Benjamin Loison Benjamin_Loison

0 Followers · 0 Following

• https://github.com/Benjamin-Loison

• Matrix: https://matrix.to/#/@benjamin_loison:matrix.org Discord: https://lemnoslife.com/discord_benjamin_loison

• Joined on 2022-10-16
• • 

Overview Repositories

67

Projects Packages Public Activity Starred Repositories

Benjamin_Loison commented on issue Benjamin_Loison/linux#58 2025-03-26 22:35:51 +01:00

How to enable full disk encryption after install?

Does it actually preserve files and folders on ext4, once encrypt it? I would say so, see:

-----BEGIN PGP MESSAGE-----

hF4DTQa9Wom5MBgSAQdAptDpm7flAFMEqHMJY…

Benjamin_Loison commented on issue Benjamin_Loison/linux#58 2025-03-26 20:34:52 +01:00

How to enable full disk encryption after install?

Should investigate:

• https://help.ubuntu.com/community/FullDiskEncryptionHowto
• https://ubuntu.com/core/docs/full-disk-encryption

Benjamin_Loison commented on issue Benjamin_Loison/linux#58 2025-03-26 20:14:25 +01:00

How to enable full disk encryption after install?

Testing on an actual computer may help, can dd to ease resetting the unencrypted disk state.

Benjamin_Loison commented on issue Benjamin_Loison/linux#58 2025-03-26 18:49:22 +01:00

How to enable full disk encryption after install?

![Screenshot_Debian_UEFI_2025-03-26_18:44:05.png](/attachments/56b9eea3-46f4-4b1f-bd6b-066ddf…

Benjamin_Loison commented on issue Benjamin_Loison/linux#58 2025-03-26 18:42:08 +01:00

How to enable full disk encryption after install?

I disabled installing pending updates when requesting on graphical shutdown.

Benjamin_Loison commented on issue Benjamin_Loison/linux#58 2025-03-26 18:41:44 +01:00

How to enable full disk encryption after install?

umount -a

Output:

umount: /mnt/dev: must be superuser to unmount.
umount: /mnt/boot/efi: must be superuser to unmount.
umount: /mnt: must be…

Benjamin_Loison commented on issue Benjamin_Loison/linux#58 2025-03-26 18:41:00 +01:00

How to enable full disk encryption after install?

root@debian:/# exit
exit
user@debian:~$

Benjamin_Loison commented on issue Benjamin_Loison/linux#58 2025-03-26 18:40:29 +01:00

How to enable full disk encryption after install?

update-initramfs -k all -c

Output:

update-initramfs: Generating /boot/initrd.img-6.1.0-29-amd64
update-initramfs: Generating /boot/initrd.img-6…

Benjamin_Loison commented on issue Benjamin_Loison/linux#58 2025-03-26 18:39:24 +01:00

How to enable full disk encryption after install?

/boot/grub/grub.cfg:

#
# DO NOT EDIT THIS FILE
#
# It is automatically generated by grub-mkconfig using templates
# from /etc/grub.d and…

Benjamin_Loison commented on issue Benjamin_Loison/linux#58 2025-03-26 18:37:28 +01:00

How to enable full disk encryption after install?

update-grub

Output:

Generating grub configuration file ...
Found background image: /usr/share/images/desktop-base/desktop-grub.png
Found…

Benjamin_Loison commented on issue Benjamin_Loison/linux#58 2025-03-26 18:36:45 +01:00

How to enable full disk encryption after install?

In another shell:

ls /boot/efi/

ls: cannot access '/boot/efi/': No such file or directory

[ -d /sys/firmware/efi ] && echo UEFI 

Benjamin_Loison commented on issue Benjamin_Loison/linux#58 2025-03-26 18:36:00 +01:00

How to enable full disk encryption after install?

grub-install

Output:

Installing for x86_64-efi platform.
grub-install: warning: EFI variables are not supported on this system..
Installation…

Benjamin_Loison commented on issue Benjamin_Loison/linux#58 2025-03-26 18:35:22 +01:00

How to enable full disk encryption after install?

Initial /etc/default/grub:

...
GRUB_DEFAULT=0
GRUB_TIMEOUT=5
GRUB_DISTRIBUTOR=`lsb_release -i -s 2> /dev/null 

Benjamin_Loison commented on issue Benjamin_Loison/linux#58 2025-03-26 18:34:33 +01:00

How to enable full disk encryption after install?

In /etc/default/grub, remove the existing reference to the root partition from GRUB_CMDLINE_LINUX

there was no such reference.

Benjamin_Loison commented on issue Benjamin_Loison/linux#58 2025-03-26 18:33:08 +01:00

How to enable full disk encryption after install?

/etc/fstab:

...
# <file system> <mount point>   <type>  <options>       <dump>  <pass>
# / was on /dev/vda2 during installation
UUID=8eb1534f-3…

Benjamin_Loison commented on issue Benjamin_Loison/linux#58 2025-03-26 18:31:29 +01:00

How to enable full disk encryption after install?

/etc/crypttab:

# ...
rootfs UUID=8eb1534f-39c0-4ded-907e-aee490cb2f3f /etc/luks/boot_os.keyfile luks,discard

should…

Benjamin_Loison commented on issue Benjamin_Loison/linux#58 2025-03-26 18:30:11 +01:00

How to enable full disk encryption after install?

cryptsetup luksAddKey /dev/vda2 /etc/luks/boot_os.keyfile

Enter any existing passphrase:

Benjamin_Loison commented on issue Benjamin_Loison/linux#58 2025-03-26 18:29:23 +01:00

How to enable full disk encryption after install?

Should investigate the permissions given.

Benjamin_Loison commented on issue Benjamin_Loison/linux#58 2025-03-26 18:29:04 +01:00

How to enable full disk encryption after install?

mkdir /etc/luks
dd if=/dev/urandom of=/etc/luks/boot_os.keyfile bs=4096 count=1

Output:

1+0 records in
1+0 records out
4096 bytes (4.1 kB,…

Benjamin_Loison commented on issue Benjamin_Loison/linux#58 2025-03-26 18:22:51 +01:00

How to enable full disk encryption after install?

With the current setup, the system would ask the encryption passphrase twice: once to access the second-stage GRUB boot loader and once again for the Linux kernel to access the encrypted root…