Context
Encrypting whole new external hard drive with Luks. I.e. it is not a system drive (will be used only to store data, not to boot the OS), and it is completely blank.
Observation
All descriptions that I found about how to achieve this go along the lines of:
- create a new partition, which is the same size as the whole disk
- encrypt that partition
Some examples:
From here:
Creating a new encrypted partition:
[...]
Encrypting an existing partition
Or here.
Question
Is it possible to encrypt the whole disk, instead of having one big encrypted partition?
Probably the answer will be no, so the real question is why not?
In other words
What would happen if instead of typing
sudo cryptsetup -v -y luksFormat /dev/sda1
I would type
sudo cryptsetup -v -y luksFormat /dev/sda
(without having created sda1
)?
/etc/crypttab
which is impossible if you encrypt the entire disk (boot disk)crypttab
works, but surely I can mount a new external encrypted HDD, even if it was not incrypttab
before, right?)