Scheduled Maintenance: We are aware of an issue with Google, AOL, and Yahoo services as email providers which are blocking new registrations. We are trying to fix the issue and we have several internal and external support tickets in process to resolve the issue. Please see: viewtopic.php?t=158230

 

 

 

Encrypting an existing Debian installation?

If none of the specific sub-forums seem right for your thread, ask here.
Post Reply
Message
Author
pastic
Posts: 6
Joined: 2019-08-13 08:38

Encrypting an existing Debian installation?

#1 Post by pastic »

I've been googling how to encrypt an existing Debian installation without having to reinstall.
I see mentions of the reencrypt package but when I skim the man page it is not obvious to me that it is the right tool. Some people mention rsyncing the entire filesystem to a temporary location, encrypting the partition without keeping data, and then rsyncing everything back. That would certainly work for a home or data partition but would it work for a system partition as well. Would grub be able to play with such an encrypted partition?

I have my home in my system partition. Would it be a better solution to create en encypted second partition and move my home partition there? I saw an odd comment on stackexchange that with such a setup it could be difficult to get the home partition recognized by the system. But ity was just a comment, no explanation why and no-one questioned it either.
Debian 11 Cinnamon

User avatar
Hallvor
Global Moderator
Global Moderator
Posts: 2029
Joined: 2009-04-16 18:35
Location: Kristiansand, Norway
Has thanked: 139 times
Been thanked: 206 times

Re: Encrypting an existing Debian installation?

#2 Post by Hallvor »

Frankly, I'd back up my important files and reinstall. It's likely much faster and with less risk of things going wrong.
[HowTo] Install and configure Debian bookworm
Debian 12 | KDE Plasma | ThinkPad T440s | 4 × Intel® Core™ i7-4600U CPU @ 2.10GHz | 12 GiB RAM | Mesa Intel® HD Graphics 4400 | 1 TB SSD

pastic
Posts: 6
Joined: 2019-08-13 08:38

Re: Encrypting an existing Debian installation?

#3 Post by pastic »

Hallvor wrote: 2022-10-06 13:11 Frankly, I'd back up my important files and reinstall. It's likely much faster and with less risk of things going wrong.
So I figured I would take your advice, but then ran into a new problem: When installing Debian, the encrypted option seems to only be available if I choose to encrypt the entire nvme disk, not just the debian partition ("Use entire disk and setup encrypted LVM").

Would that not interfere with the Windows installation?

(I only have one nvme slot in the laptop)
Debian 11 Cinnamon

User avatar
Hallvor
Global Moderator
Global Moderator
Posts: 2029
Joined: 2009-04-16 18:35
Location: Kristiansand, Norway
Has thanked: 139 times
Been thanked: 206 times

Re: Encrypting an existing Debian installation?

#4 Post by Hallvor »

Do not wipe the entire disk.

It is possible to use LUKS on just your Debian partition, but it requires a little more work:

https://ertugrulharman.com/en/2017/09/0 ... ncryption/
[HowTo] Install and configure Debian bookworm
Debian 12 | KDE Plasma | ThinkPad T440s | 4 × Intel® Core™ i7-4600U CPU @ 2.10GHz | 12 GiB RAM | Mesa Intel® HD Graphics 4400 | 1 TB SSD

Post Reply