WhyDub wrote:So really if I want my disk to be encrypted, i have, in other words, to reinstall the operating system and its data (fresh install) after the encryption of the disk is done. That's right isn't it ?
Not exactly. The Debian installer cannot use an existing encrypted partition, it must be created during the installation process.
WhyDub wrote:Or, if I trunk my actual partition to be the size of the future encrypted partition and there I backup-image this partition, can I restore it on the new same sized but now encrypted partition without loosing the encryption ?
You must distinguish between a system partition (/ or /usr) and a data partition.
For a data partition, you do not have to reinstall the system. You can install cryptsetup-bin, encrypt the partition, restore the shrunk image on the encrypted volume and update /etc/crypttab and /etc/fstab.
For a system partition, this is not that simple.
- In its default configuration, GRUB cannot handle an encrypted /boot, so /boot must be in a separate unencrypted partition (and GRUB must be reinstalled if the /boot partition was not already used)
- cryptsetup must be installed
- crypttab, fstab and grub.cfg must be updated and the initramfs must be rebuilt in a chroot
So in most cases it is probably easier to reinstall the system with encryption.