How-To


Ubuntu drive encryption with LVM / LUKS for your laptop

This was written for me so I wouldn’t have to search the internet for it everytime.  This is a quick install version as I have done it a few times already but just like to make sure I’m doing it right.  If you are looking for more detailed steps then visit Google or http://oei.yungchin.nl/2008/04/23/installing-ubuntu-804-with-full-disk-encryption/ which is where I got this.  Thanks Yungchin!

Yungchin’s writeup is for 8.04, but I have used it for 9.10 also.

Use alternate cd.
The easy way is to use the “Setup encrypted LVM” which uses the entire disk.  But if you plan on dual booting with windows or using snapshots, manual partitioning will have to do.

Start with a plain /boot partition as usual.
If you want any free space for a windows partition or something then do it now.

Then choose “physical volume for encryption”.  use the standard dm-crypt settings as they are fine.  Use the rest of the disk. Finish

Now go to “Configure encrypted volumes” at the top. This will commit the changes and erase partition.  This may take a while.

Enter passphrase

Encrypted volume” should show up as a new disk. There’s one partition inside it, marked #1, which we’ll use as “Physical volume for LVM”. Back in the main menu, again a new option appears at the top – “Configure the logical volume manager“.

Create a LVM Group, I use vg1, but any name is fine

Then Create Logical volumes.  Here is where you would use your normal partitioning scheme.  I name the volumes as I would the mount points but again whatever you want.
I use sysvol, swap, home, shared.
Leave some free space for snapshots.  5G is more than enough but it’s what I use.
Finish.

Now we need to configure the actual file systems just as you would normally do.
sysvol is / with ext3, swap is swap, home is /home, shared is /shared all ext3.

Finish partitioning and continue.

Later if you want to create LVM snapshots then see this guide here: http://tldp.org/HOWTO/LVM-HOWTO/snapshots_backup.html