HOWTO: Full Disk encryption on Ubuntu 12.04

How to set up an entirely encrypted disk using Ubuntu 12.04 (LTS):

Use the Alternative installer (text based) ISO image so that you have access to the LVM and Encrypted Disk options.

Assuming you want to keep a windows partition or some other pre-existing partitions intact, you will have to manually partition things instead of using the guided partitioner, so select “manual”.

Set up two partitions. One will be your /boot partition and should be around 250MB. This is the only data that will be unencrypted on the disk. The other will be your encrypted volume, that will hold an LVM physical volume that will contain all of your other partitions such as your swap partition, / (root) partition and any /home /var etc partitions that you want to set up. You should select “Use as:” “physical volume for encryption” when setting it up.

Then go back up to the top of the menu to the “Configure encrypted volumes” option (You may have to write changes to the partition table before you can do this.) Use the “Create encrypted volumes” option, and “check” / select the large LVM partition you just created. Then select “Finished” and it will prompt you for a pass-phrase.

Now, go back up to the top of the menu to the “Configure the Logical Volume Manager” option. This will prompt you to write changes to disk, and create an encrypted volume (defaults to using ext4).

Now, go back up to the top of the menu to the “Configure the Logical Volume Manager” option. Create a volume group (vg0 is as good of a name as any) on the /dev/mapper encrypted volume you created above.

Create a logical volume (I named mine “swap”) that will hold your swap partition. It should be at least as large as the maximum amount of RAM you ever intend on installing in your computer if you want to use suspend to disk (hibernate).

Depending upon how many other partitions you want (one big root, or /home and /var, etc”¦) create other partitions using the rest of the space inside of your LVM volume group, and select Finished.

Once you leave the LVM configuration area, you will see all of the LVM logical partitions that you have created. Select each of them and configure their mount point and file system type. (or use as Swap in the case of your swap partition.)

Write everything to disk (which will also format partitions) and you are ready to continue with the rest of your installation!

Leave a Reply

Your email address will not be published. Required fields are marked *