On 12/12/2017 08:41 AM, Wells, Roger K. wrote: > I have existing systems with un-encrypted disks. > I have tried unsuccessfully to encrypt them using LUKS. > Has anyone out there been able to encrypt an existing system (after the fact, so to speak)? You can do that with cryptsetup-reencrypt, but it needs to be able to make space for the ~2MB LUKS header ahead of the filesystem in the partition. That's a fairly risky operation -- shrinking the filesystem slightly and shifting it over. An alternative is LUKS with a detached header, but maintaining that relationship is an administrative headache with a severe penalty for error. -- Bob Nichols "NOSPAM" is really part of my email address. Do NOT delete it.