encrypting /home partition post-install
Ranjan Maitra
maitra.mbox.ignored at inbox.com
Mon Nov 30 22:24:13 UTC 2015
On Mon, 30 Nov 2015 21:59:35 +0100 Roberto Ragusa <mail at robertoragusa.it> wrote:
> On 11/30/2015 08:44 PM, Gordon Messmer wrote:
> > On 11/30/2015 03:44 AM, Roberto Ragusa wrote:
> >> This thread is about someone wanting to encrypt an existing
> >> system: LVM makes it possible to do this, without a reboot,
> >> without unmounting.
> >
> > As far as I'm aware, no it doesn't.
>
> It does.
>
> Suppose you have your LVs (/, /home, /var,
> whatever partitioning scheme you have) on a single
> VG on a single PV (e.g. /dev/sda2).
>
> You can encrypt the system without even rebooting.
>
> Connect an external temporary USB disk (dev/sdb).
> Create a PV there (big enough for all your partitions).
> Add the PV to your VG.
> Move all the LV to the external PV.
> Remove /dev/sda2 from the VG.
> Make /dev/sda2 not a PV anymore (pvremove).
> Turn /dev/sda2 into an encrypted block device (dmsetup).
> Make the encrypted device a PV.
> Add the PV to your VG.
> Move your volumes to this PV.
> Remove the external PV from the VG.
> Disconnect the external disk.
>
> All of this can be done while the system is running
> normally.
> Before rebooting, fix your /etc/crypttab and initramfs
> so you will be asked the passphrase at next boot.
Can you please give me a reference on how to fix /etc/cryptab or this initramfs up?
Thanks again!
Ranjan
____________________________________________________________
FREE ONLINE PHOTOSHARING - Share your photos online with your friends and family!
Visit http://www.inbox.com/photosharing to find out more!
More information about the users
mailing list