I've previously only used the graphical installer for Ubuntu with the simple automated partitioning scheme with disk encryption, however I would like to be able to have encrypted hibernation -> this requires manual partitioning with the LVM to encrypt the swap partition as far as I've understood. So that at minimum I would need initially most likely a /boot partition, and a second partition which is encrypted by LUKS format. Then, I need to LUKS open that second partition, and create physical volume, VG, and LVs on top of that. I need to have LVs for linux swap and root partition at minimum.
I've only used gparted and the graphical installer for making partitions in unencrypted virtual machines thus far. This makes it a bit confusing for a relative Ubuntu beginner to transition into using the full disk encryption with LVM partitioning (logical volume management)
I would like to first test things out on a virtual machine to see if this is doable in practice before attempting it maybe on my spare laptop.
My goals are as follows
- use LVM and LUKS must be able to hibernate encrypted so needs the encrypted swap partition
- must be full disk encryption as much as possible
- I'm going to use latest version of Ubuntu 21.10 Desktop 64bit
- should use LUKS 2
- have partitions ideally for (I guess logical volumes)
- /
- /boot
- /var
- /tmp
- swap 64GB (twice the RAM)
- /home
- SSD was 500GB I think (I will reinstall to that laptop), everything to be installed on one disk
My research so far. I've only been able to find scattered blog posts after two days of googling about how to actually do the terminal commands about installing the LUKS encryption for FDE with LVM. I found this one written Ubuntu guide which seems thorough with step-by-step instructions for an older version of Ubuntu.
However I'm not sure if this guide is still up-to-date can somebody verify that is it applicable to encrypted hibernation, and LUKS 2, and Ubuntu 21.10 and will in fact work? I also got stuck on that guide where I'm unable to progress with this part of the guide.
This has to be done before the installer reaches the Install Bootloader stage at the end of the installation process.
I got completely stuck on the part. The terminal command did not execute and there was seemingly a syntax error with the "; do sleep 1;" part of the command, though I'm pretty sure I wrote it out as described. I ran out of time during the installer progress to fix the issue so I was stuck on a bad install where the graphical installer actually failed and crashed at the end because of it. I could not copy paste those commands from the guide into the virtualmachine guest Ubuntu because during live CD installation the shared clipboard cannot be even used and Virtualbox Guest additions CD cannot be mounted during live CD installation of the Ubuntu os. I'm really pulling my hair out at this point.
Enable Encrypted GRUB
As soon as you have completed those forms switch to the Terminal to configure GRUB. These commands wait until the installer has created the GRUB directories and then adds a drop-in file telling GRUB to use an encrypted file-system. The command will not return to the shell prompt until the target directory has been created by the installer. In most cases that will have been done before this command is executed so it should instantly return:
while [ ! -d /target/etc/default/grub.d ]; do sleep 1; done; echo "GRUB_ENABLE_CRYPTODISK=y" > /target/etc/default/grub.d/local.cfg
This has to be done before the installer reaches the Install Bootloader stage at the end of the installation process.
https://help.ubuntu.com/community/Full_Disk_Encryption_Howto_2019
https://www.linux.com/training-tutorials/how-full-encrypt-your-linux-system-lvm-luks/
https://youtu.be/VC2eloJCZ8s?list=PLC5eRS3MXpp-TETPMx541VsnJrNhsCiax&t=2
https://youtu.be/etDKTIGVId0?list=PLC5eRS3MXpp-TETPMx541VsnJrNhsCiax&t=7
