Is there a way to do full disk encryption after the install?

Question

I have Ubuntu 11.10 installed with /home encrypted but really need the whole drive encrypted. I would really like to do that with out a re-install. Is there anyway to do that?

With Ubuntu 16.04 it is possible - https://askubuntu.com/a/1107295/723997 — Craig Hicks, Jan 05 '19 at 23:54

score 14 · Answer 1 · edited Apr 13 '17 at 12:37

14

LUKS in-place encryption exists. But you need to set up your environment a little as per the pictures:

(Also see this question)

edited Apr 13 '17 at 12:37

Community

1

answered Sep 18 '15 at 10:35

Frederick Nord

549
5
9

Thanks for the answer. It seems the Lukispc author recommends cryptsetup-reencrypt but that requires UEFI; https://github.com/johndoe31415/luksipc – gimmegimme Oct 14 '22 at 02:41

score 6 · Answer 2 · answered Jan 19 '12 at 17:02

6

No. Part of full disk encryption, Truecrypt or otherwise, is writing random data to the hard drive.

Best you could do (without a re-install) would be to migrate your home to encryption or make a encrypted data partition. You could use Truecrypt or LUKS (I personally use LUKS).

answered Jan 19 '12 at 17:02

Panther

102,067

10

"writing random data to the hard drive" - this is totally optional and not the root cause for marking this not possible. One could change the initramfs configuration, crypttab, fstab, make a separate /boot partition, copy everything over to a new encrypted volume. It's hard, though. I would re-install everything copy data back as well. – gertvdijk Dec 18 '12 at 12:16
1

This answer is not correct. You would indeed want to write-over existing data with encrypted (or random) data, but that doesn't mean it's impossible to encrypt a drive in-place. Plenty of operating systems do it and LUKS supports in-place encryption. – Ken Kinder Mar 25 '20 at 15:10

Is there a way to do full disk encryption after the install?

2 Answers2

Linked

Related