retrofitting LUKS encryption on installed system

[J.Witvliet at mindef.nl]

-----Original Message-----
From: users-bounces at lists.fedoraproject.org [mailto:users-bounces at lists.fedoraproject.org] On Behalf Of Fred Smith
Sent: Friday, June 28, 2013 3:42 PM
To: users at lists.fedoraproject.org
Subject: retrofitting LUKS encryption on installed system

I've got a F19 installation that I'd like to turn into a fully encrypted
system with LUKS. 

There are many howtos on the web for encrypting a partition, but they
all show doing it to /home.
-----Original Message-----

No, just re-install.
One partition with /boot and another with an encrypted volume-group, holding /, swap and the rest.

But before embarking on that trip, do you really need full disk encryption?
I mean, the content of /usr is on any fedora-cd ;-) And when up-and-running, everything is unlocked.

The only valid reason I can think about, is that other people have physically access to your machine and could get root-access by booting from cd/dvd, and might alter your system.

It surely works, but at a performance price. And the certainty that you have to enter the LUKS-key each time you boot.

______________________________________________________________________
Dit bericht kan informatie bevatten die niet voor u is bestemd. Indien u niet de geadresseerde bent of dit bericht abusievelijk aan u is toegezonden, wordt u verzocht dat aan de afzender te melden en het bericht te verwijderen. De Staat aanvaardt geen aansprakelijkheid voor schade, van welke aard ook, die verband houdt met risico's verbonden aan het electronisch verzenden van berichten.

This message may contain information that is not intended for you. If you are not the addressee or if this message was sent to you by mistake, you are requested to inform the sender and delete the message. The State accepts no liability for damage of any kind resulting from the risks inherent in the electronic transmission of messages.