Encrypting an unencrypted volume using plain mode

If you want to integrate unencrypted data residing on a volume into the infrastructure for protected volume encryption using plain mode, you need to perform the task to transform an unencrypted partition into an encrypted one.

This topic presents two methods with which you can achieve this task:

  1. For LVM physical volumes, you can use the pvmove LVM command. Refer to the procedure described in Migrating to an encrypted LVM physical volume and perform the steps according to plain mode.
  2. You can copy existing content to a new encrypted volume in plain mode and delete the original data. Refer to the procedure described in Migrating data to a new encrypted volume and perform the steps according to plain mode.
Note: An encrypted volume in plain mode does not contain a LUKS header, thus the full size of the volume is available for use.

After you have migrated the data from the unencrypted volume to the encrypted one, be sure to securely delete any unencrypted data according to your security policies. For example, you can use badblocks or shred to overwrite unencrypted data with random data multiple times.