Manual full disk encryption setup guide for Ubuntu 13.10 & Linux Mint 16

This tutorial presents a step-by-step guide on how to configure full disk encryption manually on Ubuntu 13.10 and Linux Mint 16. It will also work for any other Ubuntu-based distribution, like Linux Deepin.

The point of setting up encrypted partitions manually is so that you can create more than the two default partitions (root and swap) created by Ubiquity, Ubuntu’s graphical installation program, when the automated disk partitioning mode is used and the LVM and disk encryption options are selected. And also to be able to do that when attempting to set up a dual-boot system between, say, Ubuntu or Linux Mint and Windows 7 or Windows 8. The automated partitioning mode does allow using LVM and disk encryption when setting up a dual-boot system.

The problem is that even the manual step doesn’t work as well as it is supposed to, as you’ll see later in this tutorial.

Before we start, let’s take a look at the default partitions and logical volumes that the installer creates when LVM and disk encryption are selected. This screen shot, which was taken from a test installation of Netrunner, shows those partitions and logical volumes. You can see that the first partition – /dev/sda1, mounted at /boot, is a standard partition. The second partition – /dev/sda5, is a logical partition. It is that logical partition that the installer uses to create the LVM Physical Volume. Under that Physical Volume, the installer then created the encrypted Logical Volumes for LVM. You can see the Logical Volumes listed at the top section of the image.
Default LVM partitions Ubuntu

Related Post:  How to install and configure Adobe Flash Player 10.3 on Fedora 15

For this tutorial, we are going to create a separate encrypted partition for /home. It is not absolutely necessary, but it’s always nice to have /home in a separate partition. This screen shot just shows the installation requirements for Ubuntu 13.10. You can see that the recommended disk space (for Ubuntu 13.10) is 5.9 GB. The actual disk space used by a fresh installation of this edition of Ubuntu is 3.2 GB. That should give you an idea of how much disk space to allocate to the root partition.
Ubuntu install requirements

That ends the introduction. Let’s get to the real thing. The test system used for this was a guest OS in a virtual environment, and 100 GB of disk space was allocated to it. The goal is to create manual partitions, with a standard partition mounted at /boot and three encrypted partitions, one each for root, home and Swap. Note that because of the manner the graphical installer works, LVM cannot be configured manually. So this tutorial has nothing to do with LVM, just full disk encryption. It creates a minor inconvenience that we’ll see later in this tutorial.

Ok, boot the computer from the installation media that I’m sure you have created by now and start the installer. Click until you get to the “Installation type” step. Since we want to create our partitions manually, the option to select is Something else.
Automated partition methods Ubuntu

Related Post:  Manual disk partitioning guide for BackTrack 5 R2 GNOME

Selecting Something else and clicking Continue should take you to the installer’s Advanced Partitioning Tool’s window.
Ubuntu something else option

This is the Advanced Partitioning Tool’s window. On a system with existing partitions, there should a listing of those partitions here. If that’s the case with your system, delete them. If you have another OS that you wish to dual-boot with Ubuntu or Linux Mint, then make sure that you have free space sufficient for installing either distribution. Since the system I used has a brand new disk, it is first necessary to create a partition table before partitions can be created from it. To do that, select the disk as shown and click on the New Partition Table button.
Partition new hard disk drive linux

Now that a partition table has been created, select the free space and click on the + button. That should open the partition creation window.
Create new partition table ubuntu linux

And this is what that window looks like. For a standalone installation, the most important options to change here, are Size, Use as, and Mount point.
Create partitions ubuntu

For the first partition, which will be for the boot partition, I chose to use the same value for Size and “Use as” that is assigned to it by the automated installer. And the “Mount point” is, of course, /boot. OK.
Create boot partition ubuntu

Back to the main window, select the free space, then click on the + button to create the next partition.
ubuntu advanced partition tool


Share on facebook
Share on twitter
Share on pinterest
Share on linkedin

Hola! Did you notice that no longer run network ads?  Yep, no more ads from the usual suspects that track and annoy you across the Internet. But since I still need to pay to keep the site running, feel free to make a small donation by PayPal or your favorite cryptocurrency.

  • Bitcoin
  • Ethereum
  • Xrp
  • Bitcoin cash
  • Bitcoin sv
  • Litecoin
  • Binance coin
  • Cardano
  • Ethereum classic
Scan to Donate Bitcoin to bc1qzvlte2m224zkayhdc7fdfjkp2rsgt0l5a496ua

Donate Bitcoin to this address

Scan the QR code or copy the address below into your wallet to send some Bitcoin

Scan to Donate Ethereum to 0x0F4362DFF77F3Ba0Dc637F5f3Eba35D09a2fA60C

Donate Ethereum to this address

Scan the QR code or copy the address below into your wallet to send some Ethereum

Scan to Donate Xrp to r4ggjvL36njsMCYTkJ3S7cTHscPsMsSGQv

Donate Xrp to this address

Scan the QR code or copy the address below into your wallet to send some Xrp

Scan to Donate Bitcoin cash to qrs0dedzp9t55af3nfwypydghp29r0xguy9s20fz2k

Donate Bitcoin cash to this address

Scan the QR code or copy the address below into your wallet to send some Bitcoin cash

Scan to Donate Bitcoin sv to 15K9TLyVDBtLuG9cYvXCX9SSkq9C9oUKHK

Donate Bitcoin sv to this address

Scan the QR code or copy the address below into your wallet to send some Bitcoin sv

Scan to Donate Litecoin to LetJ9QQMb7u2LMZ9Tu6rtHwcBcQFW98fbG

Donate Litecoin to this address

Scan the QR code or copy the address below into your wallet to send some Litecoin

Scan to Donate Binance coin to bnb1ga8trq08ssqepd90v6225nzfgy448pu5pw8gxp

Donate Binance coin to this address

Scan the QR code or copy the address below into your wallet to send some Binance coin

Scan to Donate Cardano to addr1qx2354yw49etstfljpdhwja3ajjlt487lg95vu9ngy2q6vu4rf2ga2tjhqknlyzmwa9mrm997h20a7stgectxsg5p5esq5l7d9

Donate Cardano to this address

Scan the QR code or copy the address below into your wallet to send some Cardano

Scan to Donate Ethereum classic to 0xcD6CC972a2297FcafACDcfE042C55C69516a9264

Donate Ethereum classic to this address

Scan the QR code or copy the address below into your wallet to send some Ethereum classic

Subscribe for updates. Trust me, no spam!

Sponsored links

1. Attend Algorithm Conference, a top AI and ML event.
2. Reasons to use control panel for your server.
3. DHgate Computers Electronics, Cell Phones & more.

Upcoming events

19 Responses

  1. Also ran into the broken support for crypted disks when trying to install Gnome Ubuntu 14.04 next to Windows. Having to type my high entropy disk crypto passwords multiple times is not an acceptable option to me.

    So I used the steps below to get all my partitions into a single crypto container.


    Follow guide upto the point where you created 1 encrypted volume.
    Then push the back button to leave the partitioning tool.
    Goto the shell ([ctrl]+[alt]+F1) and execute the following commands

    Create LVM volume groups:
    # sudo -s
    # vgcreate gnome /dev/disk/by-id/dm-name-sda5_crypt
    # lvcreate -L 2G -n swap gnome
    # lvcreate -L 20G -n root gnome
    (next command assigns remaining space to home partition)
    # lvcreate -l 100%FREE -n home gnome
    # lvs

    Switch back to the installer([ctrl]+[alt]+F7)
    select “something else” again and “continue”.
    Once the tool is done rescanning you should now see the new devices(if not go back and forth again).

    Reconfigure the /boot partition as done earlier.
    Continue with the guide/installation, upto the point it asks for a reboot.

    DON’t reboot yet.

    Switch back to the console.

    Create crypttab:
    # blkid /dev/sda5
    # echo ‘sda5_crypt UUID=(uuid from prev cmd without quotes) none luks’ > /target/etc/crypttab

    Regenerate initramfs and grub config
    # mount -t proc proc /target/proc/
    # mount –rbind /sys sys/
    # mount –rbind /dev /target/dev/
    # chroot /target
    # update-initramfs -u
    # update-grub2
    # exit

    Now reboot, and you should be able to boot into you’re newly installed Ubuntu.
    (note: if booting hangs with a black screen, press [esc])

    1. Hey

      when i type: vgcreate gnome /dev/disk/by-id/dm-name-sda5_crypt i get an error.
      The error is: please enter a physical volume path.
      I need to encrypt my whole computer (dualboot win+ubuntu) and dont want to type in my encryption password for ubuntu 2 or 3 times…
      I use ubuntu mate 14.10
      I hope its possible with ubuntu mate.
      I cant find an article about it.

      1. Have you verified that sda5_crypt is the device name of your unlocked crypto container?
        # dmsetup table
        sda5_crypt: 0 512989948 crypt aes-xts-plain64 00000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000 0 8:5 4096

        The steps above are written for my setup. Other setups(eg. Distro/Distro version/partition setup) might use other names and numbers. I’m sure that with the man pages and some googleing you will figure out how to get this working for your setup.

        1. Thanks!

          Now its working. But now i have another problem…
          The command: mount –rbind /sys sys/ gets an error.
          The error is: mount: mount point sys/ does not exist.
          I hope you can help me with this problem too.
          Sorry for the questions. 🙂

          1. The solution might be something as simple as creating the directory yourself. If /target exists, try creating /sys under it with:

            mkdir /target/sys

            Then retry the original mount command. Just a guess, but nothing breaks if it doesn’t work.

    2. Thank you David – your instruction helped me to properly encrypt my disk with three partitions! Linux Lite 3.4.

    3. David, you are a life saver! Tried this procedure with Mint 20.1 and, a few ajustments (device names, etc.), it worked like a charm.

      Thanks a lot.



  2. thank you for this post!
    just to make the boot faster, is there a way to type the encryption password just once? (even for the prize of having the same password for all separate partitions)

    1. support for good LVM and disk encryption setup in the current installer is not that good, so, no, that’s not possible at this time.

      Note that in this situation, having the same password for all partitions is ok.

  3. These steps no longer work under 14.04. I’ll list some details below. Can you provide any guidance on how to do a similar setup with 14.04?

    I’ve been building similar test systems under 13.10 for months now, and they have all booted sucessfully. However, with 14.04 I’ve found that none of the systems will boot. I’ve built the systems the exact way I have before (identical to these instructions). When booting, I never get as far as being prompted for a pass-phrase. I get the initramfs prompt after the boot sequence times out. One thing I’ve noticed, is that dm_crypt is missing under the module list that I pull from initramfs.

    1. I just installed 2 systems using the same instructions, minus the /home partition. Both booted successfully. One is in a virtual environment (250 GB storage) and the other is on real hardware (320 HDD). Will publish a tutorial using screenshots from one of them in a few hours.

  4. Thanks for this – surely someone cleverer than I could describe how to use initramfs (or similar) so that the passphrase only has to be entered once?

    1. But Swap also has to be encrypted. Otherwise you are not really getting full disk encryption.

      I don’t even consider that a bug. That’s the installer just telling you to encrypt the Swap partition.

Leave a Reply

Your email address will not be published. Required fields are marked *

Get the latest

On social media
Via my newsletter

Partner links

1. Attend Algorithm Conference, a top AI and ML event for 2021.
2. Reasons to use control panel for your server.
3. DHgate Computers Electronics, Cell Phones & more.
Hacking, pentesting distributions

Linux Distributions for Hacking

Experts use these Linux distributions for hacking, digital forensics, and pentesting.


The authors of these books are confirmed to speak during

Algorithm Conference

T-minus AI

Author was the first chairperson of AI for the U.S. Air Force.

The case for killer robots

Author is the Director of the Center for Natural and Artificial Intelligence.

Why greatness cannot be planned

Author works on AI safety as a Senior Research Scientist at Uber AI Labs.