Can I make a system backup, encrypt the disk, and restore everything with Ubuntu?

3

3

I'm repeating a question that I posted on Server Fault. It was moved by another user to AskUbuntu because of a lack of responses. I think this is the more appropriate place to ask, but I don't think I have the right to move it here yet.

I would like to encrypt my entire disk with a fresh Ubuntu install as described here. However, my current laptop has many configurations that I do not want to re-do. I would like to backup the entire system, format the drive, re-install Ubuntu with the disk encryption option and restore all files and configuration settings. How hard is it to do this and what should I be careful about? Can I backup and restore as described here?

Vinh Nguyen

Posted 2011-09-01T16:08:06.243

Reputation: 265

1

Does http://www.TrueCrypt.org/ provide a suitable in-place encryption solution for you? (Backing up first is still a smart idea regardless of what you decide to do.) Here's a web page that explains how to use TrueCrypt.org with Ubuntu Linux: http://www.linuxandfriends.com/2010/02/03/how-to-truecrypt-setup-on-ubuntu-linux/

– Randolf Richardson – 2011-09-01T16:11:28.627

I don't want to use truecrypt. I want to encrypt the entire disk so if my laptop is stolen, the information is safe. Thanks for your response. – Vinh Nguyen – 2011-09-01T16:17:04.123

2TrueCrypt can encrypt the entire disk just fine, why are you ruling it out as an option? It is easy to back up and it can do a whole or a part of a disk and it runs on ubuntu. Why is that not exactly what you asked? – MaQleod – 2011-09-01T16:35:08.050

@MaQleod He's likely ruling it out because it doesn't meet his requirements that it be able to encrypt his entire Linux system -- whole system encryption is only available under Windows, and in-place disk encryption is again only available under Windows. – Kromey – 2011-09-01T18:25:48.220

Answers

2

Yes, you can do that.

The backup and restore procedure described on that page uses the tar utility, which operates on files; the encryption you would be using operates below that level, meaning anything you restore will the automagically encrypted for you as it is restored.

Where you might need to be careful (and I haven't done this myself, so I'm unsure if it's really a concern) is to avoid overwriting any configuration files relevant to the encryption. As I assume you're using the encrypted LVM installation option in the Ubuntu install routine, this means any configuration files relevant to LVM, as well as potentially any binaries relevant to LVM (if you currently have LVM binaries on your system but they lack the encryption support). (If LVM is not currently installed on your system, then there's almost certainly no problem whatsoever.)

I would add /boot and /dev as additional directories to exclude from your backup; the former will include any kernel modifications necessary for the encryption after you re-install (and which would be blown away should you restore that directory as well), and the latter, well, that's a fairly egregious oversight in the guide itself, and could get you into a lot of trouble since the encrypted LVM will necessarily modify the nodes within /dev, making them wholly incompatible with whatever you try to restore to them.

Kromey

Posted 2011-09-01T16:08:06.243

Reputation: 4 377

I don't believe I have LVM set up on my current laptop. How can I check? df -m yields:

Filesystem           1M-blocks      Used Available Use% Mounted on

/dev/sda1               458804    338217     97282  78% /
none                      3856         1      3856   1% /dev
none                      3867         3      3864   1% /dev/shm
none                      3867         1      3866   1% /var/run
none                      3867         0      3867   0% /var/lock
 – Vinh Nguyen  – 2011-09-01T19:10:40.743

@Vinh Run the commands pvdisplay and vgdisplay; if either returns no disks/volumes, or better yet a "command not found" message, then you are not using LVM (and, in the case of the latter, don't even have it installed). – Kromey – 2011-09-01T19:21:15.303

both commands not found. So do you think it's safe to do as I propose? Backup (excluding certain directories), wipe, install OS with encrypted LVM, and restore? At the restore stage, should I restore from some kind of low level shell? Thanks! – Vinh Nguyen – 2011-09-01T20:22:43.610

@Vinh Should be fine, yup. I would strongly recommend, if you have the storage space to spare, that you also make a wholly separate backup of just your files that you want to save -- documents, pictures, music, etc. -- which will be easier to restore from if the worst happens and you end up not being able to restore as you expect (shouldn't happen, but better safe than sorry IMHO). And no, you shouldn't need any special shell for the restore -- just log in as root (or su to root) and go. – Kromey – 2011-09-01T22:10:09.147

Another question before I try this out next week. Should I do a hard disk backup with dd as outlined here just in case the previous method somehow fails? I have so much invested in my current setup that I would go crazy trying to reproduce it from scratch. Let me know your thoughts, thanks!

– Vinh Nguyen – 2011-09-03T17:12:59.373

@Vinh Backups are good. More backups are better. Make as many backups, in as many different methods, as you want/as will make you feel comfortable. I've never seen anyone go wrong by having too many backups (storage space notwithstanding), but the inverse is obviously not so. – Kromey – 2011-09-06T16:40:55.027

My attempt was successful after incorporating your thoughts and some debugging. I outlined my adventure here for others to read. If you want, you can edit your post (I marked it as the solution) and add the link for others to see. Thanks!

– Vinh Nguyen – 2011-09-15T19:18:50.623

0

I highly recommend using TrueCrypt because it is a free and open-source solution that provides on-the-fly encryption of the entire hard drive (or a specific partition, or a file that can be used as a fully mountable partition).

  TrueCrypt (free and open source)
  http://www.truecrypt.org/

For your convenience, I also located a web page that provides some instructions for installing and using TrueCrypt on Ubuntu Linux (the Operating System that you indicated is of interest to you):

  How to: TrueCrypt setup on Ubuntu Linux
  http://www.linuxandfriends.com/2010/02/03/how-to-truecrypt-setup-on-ubuntu-linux/

The fact that you want to run backups is excellent, and I strongly encourage you to do this regularly even after you've finished encrypting your hard drive (your question deserves an extra point in my opinion for mentioning backups).

In my experience, TrueCrypt (which beats the pants off the commercial-grade competitors I've seen) has proven to be 100% reliable for all my clients who are using it, and for my laptop -- it doesn't seem to matter that the power is lost or there is the occasional unexpected crash (mostly encountered with Windows), the system carries on where it left off, and disk repair options appear just like they do on unencrypted systems. In my professional estimation, it appears that the TrueCrypt developers "got it right," and I trust this product for reliability and security.

Randolf Richardson

Posted 2011-09-01T16:08:06.243

Reputation: 14 002

1TrueCrypt cannot encrypt the OS under anything except Windows XP and later. That means that per @Vinh's requirement that the whole system be encrypted, TrueCrypt is not a viable option -- and I say this as a rabid TrueCrypt fanboy myself! – Kromey – 2011-09-01T18:23:36.757

Hmm. I remember reading somewhere that this could be done with Linux, but now I'm unable to find it. It looks like only Windows 7, Vista, XP, and 2000 are supported with this specific functionality. (My guess, and my hope, is that Linux and Unix will be supported in a future version of TrueCrypt.) – Randolf Richardson – 2011-09-02T15:20:30.657

Asked: 2011-09-01T16:08:06.243

Viewed: 1 479 times

Active: 2011-09-01T18:36:07.437