Hard Drive Encryption¶
All internal machines should be installed with full drive encryption.
For fedora, this is as simple as ticking the correct box when doing the installer.
The password used for decryption should be the current master password.
The encryption is handled by something called LUKS and stands for Linux Unified Key Setup
Adding a Personal Decryption Password¶
In addition to the master password, you can (and should) have your own personal decryption password.
This is purely as a backup in case you ever can't decrypt with the main password.
Changing Encryption Password¶
Bradley wrote some detailed documentation here
Add New Key¶
There is a bash script to allow you to run this process on all drives located in the snippets library:
This will just add the new key. You must then reboot, check the new key is working and then remove the old key
Remove Old Key¶
You should make sure you have you main password key and your backup key working, then you can remove the old key.
You need to have rebooted and used your new password to log in before you do this step