ReallySecureShell/Simple_Encryption_Setup

Description

This tool can be used to encrypt your Linux system post-installation without losing data.

1.0: Pre-Setup
2.0: Usage

1.0: Pre-Setup

Required Packages

The package: cryptsetup is required. You must install this package on the target system before encrypting.

sudo apt update
sudo apt install cryptsetup

You must also be using initramfs-tools as your initramfs generation utility. Debian and Debian-based systems rely on initramfs-tools to generate their initramfs. If you do not have initramfs-tools installed, or are NOT on a Debian or Debian-based system, then this script is not recommended.

Obtain Clonezilla

You cannot encrypt your system while it is in use, so you need to boot from a USB in-order to run this script. It is recommended that you use Clonezilla as it is the OS where the script is tested on. This way you can be sure the system has all the required dependencies.

Download the Clonezilla ISO

If you need an image writer you can download RosaImageWriter.

Setup Clonezilla Environment

Boot into the Clonezilla terminal. This can be done by selecting Enter_shell when prompted.

By default Clonezilla will not have networking enabled. To enable networking run:

sudo systemctl start NetworkManager

If you are not on a wired connection use the following to setup WIFI:

nmtui

2.0: Usage

./SimpleEncryptionSetup.sh -fvh -p 'partition1:mountpoint1[ partitionN:mountpointN]' -r root-partition [-e efi-partition {-d DIR}]

-p, --partitions 'partition1:mountpoint1[ partitionN:mountpointN]'  Specify the partition(s) to encrypt.
                                                                    Example: '/dev/sda1:/ /dev/sda2:/home'
                                                                    
-r, --root <root-partition>                                         The root partition. This can be either
                                                                    /dev/sd*, or if using LVM /dev/mapper/<root-name>.
                                                                    Example: /dev/sda1
                                                                    
-e, --efi <efi-partition>                                           Specify the EFI partition.
                                                                    Example: /dev/sda3
                                                                    
    -d, --efi-path <DIR>                                            The directory in /mnt/boot/efi/EFI/ where 
                                                                    grub will be installed. This directory MUST 
                                                                    already exist. If lost, 'ls' the directories 
                                                                    in said EFI path and find a file named grubx64.efi, 
                                                                    if the directory contains that file it's probably 
                                                                    the right one. This directory is also used as the 
                                                                    bootloader-id.
                                                                    Example: ubuntu
                                                                    
-f, --fake                                                          Do not make modifications to the system. This is used
                                                                    to check the output for errors *before* modifying
                                                                    the system.

-v, --version                                                       Print version information then exit.
                                                                    
-h, --help                                                          Print this help page then exit.

ReallySecureShell / Simple_Encryption_Setup