Novell LINUX ENTERPRISE SERVER 11 - SECURITY Manual page 162

When you are installing your system on a machine where several partitions already
exist, you can also decide to encrypt an existing partition during installation. In this
case follow the description in
Running System"
partition to encrypt.
11.1.2 Creating an Encrypted Partition on a
WARNING: Activating Encryption on a Running System
It is also possible to create encrypted partitions on a running system. However,
encrypting an existing partition destroys all data on it and requires resizing and
restructuring of existing partitions.
On a running system, select System > Partitioning in the YaST Control Center. Click
Yes to proceed. In the Expert Partitioner, select the partition to encrypt and click Edit.
The rest of the procedure is the same as described in
crypted Partition during Installation"
11.1.3 Creating an Encrypted File as a
Instead of using a partition, it is possible to create an encrypted file of a certain size
that can then hold other files or folders containing confidential data. Such container
files are created from the YaST Expert Partitioner dialog. Select Crypt Files > Add
Crypt File and enter the full path to the file and its size. If YaST should create the
container file, activate the checkbox Create Loop File. Accept or change the proposed
formatting settings and the file system type. Specify the mount point and decide whether
the encrypted file system should be mounted at system boot. Make sure that the
checkbox Encrypt File System is activated.
The advantage of encrypted container files over encrypted partitions is that they can
be added without repartitioning the hard disk. They are mounted with the help of a loop
device and behave just like normal partitions.
148 Security Guide
Section 11.1.2, "Creating an Encrypted Partition on a
(page 148) and be aware that this action destroys all data on the existing
Running System
Container
Section 11.1.1, "Creating an En-
(page 147).