You are not logged in.
Pages: 1
Hi everybody.
What method would you recommend for encrypting an existing archlinux installation out of those presented here: https://wiki.archlinux.org/index.php/En … le_methods
I'm not interested in truecrypt (already know how to do that) and I would like to encrypt the whole system not just the home folder.
Is there a guide I can follow somewhere or a forum thread, something to get me started?
Any help would be appreciated.
Offline
I would say no. If you want full disk-encryption, it should be a forethought, not an afterthought.
If you have the resources, you could set up LUKS and transfer your system partition onto it, but I don't think you can convert an existing system in-place.
Sakura:-
Mobo: MSI MAG X570S TORPEDO MAX // Processor: AMD Ryzen 9 5950X @4.9GHz // GFX: AMD Radeon RX 5700 XT // RAM: 32GB (4x 8GB) Corsair DDR4 (@ 3000MHz) // Storage: 1x 3TB HDD, 6x 1TB SSD, 2x 120GB SSD, 1x 275GB M2 SSD
Making lemonade from lemons since 2015.
Offline
I would say no. If you want full disk-encryption, it should be a forethought, not an afterthought.
If you have the resources, you could set up LUKS and transfer your system partition onto it, but I don't think you can convert an existing system in-place.
I second this. It is also probably easier to re-install with FDE right from the beginning.
Claire is fine.
Problems? I have dysgraphia, so clear and concise please.
My public GPG key for package signing
My x86_64 package repository
Offline
Not a Sysadmin issue, moving to NC..
Offline
If you have the resources, you could set up LUKS and transfer your system partition onto it, but I don't think you can convert an existing system in-place.
If by resources you mean another hard drive, yes I have that. I've been running arch for about 3 years (no reinstalls) so I have things set up kinda the way I like them.
So, what you mean is set up an empty encrypted partition and then move my root /home and whatever other partitions I have on it?
Offline
Pretty much. Set up the encrypted partitions as you want them, then transfer over the existing installation. Remember to leave /boot unencrypted, edit mkinitcpio.conf accordingly and update your initrd from chroot, fix the fstab, and anything else I've forgotten. Basically do what you would do on a new encrypted system, just without the pacstrapping.
I'm sure one of the backup pages on the wiki'd help with the initial transfer of the system -- you'd need to be careful to copy over permissions, ownership, and attributes as they are.
Sakura:-
Mobo: MSI MAG X570S TORPEDO MAX // Processor: AMD Ryzen 9 5950X @4.9GHz // GFX: AMD Radeon RX 5700 XT // RAM: 32GB (4x 8GB) Corsair DDR4 (@ 3000MHz) // Storage: 1x 3TB HDD, 6x 1TB SSD, 2x 120GB SSD, 1x 275GB M2 SSD
Making lemonade from lemons since 2015.
Offline
I'm sure one of the backup pages on the wiki'd help with the initial transfer of the system -- you'd need to be careful to copy over permissions, ownership, and attributes as they are.
Use the rsync full-system method. It'll catch all files on the disk and retain the proper permissions.
Offline
Use the rsync full-system method. It'll catch all files on the disk and retain the proper permissions.
That seems doable. I will have to set aside a day to do this properly (also for doing a clean install if I can't manage it).
I'll come back if I need more help.
Thanks everybody.
Offline
Pages: 1