Disk Encryption & Virtual Servers

Posted June 1, 2014 9.1k views
Before I start I just want to make the following quite clear : 1. Yes, this is ridiculous 2. Yes, I still want to do it anyway 3. No, the data i'm storing might not need this level of encryption 4. Yes, I have foil hats if anybody wants one. So what do I want to do ? Well basicly I want to encrypt the Hard disk of my VPS with LUKS and decrypt on boot (like so : ) I'm not entirely sure how i'd go about this with my VPS. The problematic part is the creation of the partition that will hold the Encrypted data. I need it to be my rootfs. I've come up with several vague solutions, but i haven't the slightest idea if they'll really work : 1. Create an encrypted "File" that contains the rootFS and setup initrd to decrypt that file and mount it as / . 2. run fdisk on the system and resize the disk , then move everything to the new encrypted partition apart from the /boot directory. Have no idea if this can actually work. 3. Create an image with VirtualBox of a encrypted system, upload this to my VPS, load it into the ram and load dd into the ram, then overwrite the existing disk (this is very unlikely to work, i have no real clue). Has anyone tried this before ? anyone have a different approach ? Cheers :) -jman6495

These answers are provided by our Community. If you find them useful, show some love by clicking the heart. If you run into issues leave a comment, or add your own answer to help others.

Submit an Answer
1 answer
Unfortunately, we do not support booting from custom kernels so you can't modify initrd. We also do not support partitioning currently so #2 won't work (though that's in the works).
I'm not sure about #3, you can give it a shot but I doubt it'll work.
Take a look at How To Use DM-Crypt to Create an Encrypted Volume on an Ubuntu VPS.
by Justin Ellingwood
Encrypting your data is a great way to ensure that nobody will have access to your sensitive information if they ever get access to your server. There are many possible uses for this, such as making it easier to decommission servers with sensitive data, storing uncommonly accessed but important files, etc. In this guide, we will discuss how to use dm-crypt to create create an encrypted volume out of a regular empty file.