initramfs at all.
If you want to look at the internals, see http://blog.bodhizazen.com/linux/initramfs/
If you want to look at how Ubuntu generates an initramfs, see https://wiki.ubuntu.com/Initramfs
If you have a specific question about a specific step ask a more detailed question.
There are several tools to encrypt data post install, everything from an encrytped home (ecryptfs) to gpg.
See https://help.ubuntu.com/community/EncryptedHome
and for post install see http://www.howtogeek.com/116032/how-to-encrypt-your-home-folder-after-installing-ubuntu/
and http://blog.dustinkirkland.com/2009/06/migrating-to-encrypted-home-directory.html
Panther
- 102,067
-
According to this guide above, there is a command:
/sbin/cryptsetup luksOpen /dev/sdax cryptoroot. But I don't see that my OS mount /dev/sdax. There was not cryptoroot folder in directory /dev/mapper. And It did not ask me enter passphase when starting up. – thanhtv Apr 24 '13 at 03:30 -
One thing: I cannot find
/etc/console-setup/boottime.kmap.gz, jus t have cached.kmap.gz. So are they the same? – thanhtv Apr 24 '13 at 03:33 -
You have to change "dev/sdax" to the partition you want to use, such as "/dev/sda1" or what not. Honestly you are doing this the hard way, the whole process is automated. See also http://archimedesden.wordpress.com/2012/09/01/luks-full-disk-encryption-with-ubuntu-12-04-using-the-ubiquity-installer/ – Panther Apr 24 '13 at 16:32
-
Of course I change it with my partition. The guide you post above describe encryption with ubuntu installer! – thanhtv Apr 25 '13 at 01:24