is there any tutorial out there for encrypting entire linux hard drive and ask/prompt for password message when booting ?
Note that configuring a password prompt on boot for /
depends on the distribution. That is, Ubuntu has one method and its own instructions, Arch Linux has another, Gentoo has yet another. It also depends on your bootloader and firmware – for example, GRUB can decrypt a LUKS-encrypted /
entirely on its own, but Syslinux cannot and would require a /boot
partition.
(In contrast, configuring cryptsetup for data partitions is done nearly the same way everywhere.)
I know a little bit about encrypting partition with "cryptsetup", but it cannot encrypt live drive like /dev/sda1 for "/" or root partition ...
Then do it while the partition is not "live". You can run the necessary programs using a 'Live CD/USB', and it'll treat your main OS as just another ordinary partition.
To encrypt an existing partition and avoid losing data, you can use luksipc
. (I've also heard that latest cryptsetup versions have this functionality built in to cryptsetup-reencrypt
.) Do not 'format' the partition!
(Recommendation: First encrypt a data partition or two until you have a good grip on how cryptsetup, luksipc and related tools work.)