so apparently i missed the encrypted checkbox during install. i wanna encrypt my linux w/out reinstalling but i only find info to do it on the install. help a lv1 noob plz.
Short answer: theoretically yes. But considering your “lv1 noob” statement, probably not recommended. It involves a lot of command-line steps and you’d need a backup of your data because a lot could go wrong.
Now, if you have or make a backup anyway, it would be much easier to securely wipe the device, do a luksFormat, optionally overwrite the encrypted device, create a new
filesystem and restore your backup on the now encrypted device. This still involves a lot of command-line work.
You see, there’s no safe way around backups! So, as a responsible user you certainly have these 
→ Conclusion: Just reinstall and check the encryption checkbox this time. Restore your backup afterwards. This should be the easiest and fastest way, IMO.
1 Like
Doing a full LUKS encryption after install is only possible with a full backup/restore cycle on a newly formated LUKS drive.
As I said, theoretically it’s possible to encrypt an existing unencrypted partition. See
cryptsetup-reencrypt - reencrypt LUKS encrypted volumes in-place
Last time I experimented with this, I noticed it being very slow and I messed something up in the end. 
So, I’d also go with
Either you or me have a misunderstanding here.
The man page you are referring to is for reencryption. The starting point for a reencryption is a LUKS partition and the end result is also a LUKS partition but with changed encryption parameters.
Reencryption is not about making a LUKS partition on the fly from an existing unencrypted ext4 or xfs partition.
Please correct me if I am wrong.
There is a specific section under the main arch wiki page for dm-crypt for encrypting an otherwise-unencrypted partition, but as previously mentioned it is a reasonably advanced process that’s not for the faint of heart 
1 Like
bump
i obeyed and just reinstalled. my new question is how to not only encrypt and external storage disk but if mounting automatically would still work. and if yes how to auto-decrypt since its overkill if the system is already encrypted.
This new question may be best presented in a new topic @u8e23hc09.
It’s a little unclear what you’re wanting to do as well. An external drive being encrypted, isn’t made less valid because the system it connects to is encrypted. For example, a would be thief could very easily swipe an external drive, and if it’s not encrypted, they now have trivial access to its contents.
Or have I misunderstood your question?
oooh thats nice! so it’s not redundant! i wanted to know how to encrypt an external disk and make it auto encrypt at startup (we have a tutorial on mounting disks at start so i imagine i need a password line or smth)
I shared something of a how-to here:
I wouldn’t necessarily recommend auto-mounting removable drives on startup though, in case they are removed, causing startup issues.