Fedora: Options for Full Disk Encryption - New & Existing installs

Hi all,

I’m interested in looking at converting an existing mature Fedora image to a “fully encrypted” at boot config.

However, from some examples such as this and this one, the general consensus is to (a) do a fresh install (easiest) or (b) pick existing external partitions and

  • Back up existing data
  • Reformat as LUKS (?)
  • Modify fstab etc, to auto decrypt on boot with cryptsetup?

Before I attempt the latter (for now), any advice before I start backing up existing data, and wiping my NVMe disks??

Thanks!

Best, Mike

If you get stuck with a bootloop or grub screen in the process, you can chroot in to your session using a live fedora USB. Make sure /etc/crypttab has the necessary info in it too. You will fail to boot without it.

1 Like

Thanks!! What I’ll do is boot a live USB, do a dd backup of the existing disk, then dump that into VeraCrypt; then start playing with my existing NVMe and take it from there.

1 Like

Glad to help :grin:

2 Likes