I wanted to convert an already configured partition to an encrypted partition. As the encryption utility, "
cryptsetup" was used.
Since mine was a fresh installation, I was not worrying about loosing data on my Laptop. However if you are planning to do the same, please make sure to backup all the data before start conversion.
Below command shows you the details of available disks.
#fdisk -l
Device Start End Sectors Size Type
/dev/sda1 2048 923647 921600 450M Windows recovery environment
/dev/sda2 923648 1128447 204800 100M EFI System
.......
.......
/dev/sda6 567171072 582795263 15624192 7.5G Linux swap
/dev/sda7 582795264 781459455 198664192 94.7G Linux filesystem
/dev/sda8 781459456 976771071 195311616 93.1G Linux filesystem
Using the below command also shows you the details of partitioned disk.
# df -h
Filesystem Size Used Avail Use% Mounted on
udev 3.9G 0 3.9G 0% /dev
tmpfs 788M 9.6M 778M 2% /run
/dev/sda7 94G 4.1G 85G 5% /
...........
.........../dev/sda8 92G 60M 87G 1% /CERT
I
wanted to convert /dev/sda8 partition to an encrypted partition. In
oder to view the integration of /dev/sda8 disk, fstab file details. The
fstab (/etc/fstab) (or file systems table) file is a system
configuration file on Debian systems. The fstab file typically lists all
available disks and disk partitions, and indicates how they are to be
initialized or otherwise integrated into the overall system's file
system. This conf file can be read using the command:
#cat /etc/fstab
# cat /etc/fstab
# /etc/fstab: static file system information.
#
#
# / was on /dev/sda7 during installation
UUID=61050990-a94f-4629-81cb-14722123d668 / ext4 errors=remount-ro 0 1
# /CERT was on /dev/sda8 during installation
UUID=424bae11-5e73-44e8-9ccd-d1eb3ef44f82 /CERT ext4 defaults 0 2
# /boot/efi was on /dev/sda2 during installation
UUID=E413-CC25 /boot/efi vfat umask=0077 0 1
# swap was on /dev/sda6 during installation
UUID=1dd43a59-2bc7-49ce-b7b3-964ec836620f none swap sw 0 0
To encrypt the partition, I used the Disk Utility, which comes with Ubuntu 16.04. The below steps show the process of encrypting a partition.
Below figure shows the file system before the encryption.
Below figure shows the way of encrypting the partition. At this stage you need to enter a strong passphrase which complies with password security configuration best practices.
Below figure shows the file system configuration once the encryption is finished.
Finally I rebooted the system to check possible errors. After rebooting the OS, I manually mounted the encrypted partition.Below image shows a snap of manual mounting process. Passphrase needs to be entered here.
Errors encountered during the process of setting up an encrypted partition.
If you don't have already installed version of "cryptsetup". You will get the below error message when you try to create the encrypted partition.
Opz. I got the above error message and I installed cryptsetup using the below command and restarted the above encryption process.
#sudo apt-get install cryptsetup
If you forgot to comment/delete the existing entry pertaining to /dev/sda8 in /etc/fstab, you will encounter an error message during reboot. Unfortunately I was experiencing the same error. :(
I was ended up with a error message saying that:
"A start job is running for dev-disk-by\x....................device. "
After waiting up to 90 seconds, I found myself in emergency mode.
I order to trouble shoot, I ran the below steps.
To view the active and inactive disk units, I used the below command.
#systemctl --full -a |grep x2duuid
When listing units, "-a" show all loaded units, regardless of their state, including inactive units. With the filter to show only "x2duuid", active and inactive disks could be viewed. The received output is:
The above output shows that the partition with the UUID 424bae11-5e73-44e8-9ccd-d1eb3ef44f82 is inactive. This is the the encrypted partition.
I commented the entry pertaining to above partition from fstab as show below.
# cat /etc/fstab
# /etc/fstab: static file system information.
#
#
# / was on /dev/sda7 during installation
UUID=61050990-a94f-4629-81cb-14722123d668 / ext4 errors=remount-ro 0 1
# /CERT was on /dev/sda8 during installation
#UUID=424bae11-5e73-44e8-9ccd-d1eb3ef44f82 /CERT ext4 defaults 0 2
# /boot/efi was on /dev/sda2 during installation
As the final step I rebooted my system and fortunately It worked for me.
After OS is booted up, you can manually mount the encrypted partition by double clicking in file explorer.