dm-crypt on whole disk – cryptsetup /dev/sda?

Posted on

Problem :

My question is simple. Can I create a encrypt my whole disk with cryptsetup /dev/sda? Or do I need to create the volume on seperate partition?

I meant a situation, in which I have rootfs on this fully-encrypted disk and kernel + bootloader on seperate removable device. So according to ultrasawblade’s answer I can do that, can’t I?

Solution :

You aren’t required to put it on a partition.

It may make tools expecting a partition table act funny, like palimpsest (Disk Utility). You’ll need to remember that you don’t have a partition table on this disk. You’ll also probably need to use the terminal to mount and unmount this.

Please note that you cannot “encrypt in place” using cryptsetup. If you want to encrypt your current /sda and your root partition is mounted on it, the easiest thing to do will be to backup all your data, note which programs you have installed, and reinstall/restore, selecting encryption options. Debian or the Ubuntu text installer provides these options. Your /boot partition containing the actual kernel cannot be encrypted unless your boot loader supports encryption (I don’t think GRUB does still).

Leave a Reply

Your email address will not be published. Required fields are marked *