Clone disk to encrypted one

Question

The scenario:
- i have a SSD EVO 850 with several partitions, all of them with no encryption and running xubuntu 14.04.
- i have another identical disk, same model and size.

The question:
- is there a way to clone the disk with the system to the new one and enable hardware or software encryption?

Why?:
- protect data and installation
- avoid reinstalling the system and do a complete setup for all apps and services again.

Thanks

UPDATE:

I ended up using @Louis-Papaloizou solution

• i installed xubuntu with a LVM on LUKS
• Then i created the same partition scheme, with aproximate size, it doesn't have to be the same, just enough for data to be copied.
• Then from a live cd i connected both disks and rsync from one other, this allows me tlko just copy over the dabatases without backup and restore.
• The important thing, is that you need to edit /etc/fstab and update the approapiate UUIDs for each partition/disk. You can get the uuid with sudo blkid /dev/mapper/NAMEOFVOLGROUP-*

UPDATE 2 (2017/02/22) - I added a second hdd with same LVM on LUKS schema, in order to be mounted at boot, a line with the main encrypted partition should be added to /etc/crypttab and the decrypted partitions (on LVM) to /etc/fstab. At boot after decrypting the main drive, a second password for the aditional hdd will be requested, and from then everything work as usual.

TROUBLESHOTING:

• i lost audio after moving over, this solved the problem on Xubuntu 14.04 (need to reboot) sudo apt-get install linux-sound-base alsa-base alsa-utils linux-image-$(uname -r) linux-image-extra-$(uname -r) libasound2

Answer 1

The mother of all cloning tools is rsync. I have used this solution before and it worked like a charm.

First of all you should start with a clean installation of the operating system on the new hard disk and setup encryption. Make sure you use the same partitioning scheme.

Mount your old hard disk to the system (via USB adapter or network) and use rsync to clone your old filesystem to your new encrypted hard disk like so:

rsync -aAXv --exclude={"/dev/","/proc/","/sys/","/tmp/","/run/","/mnt/","/media/*","/lost+found"} /path/to/old/hdd/mount/point /

rsync -av should really cut it, AX additional switches will make sure ACLs and extended file attributes will be preserved if they were used. The excluded folders are folders which do not contain regular files (/dev,/proc,/sys) and folders which do not contain useful data for your new system. If you are using /mnt for your additional partitions you should remove it from the exclusion brackets.

It goes with out say that if you are running any databases, transferring the files is not an ideal solution, you need to backup your databases on the old system and restore to the new system according to each database servers procedures.

And it actually works! You might have to troubleshoot a couple red spots in the syslog but generally all your installed packages should be there and your system should be working perfectly with the configuration you knew. By using this method I managed to pull down a cloud hosted VPS to a local physical machine and host it locally.

Good luck.

Answer 2

TL;DR

Yes, use Clonezilla

Detailed answer

Clonezilla allows you to

• clone the whole disk (the boot sector + all the partition + the soap) or some specific partition only.

• encrypt it using ecryptfs, an enterprise-class cryptographic filesystem for linux, which support AES, Triple DES and among other encryption algorithm

• compress it using gzip, bzip2, ..., and generate an MD5 checksum if you want

The requirements

you'll need

• a flash or hard drive USB to create a bootable Clonezilla live USB (you can use CD/DVD instead)
• an external HDD or SSD drive with enough free space to store the compressed cloned image into it

The process

1. create a Clonezilla live USB, using iso file and Unetbootin, or by building the bootabl manually as explained here

2. clone your entire disk-source in an external HDD or SDD divce by

   • follow clonezilla/01_Save_disk_image tutorial
   • but when you got this message about expert/beginner options, choose Expert mode, so that you can enable the encryption

3. restore the image of disk-source on disk-destination, following this tutorial clonezilla/02_Restore_disk_image

Aside

• When creating a Clonezilla live USB the last time, the option that worked for me is creating it manually, using the zip file and a FAT32 USB, in a Ubuntu 16.04.1.
• You don't have to format the destination drive since Clonezilla will create the file system, when restoring the source drive on it.
• if you don't have enough free-space to store the cloned image of the whole source drive, before restoring it to the destination drive, then clone partition by partition.

Answer 3

If you have a computer that supports hardware encryption (like Lenovo Thinkpads) you may enable this. This is transparent to the OS, so once encryption is turned on and you can clone it using e.g. clonezilla.

If you want do use luks, it's a bit harder. You can make encrypted partitions, and copy everything over, and modify the files to fit, so that /boot is on a unencrypted partition, update initramfs to match and so on. This is a bit complicated, and it would generally be easier to just copy /home and reinstall Ubuntu on the encrypted partitions.

As all your user data is in /home, you should loose nothing. It's also fairly trivial to reinstall all packages you had previously, using dpkg --get-selections, which can then be reimported into the new install :)

Answer 4

Typically rsync is used to copy all your data from one drive to another. However your question has been asked before (superuser.com - How to do rsync-like encrypted backup?) where they want to backup data to another server but have it encrypted so no one at the other server can "see" what is there.

The recommended solutions are duplicity and tartarus. Both support:

• remote backup and local backup
• full and incremental backups
• encrypting backup files
• installation via sudo apt-get install
• have been around for many years

Duplicity is built into Ubuntu repository and has instructions on Ubuntu (help.ubuntu.com - Duplicity Backup). Tartarus requires extra step of adding signed keys before installation via apt-get. Additionally some Tartarus website instructions are in German and require google translate which isn't a big deal but might be inconvenient to some.