Encrypt existing /home and /root partitions

Hello EOS forums,
After getting confused during the installation. I did not encrypt the system and now I want to do that properly.
I am dual booting with windows 10 and this is my partitions layout :


sdb              8:16   0 238.5G  0 disk 
├─sdb1           8:17   0   100M  0 part /boot/efi     << EFI obviously 
├─sdb2           8:18   0    16M  0 part                    << 
├─sdb3           8:19   0 117.7G  0 part                  << Windows C: Veracrypted
├─sdb4           8:20   0   508M  0 part                  << System reserved by windows 
├─sdb5           8:21   0  48.8G  0 part /                << EOS /root 
├─sdb6           8:22   0     4G  0 part [SWAP]      << Swap partition 
└─sdb7           8:23   0  67.3G  0 part /home       << EOS /home


Hi and welcome!

Did you just install EOS? Of course there is a manual way to encrypt the installed system and I’m sure someone can explain how to do it. But if you just installed then a reinstall with encryption would be the easiest way to achive your goal.

1 Like

Another vote for a re-install. After all, if you choose an ONline install (and manual partitioning) it should be done with in less than 10 minutes (takes 3 on my setup for a plain install), and less brain strain too!

1 Like

It is starting to seem that this is the best way to do it.
So during the re-installation how do I encrypt separate home and root with manual partitioning? so I don’t get confused again.

Before someone gives you a walk-through (or equivalent) it might be a good idea to describe what purposes you have in mind for the setup you showed? For instance, I personally would keep / and /home together, and have a separate data directory to keep that all on its own…nad mount it in /etc/fstab. When you link the subdirs (like Music and Pictures and Vide etc), it works just like 1 seamless drive, but with all the advantages of separate data partition when it comes to backups and so on…

So - what purposes did you have in mind? :grin:

1 Like

Yeah, the purpose is important. For instance why only partial encryption?

  1. Full disk encryption:
  • Pros: you have no risk of leaking some sensitive data in a non encrypted partition
  • Cons: if things go wrong, the full disk become unreadable and you will have to try to recover/reinstall from a removable bootable media: do not forget to build and securely store it
  1. Encrypted partition(s):
  • Pros: if things go wrong, the unencrypted partitions will be easier to recover
  • Cons: if you only encrypt a data partition, sensitive data can end in temporary files or swap file in a non encrypted partition
1 Like

I am not that expert in Linux but it is recommended to keep configs for programs and themes and fonts for easy reinstall or even installing another distro.
I already have a separate disk for data and backup and large files.

When you create each partition in manual partitioning there is a checkbox to encrypt on the screen.

1 Like

So I can use the same password for both and then get a prompt at boot time. It is confusing even after reading manuals and wikis.

This topic was automatically closed 2 days after the last reply. New replies are no longer allowed.