-----------------------------------------
Part 2: Encrypted Custom Installation-----------------------------------------
Step 1) Preparing the disk (deleting everything in your disk) with GParted:Ok, now the real thing.
Open your "Terminal" (it is something like the CMD/Powershell from Windows), it is located in the program list
Write this:
sudo gparted
"sudo" is the command to execute something as "administrator", and "gparted" is a software for managing disk partitions.
The idea is to
DELETE EVERYTHING in your HDD/SSD, you need to backup it, or you will lose all the data.
I'm repeating, you are going to delete EVERYTHING from your computer (Windows, photos, email stored on your computer, games, everything)Select each of the partition, and delete them manually, because we are going to create different partitions:
You will need to create the new partition yourself, so read the next:
-----------------------------------------
Step 2) Understanding partitions in Ubuntu:This will be complex for Windows users. Windows use one partition for the OS, and install there the Windows "System" folder, the Hibernation file and the pagefile.sys are created in the same directory, and the "\Users\Administrator" is also there. Everything is in the same partition.
GNU-Linux uses a different approach, we are going to have these:
- EFI partition (it is for GPT tables, instead of MBR; but I'm not explaining it here).
- Boot partition
- / (root) partition (it is like the "C://" from Windows)
- /swap partition (it is the pagefile.sys from Windows)
- /home partition (it is like the "Documents" from Windows)
This is an example of the partition used:
Partition / Example size / Format (additional notes)EFI partition, 1GB size, FAT32 (the recommended size is 256MB, but I just made it 1GB)
Boot partition, 2GB size, EXT4 (it could be 1GB and you will still have plenty space for new kernels, I used 2GB anyway).Swap partition, 16GB size, SWAP (this is your pagefile.sys, double of your RAM is the recommended size)
Root partition, 100GB size, EXT4 (this is your "program files" from Windows, the more software you install, the more space you need)
Home partition, the rest GB size, EXT4 (this is your "Documents" from Windows, the more pictures, videos, films, documents and files, the more space you need)This will work without encryption, but we want to encrypt, and we are going to hide our "swap", "root" and "home" partitions inside an "encrypted box" I'm going to explain in the next step. Our disk will looks like this:
[(EFI)(BOOT)(-----------------------------------ENCRYPTED BOX (Physical Volume)---------------------------------)]
-----------------------------------------
Step 3) Formating with GParted:In GParted, after you deleted all the partitions, create an:
EFI partition, 1GB size, FAT32
Boot partition, 2GB size, EXT4
and an EXT4 partition, taking all the rest of the disk space.
Take note of the name of the partitions, example, "sda3".Do not create the SWAP, ROOT or HOME, because we are going to create it in the terminal.
-----------------------------------------
Step 4) Creating encrypted volumes:I made this part with the help of this sources:
Site 1:
http://www.cim.mcgill.ca/~anqixu/blog/index.php/2018/06/20/install-18-04-on-encrypted-partitions-xps15-cuda/Site 2:
https://askubuntu.com/questions/293028/how-can-i-install-ubuntu-encrypted-with-luks-with-dual-boot/293029Launch the Terminal again (or reuse it):
We will format the "sda3" partition (again), and we open it with luks to be able to create the encrypted volume next.
sudo cryptsetup luksFormat /dev/sda3
sudo cryptsetup luksOpen /dev/sda3 xylber
Note: replace "sda3" for the name of your partition (Part 2 Step 3). Replace "xylber" for a custom name you choose.
In this guide, everything is named "xylber" for the sake of simplicity.
Optional: If you want to clean all the data of your HDD, making it (almost) impossible to recover with specialized forensic tools, then use this command:
sudo dd if=/dev/zero of=/dev/mapper/xylber bs=16M status=progress
It can take more than 3 hours in an HDD of 1TB.
Don't use it on a SSD!!!Read more about it here:
https://superuser.com/questions/1370584/erase-disk-before-sellingNow, we are creating the volume and "subvolumes" (Physical Volume, Volume Group, )
sudo pvcreate /dev/mapper/xylber
sudo vgcreate vgxylber /dev/mapper/xylber
You can rename the "vgxylber" to the name you want, there is no need to make it start with "vg", nor contain the same word than before.
Now we create the actual partitions for SWAP, ROOT and HOME. I'm using the example sizes (in
GREEN)
sudo lvcreate -n lvxylberswap -L 16g vgxylber
sudo lvcreate -n lvxylberroot -L 100g vgxylber
sudo lvcreate -n lvxylberhome -l 100%FREE vgxylber
We had created the three partitions. In my 500GB HDD: SWAP will have 16GB (I have 8GB RAM), Root have 100GB to install applications, and all the rest of the space is for documents (minus the 2GB of boot and 1GB of EFI).
-----------------------------------------
Step 5) Installing Ubuntu with the Manual assistant:Time to install Ubuntu with the included assistant. Complete all the info, don't install updates (you will download them later, when you actually boot), but install third party software.
Click on "SOMETHING ELSE", and you are going to be redirected to the partitions screen. It will looks
something like this:
You have to assign each partition a task, by double clicking their path in the list:
EFI partition, 1GB size, FAT32 > use as EFI
Boot partition, 2GB size, EXT4 > EXT4, Format, /boot (in the dropdown menu)
Swap partition, 16GB size, SWAP > Use as SWAP
Root partition, 100GB size, EXT4 > EXT4, Format, "
/" (in the dropdown menu)
Home partition, the rest GB size, EXT4 > EXT4, Format, /home
Device for Bootloader Installation: Choose the HDD, example:
/dev/sda HDD-Model 500GBPress
"INSTALL NOW", wait for the install (maybe 10/15 minutes), but
don't reboot when it finishes.-----------------------------------------
Step 6) Adding the encrypted partitions path to the kernel:You need the ID of the partition (called "UUID), run:
sudo blkid /dev/sda3
Remember to replace "sda3" for the name of your partition.
The Terminal will answer with a code, example:
/dev/sda3: UUID="550e8400-e29b-41d4-a716-446655440000"
Copy the code.
And we will mount the volumes. Replace "sda?" for the name of your "BOOT" partition, the 2GB partition of Ste3.
sudo mount /dev/mapper/vgxylber-lvxylberroot /mnt
sudo mount /dev/sda? /mnt/boot
sudo mount /dev/mapper/vgxylber-lvxylberhome /mnt
sudo mount --bind /dev /mnt/dev
sudo chroot /mnt
mount -t proc proc /proc
mount -t sysfs sys /sys
mount -t devpts devpts /dev/pts
We will create the /etc/crypttab file:
sudo nano /etc/crypttab
In this new file you need to add this lines:
# <target name> <source device> <key file> <options>
cryptroot UUID=550e8400-e29b-41d4-a716-446655440000 none luks,discard
Replace for your own code. Save the file.
Tip: you can write again "sudo nano /etc/crypttab" and reopen the file to check if the file was saved.
Finally
update-initramfs -k all -c
It is done unless you needed an special command to boot Ubuntu (do you remember the part1-step3?).
So, if you didn't need an special command, then, reboot, and done.
The next time you reboot Ubuntu, you will be asked your encryption password.If you needed an special command, then follow Step 7:
-----------------------------------------
Step 7) Adding a permanent kernel boot parameter:In this example we are going to add the pci=noaer command, but it will depend on what you used (if you needed):
sudo nano /etc/default/grub
You will fin a line which looks like this one:
GRUB_CMDLINE_LINUX_DEFAULT="quiet splash"
and add your command, example:
GRUB_CMDLINE_LINUX_DEFAULT="quiet splash pci=noaer"
save the file and execute on the Terminal:
sudo update-grub
Reboot,
the next time you reboot Ubuntu, you will be asked your encryption password.Enjoy===========THE END===========
It took me 5 hours to make this tutorial
Be free from the tirany of the closed sourced Windows!
Stay secure on your encrypted computer!
Be brave and follow it!
If I made a mistake, let me know!
This sites were of a lot of help to achieve what I achieved in this tutorial:
Site 1:
http://www.cim.mcgill.ca/~anqixu/blog/index.php/2018/06/20/install-18-04-on-encrypted-partitions-xps15-cuda/Site 2:
https://askubuntu.com/questions/293028/how-can-i-install-ubuntu-encrypted-with-luks-with-dual-boot/293029Site 3:
https://superuser.com/questions/1370584/erase-disk-before-sellingSite 4:
https://askubuntu.com/questions/19486/how-do-i-add-a-kernel-boot-parameter