The mother of all cloning tools is rsync.
I have used this solution before and it worked like a charm.
First of all you should start with a clean installation of the operating system on the new hard disk and setup encryption. Make sure you use the same partitioning scheme.
Mount your old hard disk to the system (via USB adapter or network) and use rsync to clone your old filesystem to your new encrypted hard disk like so:
rsync -aAXv
--exclude={"/dev/","/proc/","/sys/","/tmp/","/run/","/mnt/","/media/*","/lost+found"}
/path/to/old/hdd/mount/point /
rsync -av should really cut it, AX additional switches will make sure ACLs and extended file attributes will be preserved if they were used. The excluded folders are folders which do not contain regular files (/dev,/proc,/sys) and folders which do not contain useful data for your new system. If you are using /mnt for your additional partitions you should remove it from the exclusion brackets.
It goes with out say that if you are running any databases, transferring the files is not an ideal solution, you need to backup your databases on the old system and restore to the new system according to each database servers procedures.
And it actually works! You might have to troubleshoot a couple red spots in the syslog but generally all your installed packages should be there and your system should be working perfectly with the configuration you knew. By using this method I managed to pull down a cloud hosted VPS to a local physical machine and host it locally.
Good luck.
HOWTO Encrypt an Ubuntu 18.04 LTS Installation with TWO Drives: OS on the primary SSD, /home on your secondary HDD
This is a guide to FULL DISK ENCRYPTION of an Ubuntu 18.04 LTS install. Not to be confused with the encryption of just the /home directory, which I believe has been removed as an option during install. These instructions are for Ubuntu 18.04 LTS, but should work with 16.04 LTS.
This guide assumes that you are familiar with Ubuntu (Linux) and can install the OS from a USB key, or at least understand how to do this procedure – if you can’t, find someone who can and the both of you go through it. This guide also assumes that you have backed up ALL your data prior to beginning this procedure as you will destroy all DATA on ALL drives during this procedure.
YOU HAVE BEEN WARNED!
This guide is largely a meld of the two procedures from here (David Yates’ blog post) (https://davidyat.es/2015/04/03/encrypting-a-second-hard-drive-on-ubuntu-14-10-post-install/) and the Ask Ubuntu post (Move home folder to second drive).
First things first, why do we wish to do this? Because if you own a laptop, or other sensitive data on a computer and it gets stolen or lost, it is necessary to be able to protect the data. You may be legally responsible to have protected the data. Secondly, many (most) systems now come with a small SSD (fast) for the OS and larger HDD (slow) for the data. Thirdly, encrypting just the /home directory is now recognised as a bad idea as it exposes you to the potential of /home being hacked (don't ask me how to do it, I couldn't), AND partial encryption slows down the system to a large degree. FDE requires less overhead and therefore has minimal impact on the performance of the system.
PART I: Install Ubuntu 18.04 LTS on the primary drive (usually the SSD)
Install Ubuntu 18.04 LTS onto your smaller (usually the SSD) and check (i) erase the disk, (ii) encrypt the installation, and (iii) LVM management.
![screenshot of install choices](https://i.stack.imgur.com/ZRmCB.png)
This will result in an encrypted SSD, but will not touch the second (usually HDD) drive. I'm assuming that your second drive is a new, unformatted drive, but it doesn't really matter what's on the drive prior to this procedure. We are going to destroy all the data on this drive. We are going to use a software package from within Ubuntu to prep the drive (not sure whether or not this preparation is strictly necessary, but it's what I've tested). To prepare this for your soon-to-be moved /home partition (folder), you should format it using the GUI tool called gParted.
sudo apt install gparted
Open gParted and navigate to your second HDD (carefully check the /dev/sd?X) and delete any & all existing partitions, then create a new PRIMARY PARTITION using the ext4 file system. You could also label it, but that’s not necessary. Choose "Apply". One gParted is finished, close gParted and now you're ready to install the LUKS container on the second drive and then format it. In the following commands, replace sd?X with the name of your SECONDARY drive (not your primary drive), for example sda1.
sudo cryptsetup -y -v luksFormat /dev/sd?X
Then you’ll need to decrypt the new partition so that you can format it with ext4, the modern Linux file system preferred by Ubuntu.
sudo cryptsetup luksOpen /dev/sd?X sd?X_crypt
sudo mkfs.ext4 /dev/mapper/sd?X_crypt
If you want to use your second HDD as a regular, frequently accessed hard drive (as in moving your /home partition to it, which is the point of Part II), there’s a way to automatically mount and decrypt your second drive on startup, when your computer prompts you for the primary hard drive decryption password. Aside: I use the same passphrase for BOTH my drives, as I'm superstitious and envision more issues with two different passphrases.
First you’ll need to create a keyfile, which acts as a password for your secondary drive, and so that you don’t have to type in every time you start up (like your primary hard drive encryption password).
sudo dd if=/dev/urandom of=/root/.keyfile bs=1024 count=4
sudo chmod 0400 /root/.keyfile
sudo cryptsetup luksAddKey /dev/sd?X /root/.keyfile
Once the keyfile has been created, add the following lines to /etc/crypttab using nano
sudo nano /etc/crypttab
Add this line, save & close the file (/etc/crypttab).
sd?X_crypt UUID=<device UUID> /root/.keyfile luks,discard
To get your parition’s UUID to enter into the /etc/crypttab file, use this command (you need to use sudo it so that all of your partitions show up):
sudo blkid
The value you want is the UUID of /dev/sd?X, not dev/mapper/sd?X_crypt. Also make sure to copy the UUID, not the PARTUUID.
Okay, at this point (closed & saved /etc/crypttab file), you should be able to login to your Ubuntu install (entering your primary drive decryption password) and it should decrypt BOTH your primary and secondary drives. You should check to see if this happens otherwise STOP; and solve the issue(s). If you don't have this working and you've move your /home, you will have a non-working system.
Reboot and check to see if this (daisy-chain decrypt) is in fact is the case. If the secondary drive is automatically decrypted, when you choose “Other Locations” the second drive should show up in the list and have a lock icon on it, but the icon should be unlocked.
If the second drive automatically decrypts (as it should), then move on to Part II, designating the second drive as the the default location of your /home folder (with the larger amount of space).
Part II: Move your /home partition to your secondary drive (i.e. HDD)
We need to make a mount point for the secondary drive, temporarily mount the new partition (secondary HDD) and move /home to it:
sudo mkdir /mnt/tmp
sudo mount /dev/mapper/sd?X_crypt /mnt/tmp
assuming /sd?X is the new partition for /home (as per above)
Now we copy your /home folder to the new /home location from the primary drive (SSD) to the secondary drive (HDD).
sudo rsync -avx /home/ /mnt/tmp
We then may mount the new partition as /home with
sudo mount /dev/mapper/sd?X_crypt /home
to make sure all the folders (data) are present.
ls
Now, we want to make the new /home location on the secondary drive permanent, we need edit the fstab entry to automatically mount your moved /home on the secondary decrypted HDD.
sudo nano /etc/fstab
and add the following line at the end:
/dev/mapper/sd?X_crypt /home ext4 defaults 0 2
Save & close the file.
Reboot. After a reboot, your /home should reside on the new secondary drive and you should have plenty of space for your DATA.
Best Answer
Partitioning and file copy - while running
I did this by starting with the running system. I plugged the new SSD into a USB SATA adapter and partitioned it, set up LVM and copied the files across.
Your disk should now look like:
The next step is to put encryption on the partition and LVM on top of the encryption.
Now make the filesystems and mount them and copy your system across.
Up to this point you can keep the system running and use it. Now you need to shutdown and boot into a live CD/USB so you can get the system in a shutdown state.
Partitioning and file copy - live CD/USB
Once you have booted, open a terminal and:
chroot
Changing UUIDs
Now we are root inside the chroot and run the following commands:
Now you will see all the UUIDs for the various disk in the system. You will need to edit the UUIDs in
/etc/fstab
and/etc/crypttab
to match the values for/dev/sdc?
In
/etc/fstab
you need to use the UUID for the boot disk -/dev/sdc1
if your disks have the same letter as me.In
/etc/crypttab
you need to use the UUID for the other (big) partition -/dev/sdc5
if your disks have the same letter as me.initramfs and grub
Now shutdown, put the SSD inside your laptop, cross your fingers and boot up.
Useful links
Good guide for the cryptsetup stuff at http://www.debian-administration.org/articles/577
For installing grub on an external partition: https://stackoverflow.com/questions/247030/how-to-set-up-grub-in-a-cloned-hard-disk
https://help.ubuntu.com/community/UsingUUID