fs encryption after install
Chris Murphy
lists at colorremedies.com
Tue Feb 25 19:00:00 UTC 2014
On Feb 25, 2014, at 7:50 AM, "Pal, Laszlo" <vlad at vlad.hu> wrote:
> Hi All,
>
> For the last few days I'm trying to find a way to encrypt at least my
> home directory (preferably everything except boot) without re-install
> Fedora. Unfortunately google does not help in this case... Someone
> suggested to use encrypt-fs but I'm not sure this is the best way to
> achieve this
>
> Do you have any quick and preferably painless idea?
http://www.johannes-bauer.com/linux/luksipc/?menuid=3
It's a few years old so it might be worth digging for a more current implementation. I'd make sure you have a backup in any case.
I don't know if there's any active work on this, but LVM thin provisioning's snapshots could provide a safer way to do this that's also live converting since they are fast COW snapshots. The primary method of encryption of an OS X installation is via conversion, there isn't even an install time option for it. The conversion is live while the fs is mounted, and it even permits rebooting during the conversion. It's also possible to convert back to plaintext the same way. So I think there's a use case for it, it's just that the convention has mainly been this is decided at install time on Linux. Another advantage of the conversion method is the best practice overwrite of the target partition with random data is obviated. So ultimately it ends up being faster if you want best practices. I don't know of a Linux installer that offers to write partitions with random data prior to dmcrypt configuration.
Chris Murphy
More information about the users
mailing list