Post Install Disk Encryption

I somehow missed the disk encryption while installing my manjaro system and forgot it.
Is it possible to make the same full disk encryption, which I can do while partitioning my disks at (GUI) install?

2 Likes

Yes, but it’ll require the filesystems to not be mounted, so you have to do it from a live environment. If you’re also encrypting your root partition you’ll want to enable the corresponding hooks and grub options so that you actually can boot the system afterwards.

It’s very risky so make sure you have backups!

Here are the archlinux instructions, they assume you’re comfortable using the terminal:
https://wiki.archlinux.org/index.php/dm-crypt/Device_encryption#Encrypt_an_existing_unencrypted_filesystem

You’ll have to:

  • prepare grub and the initcpio
  • change size of the partition to make room for the LUKS header
  • run the reencrypt process
  • edit /etc/crypttab with the new device
  • edit /etc/fstab with the new mapper device

If you fail during step 2 or 3, you’ll likely permanently lose your data.

You can also customize the type of encryption and how you want to unlock your device during step 3. Be sure to read the wiki articles before though.

Again, this can wipe all your data if you do it wrong. Be very careful.

3 Likes

Ty. From this side, it seems to be less complicated to reinstall all the stuff an do it right. I‘d hoped for a solution like „disk vault“ on macOS, what means „press one button and you‘re fine“.

1 Like

Yeah less complicated and likely more time efficient as well to just reinstall. I did this myself for my homedir this weekend, and it took between 2-3 hours before all was said and done (also did some partition shuffling unrelated to the encryption).

Spending close to an hour just waiting for the encryption to take place isn’t very fun! Still, I like that the option is there, even if it is a bit messy.

1 Like

I’d take care to not do full disk encryption
but have /boot unencrypted
Else you’ll have to deal with the “grub is slow to decrypt and gives you only one try” issue
that I personally could not live with.

This topic was automatically closed 15 days after the last reply. New replies are no longer allowed.