FDE (Full Disk Encryption) is already on-the-fly encrypt/decrypt as per its operation--http://www.stealth-x.com/articles/the-p ... -full-disk
encryption.phphttp://www.esecurityplanet.com/mobile-s ... ption.html..the usual misinterpretations and drawbacks -->
As the name suggests, FDE solutions work by encrypting a system's entire hard drive – including the operating system and all applications and data stored on it. When the system is started, the user is prompted for the encryption key, which enables the system to boot and run normally. As information is read from the disk, it is decrypted on the fly and stored in memory – and any information written to the disk is also encrypted on the fly. Without the encryption key, the data stored on the disk remains inaccessible to thieves and hackers.
One drawback of FDE is that it does nothing to protect files "in motion." Once a file is sent via email or copied to a memory stick, it is no longer encrypted. For that reason, you may want to consider deploying FLE in conjunction with FDE, so that users have the option to manually encrypt files that need to be shared with others.
So for sharing files, there are obviously drawbacks to that process.
I hope you aren't simply falling for marketing ploys in believing FDE is somehow always protecting your system and its data..
- I actually don't get the value of FDE, since my data is more important than the OS files, presuming I am the admin and have some kind off recovery/backup/archiving procedures in place for the inevitable accidents..
- Encryption obviously complicates this..
I guess you try to rearrange your hard drive into lvm (logical Volume manager) groups and encrypt those spaces
--that is fedora's approach, but again easier on an install rather than after the fact; as you said for Ubuntu's partial FDE on boot..I don't think you will be able to get any kind of FDE without touching your partition in some way: either shrinking to create an encrypted partition and copying your installation over or ??somehow otherwise https://code.google.com/p/cryptsetup/wiki/DMCrypt
--going through something like this.