installing ubuntu with full disk encryption including encrpyted boot on i-USB Pendrive ii-A regular HDD

installation boot usb hard-drive encryption
15,638

Solution 1

It's extremely useful to have an "on-the-go" Ubuntu running on USB with full disk encryption. Imagine you can boot up on almost every computer with your USB, and work in your own personalized environment anywhere, without carrying a notebook. I managed to install Ubuntu 16.04 in a USB HDD this way:

  1. Download the latest Ubuntu installer.

  2. Make a bootable pendrive. I use LiLi on Windows and dd command on Linux. You can google it.

  3. Boot up from Ubuntu pendrive. The Ubuntu installer detects the internal HDD and offers to install Ubuntu and keep the other OS, or make a clean install, optionally with encryption. However, this window only shows the internal HDD. If you want to install to USB, you have to select the "Other" option. But it is really hard to setup an encrypted install manually.

  4. I did the following: take out my internal HDD from my notebook, and boot up Ubuntu installer again. If the USB drive is connected, but the internal HDD is taken out, the installer will display the USB drive as primary drive and offers to make a clear install with encryption. You can also choose to overwrite your disk before install if you want.

  5. Start the installation with your preferred options. Same as usual from now on.

I tested my USB Ubuntu on 5 different computer from old to "new" and it works like a charm. No problem with drivers, not a single error or question window when I boot up on a different PC.

Solution 2

It can be incredibly beneficial to encrypt everything but your bootloader; obviously, your bootloader must remain cleartext. One answer here suggests to use the alternate installer to encrypt almost everything, but include unencrypted content on the internal hdd. This invites an "Evil Maid" attack: during a period when your computer is physically insecure an attacker may modify passphrase collection to store/send your key.

I have found the best approach makes use of special GRUB features for FDE, with GRUB installed on a USB. Detailed instructions here and here may be found for Archlinux, but the processes are easy to adapt and combine for your purposes.

Share:
15,638

Related videos on Youtube

SecureDigital
Author by

SecureDigital

Updated on September 18, 2022

Comments

  • SecureDigital
    SecureDigital over 1 year

    Hi how to install Ubuntu 12.04+ with full disk encryption including encrypted boot partition : a- to a USB drive ie. 16GB or 32GB b- to a HDD

    • jobin
      jobin about 11 years
      May I know why do you want to encrypt your boot directory, or even your / for that matter?
    • Eliah Kagan
      Eliah Kagan about 11 years
      @Jobin Plenty of people encrypt their home directories or their entire filesystem; this is hardly a niche case. Is this information really relevant to solving the problem? (If so, I recommend clarifying why--if not, I recommend deleting your comment and flagging mine as obsolete.)
    • jobin
      jobin about 11 years
      @EliahKagan: I am seriously not aware of any good effects encrypting your / directory can have. Encrypting your Home folder is absolutely fine, but why "/". Hope I am not rude here, please, with utmost sincerity I ask. I don't intend to turn away the attention of the asker, but let's make it clear.
    • Eliah Kagan
      Eliah Kagan about 11 years
      @Jobin One reason is that files outside your home directory can still reveal sensitive information. Another reason is that it's considerably harder for someone with physical access to a machine with / and /boot encrypted to modify the system maliciously. Like I said, this is not a niche situation, plenty of people do this. You may want to post a new question asking why it may make sense to encrypt / and /boot. But it's really irrelevant to the goal of answering this one particular question.
    • jobin
      jobin about 11 years
      Ok fine. That was nice of you. I'll post it sometime later, though even I really don't feel the need to post this as a question.
  • Alaa Ali
    Alaa Ali almost 11 years
    Welcome to Ask Ubuntu TheHelper! While providing a link is okay, it's better to include the essential parts of the steps taken in that link, or at least a brief explanation of what is happening, in case the link dies. I'm talking about the last link (step 7, which is the essential part of the answer), since the previous steps are well documented elsewhere. If you find the same steps mentioned elsewhere in the site, link that instead.

Recents

Why Is PNG file with Drop Shadow in Flutter Web App Grainy?
How to troubleshoot crashes detected by Google Play Store for Flutter app
Cupertino DateTime picker interfering with scroll behaviour
Why does awk -F work for most letters, but not for the letter "t"?
Flutter change focus color and icon color but not works
How to print and connect to printer using flutter desktop via usb?
Critical issues have been reported with the following SDK versions: com.google.android.gms:play-services-safetynet:17.0.0
Flutter Dart - get localized country name from country code
navigatorState is null when using pushNamed Navigation onGenerateRoutes of GetMaterialPage
Android Sdk manager not found- Flutter doctor error
Flutter Laravel Push Notification without using any third party like(firebase,onesignal..etc)
How to change the color of ElevatedButton when entering text in TextField

Related

Why can I not boot from the hard disk?
Make a bootable internal drive to install Ubuntu on current drive?
How to install ubuntu 14.04 on my Mac Pro 1,1 with a raw hard drive by a bootable USB stick
Installing Ubuntu from an external hard drive
USB MBR Damaged
Installing Ubuntu in a external hard drive and NOT placing GRUB of my C: hard drive
What traces are left after booting by usb?
How do I fix "Setup did not find any hard disk drives installed in your computer" error during Win XP Pro install?
Can't boot from USB to install Linux
How do I make a bootable partition on my hard drive for a fresh os install?