################ ENCRIPTION ################ This tutorial will show you step by step how to encrypt a full drive with Cryptsetup on Debian 9.4 or Ubuntu 18.04 LTS (Bionic Beaver). The drive that get's encrypted may not be part of an LVM volume. Assumptions 1. Drive to be encrypted is not be part of LVM. 2. cryptsetup has already been installed 3. You already know the device you wish to encrypt (I will be using /dev/sdb1 in this example) 4. You have already saved any and all data on the drive you wish to encrypt otherwise you will lose it all 5. You need to know how to use sudo or su - Notes & WARNINGS You have already saved any and all data on the drive you wish to encrypt otherwise you will lose it all The process I am presenting, worked for me - YMMV Please see the referring links at the end for a complete overview of other options and processes as this tutorial is a compilation from these link to suite my needs. ... and finally, You have already saved any and all data on the drive you wish to encrypt otherwise you will lose it all And now, for something completely different... The process: Create a key-file for authentication - you will want this if you intend to use auto mount on boot: .. code-block:: bash dd if=/dev/urandom of=/root/drive_key bs=1024 count=4 Protect the key-file to be read only by root: .. code-block:: bash chmod 0400 /root/drive_key Initialize the LUKS file system and use the key-file to authenticate instead of a password: .. code-block:: bash cryptsetup -d=/root/drive_key -v luksFormat /dev/sdb1 Create the LUKS mapping using the key-file: .. code-block:: bash cryptsetup -d=/root/drive_key luksOpen /dev/sdb1 data Create your file system (I use ext4): .. code-block:: bash mkfs.ext4 /dev/mapper/data Create your mount point on the system (some folks use /media): .. code-block:: bash mkdir /mnt/data Mount the new file system at the mount point: .. code-block:: bash mount /dev/mapper/data /mnt/data Create the mapper for fstab to use by adding the following line to /etc/crypttab: .. code-block:: bash data /dev/sdb1 /root/drive_key luks Add the mount point to /etc/fstab: .. code-block:: bash /dev/mapper/data /mnt/data ext4 defaults 0 2 At this point all you need to do is either reboot or use mount -a. I myself find it's much cleaner to simply reboot the system. This setup works very will with either Debian or Ubuntu. I have als interchanged this setup between the two. What this means is, if you create an encrypted drive outlined above in Debian (as I have done with 9.4), I can mount the same drive under Ubuntu 18.04 as long as I use the same process and key file outlined above. The key to that is to ensure you have at least tarballed your root directory (or at least the keyfile) and moved it to the same location with the same rights as under the previous operating system.