On a CentOS 7 server, I would like to LUKS encrypt the entire hard drive, including a 50GB partition that has already received yum install and a few other updates, but nothing else. But this tutorial says that typing cryptsetup -y -v luksFormat /dev/xvdc will result in the message WARNING! This will overwrite data on /dev/xvdc irrevocably..
I do not want to wipe the hard drive. I just want to encrypt it. What syntax do I use to LUKS encrypt the entire hard drive?
The contents of the hard drive are summarized as follows:
[root@localhost ~]# df -T -h
Filesystem Type Size Used Avail Use% Mounted on
/dev/sda4 ext4 50G 1.1G 46G 3% /
devtmpfs devtmpfs 3.8G 0 3.8G 0% /dev
tmpfs tmpfs 3.8G 0 3.8G 0% /dev/shm
tmpfs tmpfs 3.8G 49M 3.7G 2% /run
tmpfs tmpfs 3.8G 0 3.8G 0% /sys/fs/cgroup
/dev/sda2 ext4 477M 106M 342M 24% /boot
/dev/sda1 vfat 200M 9.8M 191M 5% /boot/efi
/dev/sda3 ext4 1.8T 77M 1.7T 1% /home
Best Answer
You could make a full backup to another hard drive, then try this unofficial tool called LUKS in-place conversion.
But since you're already making a full backup to an external hard drive, you might as well go down the "official" route of copying the data out, creating a LUKS partition then copying it back. Tip: make sure you preserve permissions on both copy operations!
If you can't/won't make a backup before doing any in-place operations then you're braver than me and I hope you can afford to lose the data ;)