Add an encrypted hard disk to an existing Ubuntu system.

$ sudo lsblk 
NAME                  MAJ:MIN RM   SIZE RO TYPE  MOUNTPOINT
sda                     8:0    0 931,5G  0 disk  
sdb                     8:16   0 447,1G  0 disk  
├─sdb1                  8:17   0     1M  0 part  
├─sdb2                  8:18   0   513M  0 part  /boot/efi
├─sdb3                  8:19   0   732M  0 part  /boot
└─sdb4                  8:20   0 445,9G  0 part  
  └─sda4_crypt        253:0    0 445,9G  0 crypt 
    ├─vgubuntu-root   253:1    0 444,9G  0 lvm   /
    └─vgubuntu-swap_1 253:2    0   980M  0 lvm   [SWAP]

Initializes a LUKS on sda device.
Remember, use the same passphrase as for the already configured encrypted LVM.

$ sudo cryptsetup luksFormat /dev/sda
WARNING: Device /dev/sda already contains a 'gpt' partition signature.

WARNING!
========
This will overwrite data on /dev/sda irrevocably.

Are you sure? (Type 'yes' in capital letters): YES
Enter passphrase for /dev/sda: **************
Verify passphrase:             **************

Open the LUKS device.

$ sudo cryptsetup luksOpen /dev/sda sda_crypt
Enter passphrase for /dev/sda: **************

Initialize physical volume for use by LVM.

$ sudo pvcreate /dev/mapper/sda_crypt 
Physical volume "/dev/mapper/sda_crypt" successfully created.

Display physical volumes.

$ sudo pvs
PV                     VG       Fmt  Attr PSize    PFree   
  /dev/mapper/sda4_crypt vgubuntu lvm2 a--   445,89g       0 
  /dev/mapper/sda_crypt  vgbackup lvm2 a--  <931,50g <931,50g

Create a volume group.

$ sudo vgcreate vgbackup /dev/mapper/sda_crypt
Volume group "vgbackup" successfully created

Display volume groups.

$ sudo vgs
VG       #PV #LV #SN Attr   VSize    VFree   
  vgbackup   1   0   0 wz--n- <931,50g <931,50g
  vgubuntu   1   2   0 wz--n-  445,89g       0 

Create a logical volume.

$ sudo lvcreate -n backup -l +100%FREE vgbackup
Logical volume "backup" created.

Display logical volumes.

$ sudo lvs
LV     VG       Attr       LSize    Pool Origin Data%  Meta%  Move Log Cpy%Sync Convert
  backup vgbackup -wi-a----- <931,50g                                                    
  root   vgubuntu -wi-ao---- <444,94g                                                    
  swap_1 vgubuntu -wi-ao----  980,00m      

Display information about filesystems, including UUID.

$ lsblk -f
NAME                  FSTYPE      FSVER    LABEL UUID                                   FSAVAIL FSUSE% MOUNTPOINT
sda                   crypto_LUKS 2              eb964338-22d2-44cf-8d50-ef96e17b4a54                  
└─sda_crypt           LVM2_member LVM2 001       9BAkBH-C2uE-k80V-1KfN-bjhm-HVmi-c4xoR9                
  └─vgbackup-backup                                                                                    
sdb                                                                                                    
├─sdb1                                                                                                 
├─sdb2                vfat        FAT32          B6A5-0995                               504,2M     2% /boot/efi
├─sdb3                ext4        1.0            4ef327e9-15bc-47b8-9e74-d926bc7497dd      432M    31% /boot
└─sdb4                crypto_LUKS 2              67369c73-f0a0-4ead-907c-507246c0c43b                  
  └─sda4_crypt        LVM2_member LVM2 001       LUpQBF-ziSa-tjbo-oS02-TuxS-mQLK-6rX2Cm                
    ├─vgubuntu-root   ext4        1.0            e756ceac-6ba8-4b3a-8f84-04f4e6262cd7     88,2G    75% /
    └─vgubuntu-swap_1 swap        1              00b7be11-d8b6-4b8f-9bdb-723917d6f89f                  [SWAP]

Inspect information about encrypted filesystems.

$ cat /etc/crypttab 
sda4_crypt UUID=67369c73-f0a0-4ead-907c-507246c0c43b none luks,discard

Append information about recently created and encrypted filesystem.

$ cat <<EOF | sudo tee -a /etc/crypttab
sda_crypt UUID=eb964338-22d2-44cf-8d50-ef96e17b4a54 none luks
EOF

Create filesystem.

$ sudo mkfs.ext4 /dev/mapper/vgbackup-backup 
mke2fs 1.45.6 (20-Mar-2020)
Creating filesystem with 244186112 4k blocks and 61046784 inodes
Filesystem UUID: 35784ac3-2a7c-4059-ac26-9c9ad98f7010
Superblock backups stored on blocks: 
	32768, 98304, 163840, 229376, 294912, 819200, 884736, 1605632, 2654208, 
	4096000, 7962624, 11239424, 20480000, 23887872, 71663616, 78675968, 
	102400000, 214990848

Allocating group tables: done                            
Writing inode tables: done                            
Creating journal (262144 blocks): done
Writing superblocks and filesystem accounting information: done

Create mount directory.

$ mkdir /home/milosz/Backup

Display information about filesystems, including UUID.

$ lsblk -f
NAME                  FSTYPE      FSVER    LABEL UUID                                   FSAVAIL FSUSE% MOUNTPOINT
sda                   crypto_LUKS 2              eb964338-22d2-44cf-8d50-ef96e17b4a54                  
└─sda_crypt           LVM2_member LVM2 001       9BAkBH-C2uE-k80V-1KfN-bjhm-HVmi-c4xoR9                
  └─vgbackup-backup   ext4        1.0            35784ac3-2a7c-4059-ac26-9c9ad98f7010    869,2G     0% /home/milosz/Backup
sdb                                                                                                    
├─sdb1                                                                                                 
├─sdb2                vfat        FAT32          B6A5-0995                               504,2M     2% /boot/efi
├─sdb3                ext4        1.0            4ef327e9-15bc-47b8-9e74-d926bc7497dd      432M    31% /boot
└─sdb4                crypto_LUKS 2              67369c73-f0a0-4ead-907c-507246c0c43b                  
  └─sda4_crypt        LVM2_member LVM2 001       LUpQBF-ziSa-tjbo-oS02-TuxS-mQLK-6rX2Cm                
    ├─vgubuntu-root   ext4        1.0            e756ceac-6ba8-4b3a-8f84-04f4e6262cd7     88,2G    75% /
    └─vgubuntu-swap_1 swap        1              00b7be11-d8b6-4b8f-9bdb-723917d6f89f                  [SWAP]

Ensure that the created filesystem will mount at boot.

$ cat <

Mount it.

$ sudo mount /home/milosz/Backup

Fix mount point permissions.

$ sudo chown milosz:milosz /home/milosz/Backup

From now on single password will unlock both of the encrypted devices.

ko-fi