How to encrypt hard drive partitions on Linux
Encrypting a hard drive partition is a great way to hold a lot of sensitive data without needing to go through the tedious process of using a tool like GnuPG, VeraCrypt, and others, to individually lock files and folders. Better yet, encrypting an entire drive ensures that your data will always be safe, even if you forget to take steps to make your data private.
When it comes to encrypting hard drive partitions on Linux, no application is more straightforward than Gnome Disk Utility. Out of all of tools that can encrypt hard drive partitions on Linux, it manages to be the easiest to understand for average users. And it has some of the best options for disk encryption, despite being as basic as it is, compared to tools like Gparted or KDE Partition manager.
Install Gnome Disk Utility
Before talking about how you can use the Gnome Disk Utility application to lock up partitions or entire hard drives on your Linux PC, we need to go over how to install it. Mainly because not every Linux operating system comes with it by default.
To install the Gnome Disk Utility application on Linux, open up a terminal window by pressing Ctrl + Alt + T or Ctrl + Shift + T on the keyboard. Then, follow the instructions that correspond to the Linux OS you currently use.
Ubuntu
sudo apt install gnome-disk-utility
Debian
sudo apt-get install gnome-disk-utility
Arch Linux
sudo pacman -S gnome-disk-utility
Fedora
sudo dnf install gnome-disk-utility
OpenSUSE
sudo zypper install gnome-disk-utility
Generic Linux
The Gnome Disk Utility application is a favorite to include with most Linux distribution manufacturers, so, many users — even ones on obscure distributions have it in their software sources.
To get Gnome Disk Utility, open up a terminal and search for “gnome-disk-utility” or “gnome disks.” Then, try to install it the way you’d typically do on your computer. Alternatively, you can grab the source code for the application here.
Lock hard drive partitions
The Gnome Disks application supports encryption with the help of LUKS. In a previous article, I went over how to use this feature to lock a USB disk. This feature can also be used to lock hard drive partitions on Linux, or even entire drives.
Back up your data
Encrypting a USB drive is easy because most people don’t keep that much data on it. Hard drives, however, tend to hold a ton of data. So, if you plan to lock a drive or specific partition, it’s a good idea first to back it up, as the encryption process requires formatting.
To start, mount the drive on Linux. You can easily do this by opening up your file manager. Then, look at the “Devices” section of the file manager for your drive or partition and double-click on it to mount.
Once the drive is mounted, begin copying your data to somewhere safe like an external drive or a different hard drive. When done, go back to the “Devices” section of the file manager and right-click on the drive. Then, select “Unmount.”
Reformatting
As useful as it would be to be able to retroactively convert a non-encrypted hard drive into an encrypted one without needing to reformat, it isn’t possible. To reformat, open up the Gnome Disks app on your computer. Then, look to the sidebar of the program for the hard drive you want to work with and select it from the mouse. From there, click the menu icon on the right side of the app, and click the “Format Disk” option inside.
Ensure it’s set to GPT if you want it to work with modern computers. Otherwise, change it to MBR in the “Partitioning menu.” When everything looks OK, click the “Format” button to delete everything from your hard drive.
Set up a separate locked partition
Don’t want the entire space of the drive to be locked? If so, set up a dedicated encrypted Linux partition by following these steps.
Step 1: Click the + sign to create a new partition.
Step 2: Use the slider to create a partition. Be sure not to use the entire size of the hard drive. Then, click “Next.”
Step 3: On the next page in Gnome Disks, use the UI and set the label of the new partition.
Step 4: Move down to “type” and choose “Internal Disk for Linux systems only.” Also, check the box next to “Password protect volume.”
Step 5: Click the “Next” button to move on to the password creation page. Then, use the UI to set a memorable passcode.
Step 6: Select the “Create” button to make your new encrypted partition.
Step 7: Go back to hard drive in Gnome Disks, click the + sign again and create a second, unecrypted partition to fill out the rest of the drive space.
Lock the entire hard drive
Step 1: Click the + sign to create a new partition.
Step 2: Use the slider to create a partition that uses all of the free space on the drive, and click “Next” to continue.
Step 3: Write the name of the volume in the name box. Then, choose “Internal Disk for Linux systems only,” and “Password protects volume.”
Step 4: Select the “Next” button to move to the password creation page.
Step 5: On the password page, set a secure, memorable passcode for your new partition. Then, click the “Create” button to make your new encrypted partition.
