How can I encrypt an existing root file system without wiping it?

ezequiel.ezb · 2023-03-26 00:34:45

I have two btrfs partitions, /boot and /root, no LUKS volume is present

I've seen info in the internet mentioning it's possible to do this using the cryptsetup with the reencrypt option.

My results;

root@ezequiel-pc /home/ezequiel # cryptsetup reencrypt --encrypt --cipher aes-xts-plain64 --hash sha256 --iter-time 2000 --key-size 512 --use-urandom --pbkdf argon2id --reduce-device-size 32M /dev/sdc7

WARNING!
========
This will overwrite data on LUKS2-temp-5ab4b299-b95d-47c6-9eec-95ecce95c222.new irrevocably.

Are you sure? (Type 'yes' in capital letters): YES
Enter passphrase for LUKS2-temp-5ab4b299-b95d-47c6-9eec-95ecce95c222.new: 
Verify passphrase: 
Failed to open /dev/sdc7 in exclusive mode (already mapped or mounted).
Failed to initialize LUKS2 reencryption in metadata.
cryptsetup reencrypt --encrypt --cipher aes-xts-plain64 --hash sha256  2000    11.65s user 0.87s system 76% cpu 16.370 total
1 root@ezequiel-pc /home/ezequiel #

Trilby · 2023-03-26 00:39:36

I have no experience with such tasks, but the error message is clear: you can run that operation on a mounted filesystem. This error can be avoided by booting to a live medium and running it from there.

ezequiel.ezb · 2023-03-26 02:20:37

That is my root file system. I'm thinking here how I would mount it after encrypting it.

Any ideas?

Trilby · 2023-03-26 03:40:33

Any ideas about what? Is the error from the first post solved and are you on to something else?

Arch Linux

#1 2023-03-26 00:34:45

How can I encrypt an existing root file system without wiping it?

#2 2023-03-26 00:39:36

Re: How can I encrypt an existing root file system without wiping it?

#3 2023-03-26 02:20:37

Re: How can I encrypt an existing root file system without wiping it?

#4 2023-03-26 03:40:33

Re: How can I encrypt an existing root file system without wiping it?

Board footer