encrypting /home partition post-install
Roberto Ragusa
mail at robertoragusa.it
Mon Nov 30 20:59:35 UTC 2015
On 11/30/2015 08:44 PM, Gordon Messmer wrote:
> On 11/30/2015 03:44 AM, Roberto Ragusa wrote:
>> This thread is about someone wanting to encrypt an existing
>> system: LVM makes it possible to do this, without a reboot,
>> without unmounting.
>
> As far as I'm aware, no it doesn't.
It does.
Suppose you have your LVs (/, /home, /var,
whatever partitioning scheme you have) on a single
VG on a single PV (e.g. /dev/sda2).
You can encrypt the system without even rebooting.
Connect an external temporary USB disk (dev/sdb).
Create a PV there (big enough for all your partitions).
Add the PV to your VG.
Move all the LV to the external PV.
Remove /dev/sda2 from the VG.
Make /dev/sda2 not a PV anymore (pvremove).
Turn /dev/sda2 into an encrypted block device (dmsetup).
Make the encrypted device a PV.
Add the PV to your VG.
Move your volumes to this PV.
Remove the external PV from the VG.
Disconnect the external disk.
All of this can be done while the system is running
normally.
Before rebooting, fix your /etc/crypttab and initramfs
so you will be asked the passphrase at next boot.
--
Roberto Ragusa mail at robertoragusa.it
More information about the users
mailing list