How to install Ubuntu 11.04 on an encrypted LVM file system

unlock2

With the LVM partition created, we now want to specify that the partition is to be encrypted. So, scroll up to “Configure encrypted volumes.” Enter.
uLVM25

The default is what we want. Enter.
uLVM24

The installer is not a very smart one. It should have detected that there is just one LVM partition, but it did not, so you will have to tell it what partition to encrypt. The obvious choice is the LVM partition. Enter.
uLVM27

We are done telling the installer what partition to encrypt. Scroll to “Done setting up the partition.” Enter. The installer will return you to the window before the one above. Unless you have another disk to encrypt, select Finish on that window.
uLVM28

The installer is requesting the passphrase that will be used to encrypt the PV. Good security practice demands that the passphrase you specify here should not be the same as that of any user account on the system.
unlock2

Related Post:  2 productivity-boosting extensions for GNOME 3

Ok, the PV has been encrypted, the passphrase specified. The next two tasks are to create the VG, the Volume Group, and then the LVs or Logical Volumes. Scroll up to “Configure the Logical Volume Manager.” Enter.
uLVM29

The information on this window shows that nothing has been done yet. As the VG and LVs are created, those zeros will change to higher numbers. If “Create volume group” is not selected, please do. Enter.
uLVM30

Creating a VG is as simple as giving it a name. The name could be anything that suites you. The shorter the better. Enter.
uLVM31

The device that will be added to the VG is the PV you created earlier. Again, if the installer were smart, it should have detected that there is only one PV configured. In any case, select it. Enter.
uLVM32

You see, the numbers are changing. Now we can start creating the LVs. As recommended at the beginning of this tutorial, three LVs will be configured. These are for /, the root directory, Swap, disk space that may be used as virtual memory, and /home. So, scroll to “Create logical volume.” Enter. Note: You will have to repeat this step and the next three for every LV you configure.
uLVM33

Related Post:  How to dual-boot Linux Mint 17 and Windows 8 on a PC with UEFI firmware

This is the VG that the LV will be configured under. Enter.
uLVM34

The first LV configured will be for /, and the recommended name is root. Makes it a lot easier when the names match the mount points. Note: You can configure the LVs in any order. You do not have to create root first. Enter.
uLVM35

Share:

Share on facebook
Facebook
Share on twitter
Twitter
Share on pinterest
Pinterest
Share on linkedin
LinkedIn

Hola! Did you notice that LinuxBSDos.com no longer run network ads?  Yep, no more ads from the usual suspects that track and annoy you across the Internet. But since I still need to pay to keep the site running, feel free to make a small donation by PayPal or your favorite cryptocurrency.

  • Bitcoin
  • Ethereum
  • Xrp
  • Bitcoin cash
  • Bitcoin sv
  • Litecoin
  • Binance coin
  • Cardano
  • Ethereum classic
Scan to Donate Bitcoin to bc1qzvlte2m224zkayhdc7fdfjkp2rsgt0l5a496ua

Donate Bitcoin to this address

Scan the QR code or copy the address below into your wallet to send some Bitcoin

Scan to Donate Ethereum to 0x0F4362DFF77F3Ba0Dc637F5f3Eba35D09a2fA60C

Donate Ethereum to this address

Scan the QR code or copy the address below into your wallet to send some Ethereum

Scan to Donate Xrp to r4ggjvL36njsMCYTkJ3S7cTHscPsMsSGQv

Donate Xrp to this address

Scan the QR code or copy the address below into your wallet to send some Xrp

Scan to Donate Bitcoin cash to qrs0dedzp9t55af3nfwypydghp29r0xguy9s20fz2k

Donate Bitcoin cash to this address

Scan the QR code or copy the address below into your wallet to send some Bitcoin cash

Scan to Donate Bitcoin sv to 15K9TLyVDBtLuG9cYvXCX9SSkq9C9oUKHK

Donate Bitcoin sv to this address

Scan the QR code or copy the address below into your wallet to send some Bitcoin sv

Scan to Donate Litecoin to LetJ9QQMb7u2LMZ9Tu6rtHwcBcQFW98fbG

Donate Litecoin to this address

Scan the QR code or copy the address below into your wallet to send some Litecoin

Scan to Donate Binance coin to bnb1ga8trq08ssqepd90v6225nzfgy448pu5pw8gxp

Donate Binance coin to this address

Scan the QR code or copy the address below into your wallet to send some Binance coin

Scan to Donate Cardano to addr1qx2354yw49etstfljpdhwja3ajjlt487lg95vu9ngy2q6vu4rf2ga2tjhqknlyzmwa9mrm997h20a7stgectxsg5p5esq5l7d9

Donate Cardano to this address

Scan the QR code or copy the address below into your wallet to send some Cardano

Scan to Donate Ethereum classic to 0xcD6CC972a2297FcafACDcfE042C55C69516a9264

Donate Ethereum classic to this address

Scan the QR code or copy the address below into your wallet to send some Ethereum classic

Subscribe for updates. Trust me, no spam!

Sponsored links

1. Attend Algorithm Conference, a top AI and ML event.
2. Reasons to use control panel for your server.
3. DHgate Computers Electronics, Cell Phones & more.
4. Axo Finans.

Upcoming events

32 Responses

  1. “Note this is not a graphical installer…”
    Ummm, yes, yes it is. You are using a “TUI”, a Textual UI. It is still “graphical” in the sense that the user chooses from a set menu of items and is guided through the process.

  2. Could you please explain the passage:

    “You might be tempted to select “Physical volume for encryption,” but the correct option is “Physical volume for LVM.”

    why is that ?

      1. Okay, I read all three pages.
        Maybe I’m dumb, but I don’t see how that makes a difference.

        As far as I understand, if I follow the instructions, it will be

        LVM partition -> encrypted volume -> LVM volumes

        However, if I specify the free space as physical volume for encryption, and THEN create an LVM on top of dev_sda#_crypt (the crypto volume that results from using free space as physical volume for encryption), wouldn’t it be like that:

        encrypted volume -> LVM -> LVM Volumes

        That is, essentially, the same ?

        P.S.:
        Just tried both in Lubuntu 12.04, and in both cases the LVM seems to end up on sda#_crypt…
        … but if I follow the tutorial to the letter, it is sda5_crypt for some reason, however, if I specify the free space as physical volume for encryption, and then specify the resultant sda#_crypt as place for LVM, the cryptovolume gets named sda2_crypt.

        No other difference seems to be present…

      2. So, not to be an obtrusive nosy person (I am obsessive, not obtrusive! ^_~), what are the benefits of “encryption -over- LVM” as opposed to “LVM -over- encrypted volume” ?

        Am I missing something big and obvious ?

        1. I think this is a case where the installer offers two different options that essentially do the same thing. No matter which one you select, the end result seems to be the same. Don’t sweat the small stuff, though it’s always good to get these things clarified.

  3. Hi, excellent tutorial!
    Can someone also confirm, that – if I understand this correctly – once the partition is encrypted, there’s no need to encrypt the home folder too?

    1. In a single-user system, encrypting /home after the disk has been encrypted does not really offer any meaningful security protection.

      You can, however, encrypt specific files and folders within your home directory. With that, you may then hide certain docs, so that if another person happens upon your computer when you are logged in and not around, the hidden files will remain inaccessible. But if you have the screenlock activated when you are logged in and not around, you wouldn’t have to worry too much about that.

      1. Thank you. So the only security hole with an encrypted LVM installation is that /boot is installed (& is unprotected) on the local drive. Any ideas (or a guide maybe) on how to properly install /boot on a USB thumb with encrypted LVM on the internal HDD?

        I tried setting the USB drive as the /boot while partitioning, set the bootable flag, tried to set filesystem to ext4, tried it with ext2 also, but whatever I do, after start up I get dumped to grub rescue (unknown filesystem). Obviously, BIOS is set to boot first from USB. At the rescue prompt I get
        set
        prefix=(hd0,msdos1)/grub
        root=hd0,msdos1
        ls
        (hd0) (hd0,msdos1) (hd1) (hd1,msdos1)

        Now it seems, that grub is trying to load root also from the USB thumb, whereas the LVM is installed on hd1,msdos1.

        (As a side note, why is it called ‘msdos’ – thought I got rid of Windows for good several years ago.)

        Any ideas on how to do this properly?

        1. You are obviously more paranoid (security conscious) than I am, which, btw, is a good thing, but “unprotected” /boot on the local drive is not such a big deal. I don’t think you can have it any other way, and I have not come across any case where a computer with an encrypted disk was compromised via /boot.

          There have been very recent cases in courts where defendants are being forced to surrender their encryption passphrases because persecutors could not decrypt the drive.

          Since you have /boot on a stick, the main system on the local drive, and the system is still trying to load main from the stick, you can edit GRUB to point main to the correct partition on the local drive.

          Just to be sure, hd0 is the local drive, and hd1, the USB stick, so “LVM is installed on hd1,msdos1” should not be a correct statement. Right?

          Since this is not something I have attempted before, I am not in a position to offer more practical advice on this, but it is an opportunity to try it myself. Let’s work on this together and see how we can make it work.

          1. Yes, let’s, as I’m quite determined to get this to work. Through e-mail this might be easier though, can you contact me @ geophey@mailcatch.com (don’t worry, it’s a disposable address) or directly to my registered one (if you can see it)?

          2. Well, I tried, and fedora works effortlessly, and with a GUI install. I haven’t found a way in Ubuntu yet.

          3. Trying to get this done with Ubuntu’s installer is a pain in the neck. Canonical needs to work on Ubuntu’s graphical installer and the ncurses installer. They should take a break from trying to redefine the desktop and work to improve the installers.

  4. Hi there, great tutorial.
    I’ve followed it like it says, but instead used the language “Portuguese From Brazil” to install.
    And when I get to the login in gnome, it doesn’t work the login.
    It just get blank, and apparently won’t start gnome.(it show at the start a the update window, and other options, but they are all with strange unicode data, it show symbols instead of special characters).
    When I loged in as root(from grub) and got to the /home/user folder it shows also the folders with this symbols instead of the regular characters.

    Is this a known bug for encrypting the hole OS or could it be because I’m running in a VM?(using virtual box).

    Thanks, and sorry for the bad english

      1. Yeah, it’s that.
        I instaled the en-us version and no errors at all.
        Can I just ask you guy one more question?
        My gf is trying a dual boot (xp and ubuntu) but wanted a file partition that is accessible from both OS.
        In the installation she divided the home in half and made a new FAT32, but in the mount point we got a little trouble… in the end she let the mount point as /windows.
        Is this the right way to do so?

        Thanks for the fast answer

        1. The best and easiest thing to do is dual-boot as normal. Then you can read and write to the Windows side from Linux. This tutorial should help.

          You do not have to do anything fancy.

          1. I see, but that is the point, she’s excited with encryption and wanted to use this tutorial and do a dual-boot all together.

  5. Thanks for the clear and consise tutorial, most helpful. There were a couple of screens which were not featured but I was able to guess that bit! Just waiting for it to install now! 🙂

  6. Wow, very nice tutorial finid. It worked pretty flawlessly for Kubuntu 11.10 b2, though the alternative install CD evidently must actually be burned to physical CD, as USB live install couldn’t seem to get past the fact that I was installing to my HDD. Thanks again!

  7. If i want create a logical volumen with two physical volumes i need to create two passwords. Is posible create an group volumen before encrypt ?

    I’m sorry for my english. Thanks !

    1. I’ve not investigated that use case, but if you refer to the image 3, counting from the top, on page 2 of the article, you are given the option to select one or more PVs to encrypt. I’m not sure about this, but I think if you have 2 PVs, the installer might allow you to specify just one password.

      Have you tried it?

  8. Very nice tuto!
    To bad that the current installation procces is already a bit different. I installed using your walk through several laptops last 2 weeks, and suprise, the new alternative cd i burned this week is different from the one from the week before, takes a few extra steps to compleet.
    Most importent, if installed on the end it asks if grub can be written on the disk, if i use a usb stick, it will write it automatically on the usb stick?!?!
    So i burned a new cd, problem solved.
    Also in the new installer there are 2 or 3 more screens where you have to say yes to writing the lv and the partitions on disk.

    thanks for the tuto!
    helped to make my life easier!

Leave a Reply

Your email address will not be published. Required fields are marked *

Get the latest

On social media
Via my newsletter

Partner links

1. Attend Algorithm Conference, a top AI and ML event for 2021.
2. Reasons to use control panel for your server.
3. DHgate Computers Electronics, Cell Phones & more.
4. Axo Finans.
Hacking, pentesting distributions

Linux Distributions for Hacking

Experts use these Linux distributions for hacking, digital forensics, and pentesting.

Categories
Archives

The authors of these books are confirmed to speak during

Algorithm Conference

T-minus AI

Author was the first chairperson of AI for the U.S. Air Force.

The case for killer robots

Author is the Director of the Center for Natural and Artificial Intelligence.

Why greatness cannot be planned

Author works on AI safety as a Senior Research Scientist at Uber AI Labs.