Encrypting FileSystem on the fly
by starbearer from LinuxQuestions.org on (#59JQQ)
I am relatively new to the quirks of filesystem encryption on Linux.
Earlier a file system used to be encrypted using Bitlocker on WIndows for our systems, but we are migrating to Linux now, and some requirements are different.
Ordinarily the recommendation is to use dm-crypt, with LUKS to provilde a salt. However, couple of things -
1. The decision to encrypt a file system will only be known when data may already be on the disk...
2. The booting of system needs to be silent, without any manual input of credential.
As I understand, using dm-crypt on the fly, to encrypt an existing FS will cause data deletion, perhaps there is a way to prevent it, but I am not aware of it.
Another issue is that system is set to boot automatically, with LUKS, it'll expect, I assume, the key or password either manually, or in the form of a USB inserted, or in a TPM module, which is not there on the system.
Could someone advise how I can go about encrypting an existing file system on the fly without data deletion, and somehow deal with a silent reboot...?
The system is expected to run CentOs.
Earlier a file system used to be encrypted using Bitlocker on WIndows for our systems, but we are migrating to Linux now, and some requirements are different.
Ordinarily the recommendation is to use dm-crypt, with LUKS to provilde a salt. However, couple of things -
1. The decision to encrypt a file system will only be known when data may already be on the disk...
2. The booting of system needs to be silent, without any manual input of credential.
As I understand, using dm-crypt on the fly, to encrypt an existing FS will cause data deletion, perhaps there is a way to prevent it, but I am not aware of it.
Another issue is that system is set to boot automatically, with LUKS, it'll expect, I assume, the key or password either manually, or in the form of a USB inserted, or in a TPM module, which is not there on the system.
Could someone advise how I can go about encrypting an existing file system on the fly without data deletion, and somehow deal with a silent reboot...?
The system is expected to run CentOs.