system encryption

porcupene · 2014-12-09 16:24:08

Hi everybody.

What method would you recommend for encrypting an existing archlinux installation out of those presented here: https://wiki.archlinux.org/index.php/En … le_methods

I'm not interested in truecrypt (already know how to do that) and I would like to encrypt the whole system not just the home folder.

Is there a guide I can follow somewhere or a forum thread, something to get me started?

Any help would be appreciated.

WorMzy · 2014-12-09 16:36:10

I would say no. If you want full disk-encryption, it should be a forethought, not an afterthought.

If you have the resources, you could set up LUKS and transfer your system partition onto it, but I don't think you can convert an existing system in-place.

clfarron4 · 2014-12-09 17:06:54

WorMzy wrote:

I would say no. If you want full disk-encryption, it should be a forethought, not an afterthought.
If you have the resources, you could set up LUKS and transfer your system partition onto it, but I don't think you can convert an existing system in-place.

I second this. It is also probably easier to re-install with FDE right from the beginning.

jasonwryan · 2014-12-09 17:23:01

Not a Sysadmin issue, moving to NC..

porcupene · 2014-12-09 20:02:06

WorMzy wrote:

If you have the resources, you could set up LUKS and transfer your system partition onto it, but I don't think you can convert an existing system in-place.

If by resources you mean another hard drive, yes I have that. I've been running arch for about 3 years (no reinstalls) so I have things set up kinda the way I like them.

So, what you mean is set up an empty encrypted partition and then move my root /home and whatever other partitions I have on it?

WorMzy · 2014-12-09 20:13:24

Pretty much. Set up the encrypted partitions as you want them, then transfer over the existing installation. Remember to leave /boot unencrypted, edit mkinitcpio.conf accordingly and update your initrd from chroot, fix the fstab, and anything else I've forgotten. Basically do what you would do on a new encrypted system, just without the pacstrapping.

I'm sure one of the backup pages on the wiki'd help with the initial transfer of the system -- you'd need to be careful to copy over permissions, ownership, and attributes as they are.

ANOKNUSA · 2014-12-09 20:27:11

WorMzy wrote:

I'm sure one of the backup pages on the wiki'd help with the initial transfer of the system -- you'd need to be careful to copy over permissions, ownership, and attributes as they are.

Use the rsync full-system method. It'll catch all files on the disk and retain the proper permissions.

porcupene · 2014-12-09 21:04:41

ANOKNUSA wrote:

Use the rsync full-system method. It'll catch all files on the disk and retain the proper permissions.

That seems doable. I will have to set aside a day to do this properly (also for doing a clean install if I can't manage it).

I'll come back if I need more help.
Thanks everybody.

Arch Linux

#1 2014-12-09 16:24:08

system encryption

#2 2014-12-09 16:36:10

Re: system encryption

#3 2014-12-09 17:06:54

Re: system encryption

#4 2014-12-09 17:23:01

Re: system encryption

#5 2014-12-09 20:02:06

Re: system encryption

#6 2014-12-09 20:13:24

Re: system encryption

#7 2014-12-09 20:27:11

Re: system encryption

#8 2014-12-09 21:04:41

Re: system encryption

Board footer