On 11/30/2015 08:44 PM, Gordon Messmer wrote: > On 11/30/2015 03:44 AM, Roberto Ragusa wrote: >> This thread is about someone wanting to encrypt an existing >> system: LVM makes it possible to do this, without a reboot, >> without unmounting. > > As far as I'm aware, no it doesn't.
It does. Suppose you have your LVs (/, /home, /var, whatever partitioning scheme you have) on a single VG on a single PV (e.g. /dev/sda2). You can encrypt the system without even rebooting. Connect an external temporary USB disk (dev/sdb). Create a PV there (big enough for all your partitions). Add the PV to your VG. Move all the LV to the external PV. Remove /dev/sda2 from the VG. Make /dev/sda2 not a PV anymore (pvremove). Turn /dev/sda2 into an encrypted block device (dmsetup). Make the encrypted device a PV. Add the PV to your VG. Move your volumes to this PV. Remove the external PV from the VG. Disconnect the external disk. All of this can be done while the system is running normally. Before rebooting, fix your /etc/crypttab and initramfs so you will be asked the passphrase at next boot. -- Roberto Ragusa mail at robertoragusa.it -- users mailing list users@lists.fedoraproject.org To unsubscribe or change subscription options: https://admin.fedoraproject.org/mailman/listinfo/users Fedora Code of Conduct: http://fedoraproject.org/code-of-conduct Guidelines: http://fedoraproject.org/wiki/Mailing_list_guidelines Have a question? Ask away: http://ask.fedoraproject.org
