I encrypted a RHEL 7.9 machine last week that seemed to encrypt just fine. I used the following command:
pgpwde --secure --disk 0 --username 'user' --interactive --all --safe-mode
it then proceeded to encrypt sda2 and sda3, but did not encrypt sda1. sda1 I believe is the EFI boot partition, and it's a different type by default.
Upon encryption completion, I rebooted and received errors, and could not boot.
It did not go to the Bootguard screen, it immediately went to the kernel select screen.
The errors I received resembled the following:
error: no such device (UUID)
error: hd0,gpt2 not found
error: you need to load the kernel first
My drive is partitoned as such:
/dev/sda1 - EFI system mounted at /boot/efi (FAT32)
/dev/sda2 - Basic Data mounted at /boot (XFS)
/dev/sda3 - LVM data (LVM2)
I haven't had issues encrypting an old style BIOS using MBR on RHEL, but this is the first time I've tried using this product with UEFI/GPT.
Is there something else I need to do, or something I'm forgetting to change before/after encrypting (but before rebooting)?