Dual Boot unencrypted Windows 10 + encrypted Ubuntu 14.04
If you want to perform a "full disk encryption" of your Ubuntu installation do the following:
- Boot live cd
- Open gparted
- Create 3 partitions:
- boot (ext2) - If you have Windows installed with UEFI, this can be skipped,
- root (ext4),
- swap (linux-swap)
- Apply changes
- Open terminal and sudo -i
-
Encrypt volumes root and swap
cryptsetup luksFormat --cipher aes-xts-plain --key-size 512 --hash sha512 --iter-time 2000 /dev/sdax
-
Name the encrypted volumes
cryptsetup luksOpen /dev/sda2 root cryptsetup luksOpen /dev/sda3 swap
-
Make an ext4 filesystem inside and a swap space
mkfs.ext4 /dev/mapper/root mkswap /dev/mapper/swap
- Proceed with OS installation
- Select Something else
- Set boot, root and swap partitions (Select each partition, press Change and set the appropriate values)
- Continue with installation. Press Install now.
- After installation is finished choose Continue testing
- Open terminal and sudo -i
-
Chroot Magic
cd /mnt mkdir root mount /dev/mapper/root root mount /dev/sda1 root/boot chroot root mount -t proc proc /proc mount -t sysfs sys /sys mount -o bind /dev root/dev
-
Block Device & Filesystem Tables
nano /etc/crypttab
-
Open a second terminal
sudo blkid
-
Enter the following content to the crypttab file
root UUID= (find it from blkid) none luks swap UUID= (find it from blkid) none luks,swap
- Save and exit
- Open the file /etc/fstab and check that it has the root and swap entries
- Fix Hibernate and Update Init.
-
Open with nano /etc/initramfs-tools/conf.d/resume and make the following change
RESUME=/dev/mapper/swap
-
Run in terminal the following command
update-initramfs -u exit
-
LUKS Header Backup. Open terminal and run the following commands
cryptsetup luksHeaderBackup /dev/sda2 --header-backup-file /root/root.img cryptsetup luksHeaderBackup /dev/sda3 --header-backup-file /root/swap.img exit
The above guide was based on this
Related videos on Youtube
oshirowanen
Updated on September 18, 2022Comments
-
oshirowanen over 1 year
I have Windows 10 installed on my laptop and I want to install Ubuntu 14.04 in encrypted form so I can boot into a non encrypted Windows 10 or an encrypted Ubuntu 14.04.
I have booted into the laptop using an Ubuntu 14.04 live cd and this is what the current partitions look like:
If I then start the Ubuntu 14.04 installation and select "something else" from the partition screen, I get this:
What do I need to do to the unused space in order to install Ubuntu 14.04 in encrypted form?
I have read many existing questions, but find them very confusing.
-
bain over 8 yearsDo you just want to encrypt the home directories? If so, go ahead and install and check the option when it appears.
-
-
Paddy Landau over 7 yearsI am puzzled. It seems to me that you are setting
sda2
andsda3
to root and swap respectively, but surely that would overwrite the OP's Windows partitions? And even before then, you suggest creating a new partition table — surely that will delete all existing partitions, thereby destroying the existing Windows partitions, even the Windows recovery partition? Unless I am totally confused, your suggestion will destroy the OP's Windows setup, which is exactly the opposite of what was wanted. -
cure over 7 yearsThe guide is meant to be generic so that it can be used in most of the cases with some alterations. You are correct, sda2 and sda3 should be replaced with the newly created partitions and of course no need to create a partition table, since one already exists.
-
Lilás over 7 yearsencrypt home folder will only encrypt the home folder, what if you want to protect /tmp ? /lib ? /usr/lib ? ...
-
David Foerster over 5 years-1 for broken Chroot magic.