Disk/Partition encryption

[Bruno Wolff III]

On Fri, Sep 18, 2009 at 13:03:50 -0400,
  "Weiner, Michael" <weinerm at ccf.org> wrote:
> List readers –
> 
> Some time ago, approximately April 2009, I encrypted a Fedora 10 system which I later upgraded to Fedora 11, with no problem. My problem is that I didn’t document how I did it at the time, as I was just playing with disk encryption on a sandbox machine and never thought I would need to do it in production. Recently my place of employment, thanks in part to new HIPAA regulations due to data theft, is requiring ALL laptops to be encrypted – one problem, I don’t remember how I did it without loosing any data. The only thing I can remember is that it was a pretty simple task that I performed without moving data from one partition to another, or re-installing the OS. Googling such a process, has led me to read many pages and documentation out there, but to no avail. I can NOT find anywhere anything documenting encrypting a live filesytem without data loss. Has anyone here done this? I could have sworn that the original work I did was based on an email or discussion on this l
>  ist, but I cant find anything. Yes yes yes I know – ALWAYS put it in the wiki ☺
> 
> I have looked at a number of solutions like truecrypt etc, but nothing seems like it will work without eating data. Though I have heard that cryptsetup will do this.
> 
> Any advice or assistance would be GREATLY appreciated.

If you are going to be doing a fresh install it's pretty easy. Do a custom file system
layout when running anaconda and check the encryption box for the partitions you
want encrypted. You can encrypt all partitions except the one /boot is on
(usually its own partition).

It all works pretty neat.