Before I start I just want to make the following quite clear :
1. Yes, this is ridiculous
2. Yes, I still want to do it anyway
3. No, the data i'm storing might not need this level of encryption
4. Yes, I have foil hats if anybody wants one.
So what do I want to do ? Well basicly I want to encrypt the Hard disk of my VPS with LUKS and decrypt on boot (like so : http://unix.stackexchange.com/questions/5017/ssh-to-decrypt-encrypted-lvm-during-headless-server-boot )
I'm not entirely sure how i'd go about this with my VPS. The problematic part is the creation of the partition that will hold the Encrypted data. I need it to be my rootfs.
I've come up with several vague solutions, but i haven't the slightest idea if they'll really work :
1. Create an encrypted "File" that contains the rootFS and setup initrd to decrypt that file and mount it as / .
2. run fdisk on the system and resize the disk , then move everything to the new encrypted partition apart from the /boot directory. Have no idea if this can actually work.
3. Create an image with VirtualBox of a encrypted system, upload this to my VPS, load it into the ram and load dd into the ram, then overwrite the existing disk (this is very unlikely to work, i have no real clue).
Has anyone tried this before ? anyone have a different approach ?
These answers are provided by our Community. If you find them useful, show some love by clicking the heart.
If you run into issues leave a comment, or add your own answer to help others.