fs encryption after install
Bruno Wolff III
bruno at wolff.to
Tue Feb 25 16:32:26 UTC 2014
On Tue, Feb 25, 2014 at 15:50:55 +0100,
"Pal, Laszlo" <vlad at vlad.hu> wrote:
>Hi All,
>
>For the last few days I'm trying to find a way to encrypt at least my
>home directory (preferably everything except boot) without re-install
>Fedora. Unfortunately google does not help in this case... Someone
>suggested to use encrypt-fs but I'm not sure this is the best way to
>achieve this
>
>Do you have any quick and preferably painless idea?
Is /home on a separate partition? If so, you can use dmcrypt/luks to encrypt
a file system on that partition. But I don't think there is an easy
way to do this after an install. You'll need to run some low level commands
to set up the encrypted file system and you'll need to edit some config
files. I've done this, but I don't remember the exact steps to do it and
usually need to do a bit of futzing around to get it working. You also
need to have room to move /home's contents somewhere while you are making
the change.
A backup, reinstall and restore would likely be easier. You can encrypt /
at the same time if you go that route. (/boot can't be encrypted currenty,
though it looks like grub2 is has luks support now (at least upstream).)
More information about the users
mailing list