Ubiquity, Ubuntu Desktop‘s graphical installation program, is very easy to use, very newbie friendly, but it lacks support for full disk encryption, LVM, the Linux Logical Volume Manager, and RAID. On a desktop system, I do not care very much about RAID, but full disk encryption and LVM are must-haves.
Well, it looks like from Ubuntu 12.10, due in late October, Ubiquity will have support for full disk encryption and LVM. The test build that I installed in a virtual machine shows that the implementation is still in the early stages, but it also shows how easy it will be to configure both features when the final release hits the digital shelves.
The following screen shots show the options in the installer and the default configuration. The test system already had the alpha version of Ubuntu 12.10 on it, so if you choose the first option, LVM and disk encryption are not available.
They are only available if you opt to erase the disk and install Ubuntu standalone.
When LVM is selected, the system creates three partitions by default: A primary partition (sda1) mounted at /boot of about 228 MB in size; an extended partition initialized for use by LVM (this is the Physical Volume), with two logical volumes created under it. The logical volumes are for root and Swap. So unlike the default setup in Fedora, there is no separate logical volume for /home.
If the LVM and disk encryption options are both selected, you will have to specify a security key or passphrase that will be used to encrypt and decrypt the disk. Currently, the installer does not check the strength of the security key, even allowing you to set a 1-character security key. That is obviously not good, but I expect that to be rectified before the final version is released.
With disk encryption configured, you get this screen on each reboot.
And this just shows the disk layout as seen from the disk management utility. Selecting LVM and disk encryption creates an encrypted LVM volume, because the Physical Volume is encrypted. Note that LVM and disk encryption have not been implemented in the Advanced Partitioning Tool. But that, too, should be in place by late October.
unfortunately, even after stable release, installing ubuntu 12.10 alongside another OS does not allow you the option to have an encrypted LVM. Nor can you achieve the same result by the manual partition tool.
You can have encrypted LVM with the automated partitioning method. It’s the manual method that’s not been implemented.
NO. You can only have LVM if you choose to use the full disk. You cannot have LVM if you have dualboot or manual partitioning. Ubuntu developers chose to favor the desktop CD even with half the features missing. I curse them everyday for this.
Partially true. You can use LVM with automated dual-boot, not manual dual-boot. It just requires a bit more effort on your part. I’ll post a tutorial on dual-booting with Windows 7 and/or 8 with LVM and FDE later this week.
did you actually post your dual-boot full disk encryption tutorial somewhere? it would really help me…
On one HDD, that will not be possible with Ubuntu’s installer, because it does not have support for disk encryption when creating partitions manually.
However, you could use Truecrypt to encrypt both ends. Perhaps http://www.linuxbsdos.com/2013/02/23/dual-boot-fedora-18-and-windows-7-on-a-single-hdd-with-fde-on-both-ends/ could give you pointers.
not true. luckily! i managed to find this: https://answers.launchpad.net/ubuntu/+source/ubiquity/+question/216356 and it works great.
it’s not LVM, so the only drawback at the moment is, that you can’t make yourself a swap partition and you can’t separate /home from /.
Good article, exactly what I was looking to know and glad that the Ubuntu devs have made it so easy.
@Abhishek: I don’t think he needs to explain the benefits of disk encryption, this is a blog article about how to use it which implies you might already know something about it, and if not there’s a wealth of information elsewhere that’s very easy to find.
Thanks for the detailed article. It could have better if you mentioned or provided link to explain the benefits of full disk encryption.