LinuxQuestions.org - Need to encrypt entire hard drive

- Slackware (https://www.linuxquestions.org/questions/slackware-14/)

- - Need to encrypt entire hard drive (https://www.linuxquestions.org/questions/slackware-14/need-to-encrypt-entire-hard-drive-780593/)

Need to encrypt entire hard drive

Work as decided that all laptops must be encrypted. Most laptop have Windows installed and I would venture to say that I'm the only linux user in the company. Work has a solution for Windows but if I want to continue to run Slackware I need to find an encryption solution.

So, I looking to find out what my options are for encryption and I want to make sure that I know all the options. I have read the encryption information in README_CRYPT.TXT, but I already have Slackware installed. Is there any easy way to encrypt the entire drive with Slackware already installed? Can I backup or create an image my entire hard drive and then encrypt and reload the backup image after encryption?

If you've got some unallocated space on your disk that you can create an encrypted partition on alongside your existing one you could potentially copy things over, but it's going to be a lot of messing. IMO, you're better off just backing up your user data (/home etc.) and then doing a fresh install following the advice in the README_CRYPT.TXT file.

I don't believe there are any easy options.

I think this would work with a little creativity (did not actually try this):

Attach a second disk to your laptop, boot the Slackware DVD or CD,

Copy the complete content of the original disk to the external disk (use "cp -a"... or "tar" if you know how... just make sure the same filesystem is used for the external disk),

Repartition the internal disk, creating a small partition to be used for an unencrypted /boot

Create a filesystem (ext2 is best) on the small partition you'll be using for /boot

Encrypt your new root partition using cryptsetup (read the README_CRYPT.TXT),

Unlock the encrypted volume, and mount it under /mnt

Create directory /mnt/boot

Mount the small boot partition under /mnt/boot

Copy your data back to the intermal disk

Update /mnt/etc/fstab so that the device used for '/' is the actual mapped device name for the encrypted partition (usually /dev/mapper/something)

Create an initrd: first chroot into your Slackware installation

Code:

mount --bind /proc /mnt/proc

mount --bind /sys /mnt/sys

mount --bind /dev /mnt/dev

chroot /mnt

Once you've chrooted into the Slackware filesystem, run

Code:

/usr/share/mkinitrd/mkinitrd_command_generator.sh

which will show you what command you'll have to run to create your initrd (you may want to add additional kernel modules if you have a USB keyboard, see CHANGES_AND_HINTS.TXT on the Slackware DVD) as well as the lines you have to add to /etc/lilo.conf

After you have created the initrd and modified /etc/lilo.conf you will have to run "lilo" while still inside the chroot

Lilo will show some warnings, ignore them. Errors would be bad.

Exit the chroot (type "exit") and then reboot (Ctrl-Alt-Delete)

Your encrypted Slackware should boot now.

Eric

Thanks for the feedback. I think I will backup my data and do a fresh install, but before I do I may try your suggestion, Alien Bob.