# Encrypting mirrored drive



## xy16644 (Sep 20, 2009)

I have a machine running FreeBSD 7.2 and I have installed it with two 80GB hard drives and setup software mirroring (RAID 1) using "geom".

The next thing I would like to do is encrypt everything on this machine (including the swap file if possible). 

I have been reading up about this and I see theres two options:

1) gbde

2) geli

The question I have is, can I encrypt an existing system without having to rebuild it? I want to take an existing partition and encrypt it. I'm *not* adding a new hard drive to the system that I want to encrypt.

This may sound like a silly thing to say but I don't want to lose whats on the existing unencrypted drive....:e

Can anyone offer some advice or pointers as to how I should approach encrypting my servers mirrored drive?

The other thing that is bothering me is that I have a software mirror setup, will this cause any problems when encrypting the drive?

Many thanks!

PS: I have read this so far:

http://www.freebsd.org/doc/en/books/handbook/disks-encrypting.html


----------



## SirDice (Sep 20, 2009)

AFAIK you can't encrypt existing partitions. So you will have to backup the data, setup encryption and restore the backup.


----------



## xy16644 (Sep 20, 2009)

Oh no! ;-)


----------



## honk (Sep 20, 2009)

When you remove one disk (aka provider) from your mirror, you have a complete backup of your data. Than you could reinstall your system with gmirror (with only one disk/provider at that time!) and geli encryption. After that you copy the relevant data from the other disk to your encrypted disk. Finally you insert the other disk/provider to the new gmirror.

cheers,
honk


----------

