One of the standards that has become normal in the US federal sector is the requirement that all mobile devices, such as laptops, have encrypted drives. This was a direct result of a number of laptop thefts earlier in the decade that resulted in the supposed leaking of personal information. As a former federal contractor, I watched a number of successful and not so successful methodologies implemented and deployed. Some resulted in real data protection and some resulted in wonderful bricks. In some cases on a regular (read daily) basis.
One of the more successful tools is the Trust Platform Module (TPM) chip. When properly implemented, it allows you to improve encryption, ensure that even if your disk is removed from your laptop, it is still secure and greatly enhances security. So, imagine my surprise, upon rejoining the private sector that my new company does not have a policy for encrypting laptops, even though almost every individual in the company has one.
I was issued a brand-new Dell, with a TPM chip and Windows XP on it. Of course, the first thing I did was download a copy of Fedora and set about reformatting the machine, including setting up the TPM and installing ext4 and enabling Linux disk encryption and went along my merry way, not really thinking about it. That was six months ago.
Like most laptop users, when disk space gets low, you have two options. Replace the disk with a larger one and reinstall or clone the disk to a larger one. After only six months, I was in no mood to do a reinstall, so I decided I would go the clone route. But wait, I had a TMP protected, encrypted disk. How was I supposed to do this? Surely this was a routine sort of thing. So I set out to the Internet and did some research. And was underwhelmed with what I discovered. Essentially, while there are a number of sites that will tell you how to clone your disk (something I am very familiar with), there are almost none that talk about the issues of encryption. Which left me in a bit of a quandary.
