Dual Boot unencrypted Windows 10 + encrypted Ubuntu 14.04

14.04 dual-boot encryption windows-10

11,062

If you want to perform a "full disk encryption" of your Ubuntu installation do the following:

Boot live cd
Open gparted
Create 3 partitions:
- boot (ext2) - If you have Windows installed with UEFI, this can be skipped,
- root (ext4),
- swap (linux-swap)
Apply changes
Open terminal and sudo -i

Encrypt volumes root and swap

cryptsetup luksFormat --cipher aes-xts-plain --key-size 512 --hash 
sha512 --iter-time 2000 /dev/sdax

Name the encrypted volumes

cryptsetup luksOpen /dev/sda2 root
cryptsetup luksOpen /dev/sda3 swap

Make an ext4 filesystem inside and a swap space

mkfs.ext4 /dev/mapper/root
mkswap /dev/mapper/swap

Proceed with OS installation
Select Something else
Set boot, root and swap partitions (Select each partition, press Change and set the appropriate values)
Continue with installation. Press Install now.
After installation is finished choose Continue testing
Open terminal and sudo -i

Chroot Magic

cd /mnt
mkdir root
mount /dev/mapper/root root
mount /dev/sda1 root/boot
chroot root
mount -t proc proc /proc
mount -t sysfs sys /sys
mount -o bind /dev root/dev

Block Device & Filesystem Tables
```
nano /etc/crypttab
```
Open a second terminal
```
sudo blkid
```

Enter the following content to the crypttab file

root UUID= (find it from blkid) none luks
swap UUID= (find it from blkid) none luks,swap

Save and exit
Open the file /etc/fstab and check that it has the root and swap entries
Fix Hibernate and Update Init.
Open with nano /etc/initramfs-tools/conf.d/resume and make the following change
```
RESUME=/dev/mapper/swap
```
Run in terminal the following command
```
update-initramfs -u
exit
```

LUKS Header Backup. Open terminal and run the following commands

cryptsetup luksHeaderBackup /dev/sda2 --header-backup-file /root/root.img
cryptsetup luksHeaderBackup /dev/sda3 --header-backup-file /root/swap.img
exit

The above guide was based on this

11,062

oshirowanen

Updated on September 18, 2022

Comments

oshirowanen over 1 year

I have Windows 10 installed on my laptop and I want to install Ubuntu 14.04 in encrypted form so I can boot into a non encrypted Windows 10 or an encrypted Ubuntu 14.04.

I have booted into the laptop using an Ubuntu 14.04 live cd and this is what the current partitions look like:

If I then start the Ubuntu 14.04 installation and select "something else" from the partition screen, I get this:

What do I need to do to the unused space in order to install Ubuntu 14.04 in encrypted form?

I have read many existing questions, but find them very confusing.
- bain over 8 years
  
  Do you just want to encrypt the home directories? If so, go ahead and install and check the option when it appears.
Paddy Landau over 7 years

I am puzzled. It seems to me that you are setting sda2 and sda3 to root and swap respectively, but surely that would overwrite the OP's Windows partitions? And even before then, you suggest creating a new partition table — surely that will delete all existing partitions, thereby destroying the existing Windows partitions, even the Windows recovery partition? Unless I am totally confused, your suggestion will destroy the OP's Windows setup, which is exactly the opposite of what was wanted.
cure over 7 years

The guide is meant to be generic so that it can be used in most of the cases with some alterations. You are correct, sda2 and sda3 should be replaced with the newly created partitions and of course no need to create a partition table, since one already exists.
Lilás over 7 years

encrypt home folder will only encrypt the home folder, what if you want to protect /tmp ? /lib ? /usr/lib ? ...
David Foerster over 5 years

-1 for broken Chroot magic.