Full Disk Encryption in existing Linux system without erasing any content from the drives
First, you need to shrink your partition by 1028 KB (slightly more than 1 MB). I would recommend to shrink it by 4 MB. Unmount your partition before the operation.
For ext4:
sudo dumpe2fs /dev/sdd1|grep 'Block count'
substract 1024 from this value (assuming you have 4KB blocks), then do:
sudo resize2fs /dev/sdd1 new_value
Then encrypt it:
sudo cryptsetup-reencrypt -N --reduce-device-size 4M /dev/sdd1
Related videos on Youtube
Govind Karmakar
Updated on September 18, 2022Comments
-
Govind Karmakar almost 2 years
I am trying to achieve "Full Disk Encryption" in a already installed Linux system. I have come across with LUKS with dm-crypt, it can encrypt a drive/entire disk, but before encrypting it is formatting the drive first and all data is getting removed permanently.
As I need to do "Full Disk Encryption" for an existing & mature Linux machine(e.g Ubuntu, centOS), I cannot possibly afford the formatting of the drives/partitions. Is there any possible method by which I can do the "Full Disk Encryption" without loosing the existing contents in the system.
I am very new to these concepts so any proper guidance will be of great help. Thanks!!
-
user1330734 over 4 yearsThis should be marked as an answer! I verify these steps work for encrypting an existing ext4 file system (not root). Note that the ETA was only available after
cryptsetup-reencrypt
was executed, almost 8 hours in my case. Make sure you can leave your system undisturbed for a while on large partitions:Finished, time 468:50.978, 953864 MiB written, speed 33.9 MiB/s
See here for mounting instructions. -
Craig McQueen almost 3 years"assuming you have 4KB blocks" — don't assume that. Look at the value for "Block size" in the
dumpe2fs
output.