Partner links

How to install Ubuntu 11.04 on an encrypted LVM file system

unlock2

How much space from the VG should be allocated to the root LV? Ubuntu 11.04 installer recommends 4.4 GB, but a new installation uses up about 3 GB, so 5 GB should be more than enough. Remember that you just need to allocate enough to install the system. If necessary, you can always grow the LV. Enter.
uLVM36

The recommended name for the LV that will be used as Swap is “swap.” Enter.
uLVM38

And the recommended size is 2 GB or 2000 MB. Enter.
uLVM38

For the /home LV, the recommended name is “home.” Enter.
uLVM39

For this tutorial, 10 GB is good enough. Enter.
uLVM40

All the LVs are configured. Scroll to “Finish.” Enter.
uLVM41

These are the partitions and LVs that we just created. The final task is to assign a mount point and file system to the LVs. Select any of the LVs as shown in the image, then press Enter.
uLVM42

The default file system for non-boot partitions on Ubuntu 11.04 is ext4. Best to use the default for all the LVs. For the “home” LV, the mount point is /home, for “root”, it is /. for “swap,” just select “swap.” No mount point.
uLVM43

This is what the window for the home LV should look like when you are down with it. The one for root should be just about the same. Scroll to “Done setting up the partition.” Enter.
uLVM44

Finally! Double-check your work, scroll to “Finish partitioning and write changes to disk.” Enter. Finish the installation, and reboot.
uLVM45

At every reboot, the passphrase must be specified before the computer will boot successfully. After six (6) unsuccessful attempts, …
unlock

The system will drop you to a basic shell. If you can figure out how to boot the system, bypassing the passphrase, let us know. Note: You can set as many as eight (8) disk encryption passphrases. How to manage disk encryption passphrases and key slots tells you how.
unlock1

You can have quality articles like this delivered automatically to your Feed Reader or Inbox by subscribing via RSS or email. This website now has a Question and Answer section. Use the commenting system for simple comments, but for more involved assistance, please use the Q & A section.

Share:

Facebook
Twitter
Pinterest
LinkedIn

Partner links

Newsletter: Subscribe for updates

Subscribe
Notify of
guest
32 Comments
Inline Feedbacks
View all comments
dc
dc
8 years ago

“Note this is not a graphical installer…”
Ummm, yes, yes it is. You are using a “TUI”, a Textual UI. It is still “graphical” in the sense that the user chooses from a set menu of items and is guided through the process.

passing guest
passing guest
10 years ago

Could you please explain the passage:

“You might be tempted to select “Physical volume for encryption,” but the correct option is “Physical volume for LVM.”

why is that ?

passing guest
passing guest
Reply to  finid
10 years ago

Okay, I read all three pages.
Maybe I’m dumb, but I don’t see how that makes a difference.

As far as I understand, if I follow the instructions, it will be

LVM partition -> encrypted volume -> LVM volumes

However, if I specify the free space as physical volume for encryption, and THEN create an LVM on top of dev_sda#_crypt (the crypto volume that results from using free space as physical volume for encryption), wouldn’t it be like that:

encrypted volume -> LVM -> LVM Volumes

That is, essentially, the same ?

P.S.:
Just tried both in Lubuntu 12.04, and in both cases the LVM seems to end up on sda#_crypt…
… but if I follow the tutorial to the letter, it is sda5_crypt for some reason, however, if I specify the free space as physical volume for encryption, and then specify the resultant sda#_crypt as place for LVM, the cryptovolume gets named sda2_crypt.

No other difference seems to be present…

passing-guest
passing-guest
Reply to  finid
10 years ago

So, not to be an obtrusive nosy person (I am obsessive, not obtrusive! ^_~), what are the benefits of “encryption -over- LVM” as opposed to “LVM -over- encrypted volume” ?

Am I missing something big and obvious ?

Croatia accommodation
Croatia accommodation
10 years ago

Can you tell us more about this? I’d like to find out
some additional information.

George
George
12 years ago

Hi, excellent tutorial!
Can someone also confirm, that – if I understand this correctly – once the partition is encrypted, there’s no need to encrypt the home folder too?

George
George
Reply to  finid
12 years ago

Thank you. So the only security hole with an encrypted LVM installation is that /boot is installed (& is unprotected) on the local drive. Any ideas (or a guide maybe) on how to properly install /boot on a USB thumb with encrypted LVM on the internal HDD?

I tried setting the USB drive as the /boot while partitioning, set the bootable flag, tried to set filesystem to ext4, tried it with ext2 also, but whatever I do, after start up I get dumped to grub rescue (unknown filesystem). Obviously, BIOS is set to boot first from USB. At the rescue prompt I get
set
prefix=(hd0,msdos1)/grub
root=hd0,msdos1
ls
(hd0) (hd0,msdos1) (hd1) (hd1,msdos1)

Now it seems, that grub is trying to load root also from the USB thumb, whereas the LVM is installed on hd1,msdos1.

(As a side note, why is it called ‘msdos’ – thought I got rid of Windows for good several years ago.)

Any ideas on how to do this properly?

George
George
Reply to  finid
12 years ago

Yes, let’s, as I’m quite determined to get this to work. Through e-mail this might be easier though, can you contact me @ geophey@mailcatch.com (don’t worry, it’s a disposable address) or directly to my registered one (if you can see it)?

George
George
Reply to  finid
12 years ago

Well, I tried, and fedora works effortlessly, and with a GUI install. I haven’t found a way in Ubuntu yet.

Arruda
12 years ago

Hi there, great tutorial.
I’ve followed it like it says, but instead used the language “Portuguese From Brazil” to install.
And when I get to the login in gnome, it doesn’t work the login.
It just get blank, and apparently won’t start gnome.(it show at the start a the update window, and other options, but they are all with strange unicode data, it show symbols instead of special characters).
When I loged in as root(from grub) and got to the /home/user folder it shows also the folders with this symbols instead of the regular characters.

Is this a known bug for encrypting the hole OS or could it be because I’m running in a VM?(using virtual box).

Thanks, and sorry for the bad english

Arruda
Reply to  finid
12 years ago

Yeah, it’s that.
I instaled the en-us version and no errors at all.
Can I just ask you guy one more question?
My gf is trying a dual boot (xp and ubuntu) but wanted a file partition that is accessible from both OS.
In the installation she divided the home in half and made a new FAT32, but in the mount point we got a little trouble… in the end she let the mount point as /windows.
Is this the right way to do so?

Thanks for the fast answer

Arruda
Reply to  finid
12 years ago

I see, but that is the point, she’s excited with encryption and wanted to use this tutorial and do a dual-boot all together.

Ruth Cheesley
12 years ago

Thanks for the clear and consise tutorial, most helpful. There were a couple of screens which were not featured but I was able to guess that bit! Just waiting for it to install now! 🙂

Random
Random
12 years ago

great howto, thanks

Dan
Dan
12 years ago

Wow, very nice tutorial finid. It worked pretty flawlessly for Kubuntu 11.10 b2, though the alternative install CD evidently must actually be burned to physical CD, as USB live install couldn’t seem to get past the fact that I was installing to my HDD. Thanks again!

Nei
Nei
12 years ago

If i want create a logical volumen with two physical volumes i need to create two passwords. Is posible create an group volumen before encrypt ?

I’m sorry for my english. Thanks !

Clicksights
12 years ago

Very nice tuto!
To bad that the current installation procces is already a bit different. I installed using your walk through several laptops last 2 weeks, and suprise, the new alternative cd i burned this week is different from the one from the week before, takes a few extra steps to compleet.
Most importent, if installed on the end it asks if grub can be written on the disk, if i use a usb stick, it will write it automatically on the usb stick?!?!
So i burned a new cd, problem solved.
Also in the new installer there are 2 or 3 more screens where you have to say yes to writing the lv and the partitions on disk.

thanks for the tuto!
helped to make my life easier!

Jim
Jim
12 years ago

Can you do this on an external drive and dual boot with Windows 7?

Get the latest

On social media

Security distros

Hacker
Linux distros for hacking and pentesting

Crypto mining OS

Bitcoin
Distros for mining bitcoin and other cryptocurrencies

Crypto hardware

MSI GeForce GTX 1070
Installing Nvidia GTX 1070 GPU drivers on Ubuntu

Disk guide

LVM
Beginner's guide to disks & disk partitions in Linux

Bash guide

Bash shell terminal
How to set the PATH variable in Bash
Categories
Archives
32
0
Hya, what do you think? Please comment.x
()
x