Encrypt disk after installation
34 views
Skip to first unread message
ukernel
Feb 13, 2020, 1:30:25 AM2/13/20
to qubes-users
For some reason despite the fact that during installation I selected the encryption checkbox and set a password but the partition where I installed Qubes OS was not encrypted. I found a command to encrypt on the same page of Qubes OS however it says that it overwrite all the information. I need to know how to encrypt my disk without reinstalling everything.
Could you help me please?
cryptsetup -v --hash sha512 --cipher aes-xts-plain64 --key-size 512 --use-random --iter-time 10000 --verify-passphrase luksFormat /dev/sda2
https://www.qubes-os.org/doc/custom-install/
Sent from ProtonMail mobile
Could you help me please?
cryptsetup -v --hash sha512 --cipher aes-xts-plain64 --key-size 512 --use-random --iter-time 10000 --verify-passphrase luksFormat /dev/sda2
https://www.qubes-os.org/doc/custom-install/
Sent from ProtonMail mobile
Chris Laprise
Feb 13, 2020, 1:40:03 PM2/13/20
to ukernel, qubes-users
before installation.
Overall, the best approach is probably to backup your data and
re-install Qubes. If you think the installer isn't encrypting your
custom configuration due to a bug, then you can follow the
custom-install example you linked to just before install (I'm pretty
sure that doc exists bc other users encountered the same problem you did).
In-place conversion to LUKS encryption is rare and not supported by LUKS
itself, however a tool called 'luksipc' exists to do this. However I
don't think it works with LVM which is what Qubes uses for storage.
Another method requires allocating an unused partition, setting it up
with cryptsetup and LVM, then copying from old volumes to new and
adjusting the boot parameters to use the new setup. The following is
*loosely* how it might be done, although it does not setup a thin pool
for LVM so you would need to combine it with instructions from step 5 of
the Qubes custom-install doc...
https://askubuntu.com/questions/366749/enable-disk-encryption-after-installation/1107295#1107295
Its rather complicated so I suggest re-installing instead.
--
Chris Laprise, tas...@posteo.net
https://github.com/tasket
https://twitter.com/ttaskett
PGP: BEE2 20C5 356E 764A 73EB 4AB3 1DC4 D106 F07F 1886
ukernel
Feb 15, 2020, 9:22:55 PM2/15/20
to tas...@posteo.net, qubes...@googlegroups.com
Chris,
Thank you very much for your help. I think it is a great advantage to be able to backup VMs so easily. Wich allowed me to reinstall and leave my configuration very easily. I appreciate you taking your time to respond.
Best regards
Sent from ProtonMail mobile
-------- Original Message --------
Thank you very much for your help. I think it is a great advantage to be able to backup VMs so easily. Wich allowed me to reinstall and leave my configuration very easily. I appreciate you taking your time to respond.
Best regards
Sent from ProtonMail mobile
-------- Original Message --------
Ulrich Windl
Feb 19, 2020, 2:24:42 AM2/19/20
to qubes...@googlegroups.com, uke...@protonmail.com
>>> "'ukernel' via qubes-users" <qubes...@googlegroups.com> schrieb am
13.02.2020 um 07:30 in Nachricht
<5506_1581575424_5E44ECFF_5506_1266_1_7nB9eByckB2PElYJX91w8-ncjVmJ1Cqq1UiUVWlAZv
gCnJIt8ANf3IKkJAwPcXjn_3UxHkqJfJXuvLiKcbSHi-cWo4JqgOB7nyk_jNPDBI=@protonmail.com
:
> Qubes OS however it says that it overwrite all the information. I need to
> know how to encrypt my disk without reinstalling everything.
My proposal would be: Get a temporary disk or partition of the same (required) size. create an encrypted partition of the same size than the original (it can be tricky as the encryption header needs some space). dd the original partition to the opened encrypting partition (or disk). When done veryify it looks sane. Finally dd back from the temporary partition to the original partition.
Eventually you'll have to mess with the crypttab...
>
> Could you help me please?
>
> cryptsetup -v --hash sha512 --cipher aes-xts-plain64 --key-size 512
> --use-random --iter-time 10000 --verify-passphrase luksFormat /dev/sda2
>
> https://www.qubes-os.org/doc/custom-install/
>
> Sent from ProtonMail mobile
>
> --
> You received this message because you are subscribed to the Google Groups
> "qubes-users" group.
> To unsubscribe from this group and stop receiving emails from it, send an
> email to qubes-users...@googlegroups.com.
> To view this discussion on the web visit
> https://groups.google.com/d/msgid/qubes-users/7nB9eByckB2PElYJX91w8-ncjVmJ1Cq
> q1UiUVWlAZvhgCnJIt8ANf3IKkJAwPcXjn_3UxHkqJfJXuvLiKcbSHi-cWo4JqgOB7nyk_jNPDBI%
> 3D%40protonmail.com.
13.02.2020 um 07:30 in Nachricht
<5506_1581575424_5E44ECFF_5506_1266_1_7nB9eByckB2PElYJX91w8-ncjVmJ1Cqq1UiUVWlAZv
gCnJIt8ANf3IKkJAwPcXjn_3UxHkqJfJXuvLiKcbSHi-cWo4JqgOB7nyk_jNPDBI=@protonmail.com
:
> For some reason despite the fact that during installation I selected the
> encryption checkbox and set a password but the partition where I installed
> Qubes OS was not encrypted. I found a command to encrypt on the same page of
How did you find out? Did you follow the (good) instructions for custom setup?
> encryption checkbox and set a password but the partition where I installed
> Qubes OS was not encrypted. I found a command to encrypt on the same page of
> Qubes OS however it says that it overwrite all the information. I need to
> know how to encrypt my disk without reinstalling everything.
Eventually you'll have to mess with the crypttab...
>
> Could you help me please?
>
> cryptsetup -v --hash sha512 --cipher aes-xts-plain64 --key-size 512
> --use-random --iter-time 10000 --verify-passphrase luksFormat /dev/sda2
>
> https://www.qubes-os.org/doc/custom-install/
>
>
> --
> You received this message because you are subscribed to the Google Groups
> "qubes-users" group.
> To unsubscribe from this group and stop receiving emails from it, send an
> email to qubes-users...@googlegroups.com.
> To view this discussion on the web visit
> https://groups.google.com/d/msgid/qubes-users/7nB9eByckB2PElYJX91w8-ncjVmJ1Cq
> q1UiUVWlAZvhgCnJIt8ANf3IKkJAwPcXjn_3UxHkqJfJXuvLiKcbSHi-cWo4JqgOB7nyk_jNPDBI%
> 3D%40protonmail.com.
Reply all
Reply to author
Forward
0 new messages