In this tutorial we will use the command cryptsetup on Fedora 25 to add a new disk to the current system. We will left all the OS files in the current disk, we will use the new disk for data storage. Remeber that chaging the /etc/fstab could break your system, be careful with the steps in this tutorial and we recommend to do a backup before follow this step.
Step 1: Create partition with fdisk
We are going to use as an example the disk sdX, change it to the disk you want to encrypt. Open the disk with fdisk:
sudo fdisk /dev/sdX
If you want to use the full disk in one partition, just type n and hit enter until no more questions are returned by fdisk. When everything is done type w to save the new partition to the disk.
Step 2: Format the disk with luks
First we are going to execute luksForms to create the encrypted partition. Then we will open it to use it as a normal disk.
sudo cryptsetup luksFormat /dev/sdX1 sudo cryptsetup luksOpen /dev/sdX1 cryptmap sudo mkfs.ext4 /dev/mapper/cryptmap
Step 3: Mount the encrypted partition at boot
First create a random key to add it with cryptsetup:
sudo dd if=/dev/urandom of=key.sdX1 bs=1024 count=4 sudo cryptsetup luksAddKey /dev/sdX1 key.sdX1 sudo cryptsetup luksUUID /dev/sdX1
The last command will return the UUID to add it on the /etc/crypttab. Open the crypttab file and add the following entry:
sdX1 /dev/disk/by-uuid/XXXXXXXXXXXXXXXX COMPLETE_PATH/key.sdX1 luks
Replace XXXXXXXXXXXXXXXX with the key obtained before and COMPLETE_PATH to match the path where you saved the random key.
Finally we need to mount the unencrypted partition at boot, edit the /etc/fstab and add the following line:
/dev/mapper/sdX /media/sdX ext4 defaults 0 2
You are ready to reboot or just:
sudo mount -a