I couldn’t find an answer to this question, and am kicking myself for not dealing with this before I spent an entire day gathering all my files from various cloud accounts and usb sticks and setting things up on my new laptop…
Do I need to wipe my disk and re-install Fedora Workstation 35 to encrypt my disk? It came from Lenovo unencrypted, of course. Is there a way to encrypt my disk now?
You could reinstall F35 now or wait until F36 and do a clean install of that version. As of now, I don’t think there’s any way to retroactively encrypt the user or data portions of a Fedora workstation installation without a fresh OS install. If someone has different info, please reply and inform.
Whether you need to wipe the disk depends on whether LUKS encrypts the entire data portion of the drive or just the data. I believe it is the former, but the answer should be on the net somewhere.
Thanks for the replies. I guess I know what I’m doing this weekend!
Another factor on whether you need to wipe the drive is the wear effect. If LUKS will encrypt the entire data partition, then it might be best for the hardware if you do not wipe the drive. Write operations are destructive to SSDs, although modern SSDs are capable of very many r/w operations. Nothing to worry about if you need to wipe the disk, but something to consider if wiping is optional.
Newer SSDs have such a long life that a single wipe is not harmful.
He will not need to wipe the disk, simply create a new empty partition table before he starts. Then selecting to use encryption during the install will handle everything for him.