I work at a company that takes security very seriously (like most). Our IT guy came in today to prepare us mentally to re-install our systems after he'll apply the new encryption policy (which will basically scrape our HD clean).
For our team this means about a week of re-configuring, installing, and tweaking our desktops until we are back to work capacity – anyone who has to re-install a development machine probably knows what I'm talking about. So, I guess my question is if there's any way to perform full disk encryption on a linux (ubuntu >= 9.04) system without having to re-install EVERYTHING [sigh]. IT guy said there isn't any – please prove him wrong. thanks 🙂
Best Answer
the only way you could accomplish this is with lots of spare disk space, or two separate drives. with spare disk space, you could make a new partition large enough to hold what is currently used with some partitioning software, use
rsyncto copy all your data to the new partition, and then format/wipe/encrypt the old partition, and copy everything back.if policy allows you to back up all your data to another hard drive, you could wipe/format/encrypt your disk, and then basically copy everything back.
that is a kind of dirty way of doing it. the /better/ way to do it would be to back up your home directory, the contents of
/etc/and any other place you might have custom configurations and so on, dump a list of packages installed on your systemdpkg -l > packages.txtand install the packages on your newly encrypted system, copy over your home directory, and move the configuration files where they need to go.it's really not that time consuming to restore a linux system to a previous state, as long as you prepare.
copying everything from an old system, system files, packages you have installed, etc is not recommended, because there's bound to be breakages somewhere, in symlinks, hardlinks, and the
/dev,/sys/and/proc/filesystems, not to mention all the ancillary logs and issues that might occur there, from a running system.