I have read on the arch wiki that you need to delete a partition before you setup luks encryption on it.
What I did is that before encrypting the partition, I ran mkfs.ext4 /dev/nvm0np3
cryptsetup luksFormat /dev/nvme0n1p3
cryptsetup luksOpen /dev/nvme0n1p3 cryptroot
Then I proceeded with installation, is that fine or do I need to delete the partition before encrypting it.
If yes, what’s the correct way of deleting partition?
Can I just delete the partition and create it again in the same place via cfdisk?
I know I can ask it on arch forums but I guess I could get insights here too so I asked it here.
You don’t need to delete a partition before encrypting it. In fact, deleting a partition and then recreating the same partition doesn’t actually change much in the disk.
I am not sure which advice you are referring to but are you sure it wasn’t in relation to secure erasing a disk before you encrypt it? You do that to ensure the existing data isn’t recoverable and that the encrypted data isn’t easily identifiable from the unused data on the drive.
This, also the title says that it’s for non root partitions but on arch wiki, its written that the steps applies the same for root partition too.
You can find on this page written:
First make sure the partition is empty (has no file system attached to it). Delete the partition and create an empty one if it has a file system
Since the article gives no reason for why they are recommending the deletion, I can’t comment on it.
I mean even if i delete it and create it at the same place, the luks header stays there and it’s evident by the fact that if u delete a partition in cfdisk and then proceed to run:
It will say it has an old header that u want to overwrite.
Are my steps okay? I just formatted it with ext4 first because it had a btrfs partition which was luks encrypted and i wanted to get rid of it.
Maybe just running :
cryptsetup luksFormat /dev/sdx
would have done it too but I did the extra step of formatting.
I just wanna know is that how you guys do it too and would it cause any problems by not deleting the partition with cfdisk etc
Yes, that is my point, deleting and creating a partition at the same location doesn’t do much. I don’t see any obvious reason to do it.
On the other hand, there is no reason to put an ext4 filesystem on the partition beforehand. That doesn’t add any value.
I mean yeah it doesn’t but would it cause any problems with the partitioning if I did?
Even though i formatted the partition with btrfs after encryption. As you can see from the commands I posted.
Can cryptesetup luksFormat be run on a partition having a filesystem already? e.g an ext4 filesystem etc