I'm running Kali Dojo 2.0 and I'd like to encrypt the entire drive.
I've encrypted my Windows 7 Home Premium drive with Veracrypt, and it was a simple setup and I'd like to do something similar on this drive.
On that drive, everything was encrypted, aside from boot files, and thats what I would like to do with this drive as well. It doesn't have to be Veracrypt that is just a preference.
Unless it is my only option, I do not want to make a container to put certain files in.
Best Answer
Linux has supported boot/system volume encryption like Veracrypt for a long time using its own separate integrated system called LUKS, which is not compatible with Truecrypt/Veracrypt.
Veracrypt (if it's like Truecrypt) is implemented on Linux via FUSE. FUSE is a way to implement filesystems without writing a kernel driver, the cost of this is speed. LUKS is part of the kernel and is faster than Veracrypt would be, so this is why LUKS is preferred if you are using Linux.
LUKS is well supported by Debian and other distribution installers, it's fairly simple to encrypt your full system, or full Linux partition, except for a small boot partition containing the kernel and initial RAM disk. This is equivalent to everything being encrypted on Truecrypt/Veracrypt except the bootloader, which has to be unencrypted so the BIOS/UEFI can read it.
I have never used Kali, but if it uses the standard Debian installer, you do this to encrypt the full partition (reference):
One thing to note is that I don't believe there is a tool that will encrypt/decrypt a currently running system like Truecrypt/Veracrypt does.
It's technically possible to mount the root filesystem via FUSE - meaning I believe it's possible to boot Linux off of a Veracrypt-encrypted partition if you really wanted to, but since it provides inferior speed to LUKS under Linux, it's not surprising if no one has developed this method.