Encrypt existing partition

General system Newbie
1

When I was installing endeavouros, I forgot to encrypt my partitions. At that time I didn’t care because I didn’t know how dangerous not encrypting my disk can be.

So how do I encrypt my endeavouros partition after already installing it? I prefer not to reinstall again.

My current filesystem is ext4. I also have boot/efi and swap partitions.

2

You can manually encrypt an existing partition using cryptsetup reencrypt but it is non-trivial.

No matter what you will want a backup because encrypting an existing partition is fairly risky.

If it was me, I would:

  • Update your system
  • Take a backup
  • Re-install
  • Restore your backup into the encrypted partition.
4 Likes
3

Can you elaborate more on why is it non-trivial?

I also would like to know how to perform a backup too

1 Like
4

Not in detail because I have never done it. However, here is an article about how to do it on Ubuntu which should give you a rough idea of what is involved. To be clear, I don’t recommend following an Ubuntu tutorial, it was just the first one I came across.

2 Likes
5

…I think I’d prefer the other way that you also stated. I searched quite a bit about my issue and most people seem to recommend more on backing up and reinstalling iirc.

Anyways is it necessary to encrypt my boot/efi and swap partitions? And also making my filesystem btrfs?

6

You cannot encrypt your efi partition.

You can either encrypt your swap partition or switch to a swap file inside the encrypted partition.

It is certainly not required to make your filesystem btrfs but you can if you would prefer btrfs.

btrfs has a ton of great features like snapshots, transparent compression, raid and subvolume support. The cost for those features is complexity, slightly reduced performance and lower reliability. The tradeoffs make it matter of personal preference and priorities rather than a universal decision.

3 Likes
8

Oh okay. So how do I perform a backup?

9

https://wiki.archlinux.org/index.php/Synchronization_and_backup_programs

1 Like
10

I’m not being nasty (and I hope the forum moderators don’t strike me), but it fills me with concern that you would want to encrypt your boot volume and you aren’t aware of how to perform a backup.
Just saying…sounds like a disaster on the horizon. Also know that only by doing things, will you really learn your system.

1 Like
11

Sorry. I’m not really tech savvy and things like backup and other important computer stuff used to went over my head. This year I’m learning how to be more aware about computer things :slight_smile:.

1 Like
12

There is no one answer to this question. There are literally hundreds of different approaches to backing up your data. They all have pros and cons and depend on what you are trying to accomplish.

In this case, you are just looking to make a one-time copy of your system so you can restore it after you re-install. Here are a few options for that specific use case:

  1. Save only home directory and re-install your packages. If this is an approach you would like to take, I can provide more specific instructions. Generally speaking, this involves:
    • Running a command to list your explicitly installed packages and saving the results
    • Saving a copy of your home directory
    • Reversing the process after you re-install
  2. Use rsync to make a copy of your entire drive onto an external drive. This process is described in detail here. Then you restore it using the process described here.
  3. Use a tool like timeshift/backintime/etc. I haven’t used those tools with this specific purpose in mind but generally speaking, that is what they are for. Just make sure your backup doesn’t exclude any important directories as many of those tools exclude things by default.
2 Likes