Came here in search of an answer to a problem, but didn't find it? Visit the forum @ LinuxBSDos.com, pick a category and ask a question.

Manual full disk encryption setup guide for Ubuntu 13.10 & Linux Mint 16

I am reading page: 1 2

The next partition will be for root. However, the mount point will not be specified here, just the Size and “Use as” values. Knowing that a fresh installation of Ubuntu uses just 3.1 GB of disk space and just about the same for Linux Mint 16, I allocated 12 GB to it, which is sufficient to account for future increase in disk usage. For “Use as,” select “physical volume for encryption,” then type in the passphrase that will be used to encrypt the partition. OK.
Ubuntu create LVM root partition

Back to the main window again, you see an entry for the new partition (/dev/sda5) and also the encrypted volume create from it (/dev/mapper/sda5_crypt). Note also that no mount point is assigned by default. That will be done manually after all the partitions have been created. Select the free space and click on the + button to create the next partition.
LVM partitions ubuntu

This partition will be used for Swap, so I allocated just 2 GB (2000 MB) to it. From the “Use as” menu, select “physical volume for encryption,” then type in the passphrase. This is where this is different from the installer’s default disk encryption setup. And the minor inconvenience I wrote about earlier is that every partition will have it’s own disk encryption passphrase. What that means is that every time the computer is booted, you’ll have to type in the passphrase for each partition. So if you have three partitions, like the setup for this tutorial, that is how many times you’ll have to specify a passphrase. To make it easier, you can specify the same passphrase for the partitions. OK.
Ubuntu create LVM swap partition

The final partition will be used for /home, so I allocated most of the available disk space to it. OK.
Ubuntu create LVM home partition

Back once again to the main window, you can see all the encrypted partitions that have been created. The final task at this stage involves assigning mount points. To do that, double-click on an encrypted partition entry.
Ubuntu create LVM disk encryption partitions

This is the default “Edit partition” window. All that has to be modified here, is the “Mount point.”
Ubuntu partition mount points

For the root partition, it should be /.
Ubuntu mount point for root

for Swap, select “swap area.”
Ubuntu mount point for swap

And /home for the last partition.
Ubuntu mount point for home

All set. you may click Install Now to continue with the rest of the installation.
ubuntu install grub boot loader

On rebooting the computer after the installation has completed successfully, you will always be presented with the prompt shown in this screen shot, once for each encrypted partition that you created. That’s it for setting encrypted partitions manually on Ubuntu 13.10 and Linux Mint 16. If you want to set up a nuke passphrase for the partitions, see Apply the nuke patch to LUKS cryptsetup in Linux Mint 16 and Ubuntu 13.10.
ubuntu disk encryption passphrase

0saves
To have articles like this delivered automatically to your Feed Reader or Inbox, subscribe via RSS or email.
I am reading page: 1 2

Digital Ocean SSD VPS Cloud Server droplets

Digital Ocean is a VPS/Cloud hosting provider. For just $5 per month, you can get yourself a Cloud server with 512 MB of RAM, 20 GB super-fast SSD, free snapshots, plus backups for a minimal fee. All via a simple graphical interface.

And by signing up with this referral link, you can help support this website.

If you are reading this, your ad could also be occupying this space. Contact us to make it happen.

If commenting on this article is closed, please post your comments at forum.linuxbsdos.com.

8 Comments

  1. gosia says:

    thank you for this post!
    just to make the boot faster, is there a way to type the encryption password just once? (even for the prize of having the same password for all separate partitions)
    thanks!

    • finid says:

      support for good LVM and disk encryption setup in the current installer is not that good, so, no, that’s not possible at this time.

      Note that in this situation, having the same password for all partitions is ok.

  2. Phix says:

    These steps no longer work under 14.04. I’ll list some details below. Can you provide any guidance on how to do a similar setup with 14.04?

    Details:
    I’ve been building similar test systems under 13.10 for months now, and they have all booted sucessfully. However, with 14.04 I’ve found that none of the systems will boot. I’ve built the systems the exact way I have before (identical to these instructions). When booting, I never get as far as being prompted for a pass-phrase. I get the initramfs prompt after the boot sequence times out. One thing I’ve noticed, is that dm_crypt is missing under the module list that I pull from initramfs.

    • finid says:

      That’s strange. Didn’t know something changed in the installer. Will revisit this asap.

    • finid says:

      I just installed 2 systems using the same instructions, minus the /home partition. Both booted successfully. One is in a virtual environment (250 GB storage) and the other is on real hardware (320 HDD). Will publish a tutorial using screenshots from one of them in a few hours.

  3. c14 says:

    Thanks for this – surely someone cleverer than I could describe how to use initramfs (or similar) so that the passphrase only has to be entered once?

    • finid says:

      But Swap also has to be encrypted. Otherwise you are not really getting full disk encryption.

      I don’t even consider that a bug. That’s the installer just telling you to encrypt the Swap partition.

Leave a Comment