How to setup disk-encryption with Ubuntu?

linux ubuntu encryption disk-encryption

7,636

Solution 1

I just did this last week. It is really easy if you're not dual booting or anything. I went with all default settings, and my hibernate/suspend work properly with my LUKS

If you don't mind reinstalling the OS, then it's super easy from the alternate install CD. You'll have to download the alternate install CD for whatever architecture (i386 or amd64, e.g. 32 bit or 64 bit) you want to install.

BEGIN ASIDE

If you haven't already, make sure you do so because you're about to wipe your hard drive completely. Obviously you will want to back up your home folder and all other important data! And if you want a handy list of programs you had installed, you can run the command

dpkg --get-selections

If you want to output it to a file in your home folder, you can run

dpkg --get-selections > ~/filename

Where filename is the name of your text file. I usually call it "installed packages 20090901" or something like that. Then make sure you include that in your backup. When you restore it'll be easy to reinstall all your previously installed packages, especially if you're not changing versions. Use this command:

 dpkg --set-selections < ~/filename

END ASIDE

Anyway, here's an easy method to get full disk encryption with LUKS using the alternate install CD:

Download the alternate install ISO for your architecture.
Burn the alternate CD and boot from it.
Choose the first menu item, "install Ubuntu" and you will enter the text-based installer. It's not too different from the graphical installer - you will be prompted to give your time zone data, language/keyboard settings, etc.
When it comes to the part where you need to set up your partitions, you can choose the option "use entire disk with encrypted LVM" and then go with a passphrase.
Continue installing, setting user names, hostname, etc.
After you install the system and restart, the boot screen will prompt for a passphrase to decrypt.
Enter the correct passphrase and your system will boot normally with very little performance cost.

I have been intentionally vague with this answer because I think it's very important to understand exactly what you're aiming for, why, and how you're going to accomplish your goal if you're going to be doing full disk encryption. If you need something different (keyfile instead of passphrase, dual boot, customized partitions, etc.), we can discuss that, too.

Solution 2

Ubuntu offers something potentially more convenient than home-partition encryption: per-user home directory encryption. You have the option during a normal install to set up an encrypted home directory for each user, which is decrypted upon login.

7,636

Mnementh

My name is Jörgen Kosche. I'm a programmer using mostly Java.

Updated on September 17, 2022

Comments

Mnementh almost 2 years

I'm interested how you can setup disk-encryption for Ubuntu, with as few hassle as possible.
- quack quixote over 14 years
  
  there are a lot of options. what are your goals in setting this up?
- Admin almost 14 years
  
  Have a look at Full disk encryption with Ubuntu (9.04 Jaunty or newer), LVM and LUKS.
Mnementh almost 15 years

Yeah, that sounds fine, I will try it out. Can I not use entire disk, but only home-partition for encryption? Anyways, if this option isn't existent, I'm fine with the encryption of the full disk.
Shane almost 15 years

You can - it's a different option on the alternate install CD. I think it comes up as an option immediately after you set up your partitions.
snap almost 13 years

Just an update: I was setting up a new laptop and wanted to install Ubuntu with full disk encryption using LUKS. I found the detailed tutorial here very helpful. The tutorial is for 10.10 (lucid) but it is exactly the same for 11.04 (maverick) and 11.10 (natty) and thus still valid.