HOWTO: Full Disk encryption on Ubuntu 10.04

Posted on by

How to set up an entirely encrypted disk using Ubuntu 10.04 (LTS):

    Use the Alternative installer (text based) ISO image so that you have access to the LVM and Encrypted Disk options.
    Assuming you want to keep a windows partition or some other pre-existing partitions intact, you will have to manually partition things instead of using the guided partitioner, so select “manual”.

    Set up two partitions. One will be your /boot partition and should be around 250MB. This is the only data that will be unencrypted on the disk. The other will be your encrypted volume, that will hold an LVM physical volume that will contain all of your other partitions such as your swap partition, / (root) partition and any /home /var etc partitions that you want to set up. You should select “Use as:” “physical volume for encryption” when setting it up.
    Then go back up to the top of the menu to the “Configure Encrypted Volumes” option, select the large partition and set up a pass-phrase for it.
    This will create an encrypted volume (defaults to using ext4). Select it and change the “Use as:” to “Physical volume for LVM”
    Now, go back up to the top of the menu to the “Configure the Logical Volume Manager” option. Create a volume group (vg0 is as good of a name as any) using the /dev/mapper encrypted volume you created above.
    Create a logical volume (I named mine “swap”) that will hold your swap partition. It should be at least as large as the maximum amount of RAM you ever intend on installing in your computer if you want to suspend to disk (hibernate).
    Depending upon how many other partitions you want (one big root, or /home and /var, etc…) create other partitions using the rest of the space inside of your LVM volume group.
    Once you leave the LVM configuration area, you will see all of the LVM logical partitions that you have created. Select each of them and configure their mount point and file system type. (or use as Swap in the case of your swap partition.)
    Write everything to disk (which will also format partitions) and you are ready to continue with the rest of your installation!

Related Posts:

2 thoughts on “HOWTO: Full Disk encryption on Ubuntu 10.04

  1. Thanks for this, pal. The default whole disk encryption option expect to use all disk space for Ubuntu, but I wanted to keep the Windows partition and the Manual option in the partition step of the alternate installer was not that intuitive at all. Your post was of great help (otherwise I would have had to do some experimenting with all the options).

    Regards, MV

    Reply

  2. Pingback: LVM ontop of encrypted file system - 2 drives

Leave a Reply

Your email address will not be published. Required fields are marked *