How to Encrypt Full System Disk While Installing Ubuntu 20.04, 21.04

June 11, 2021 — 4 Comments

This is an easy to follow beginner’s guide shows how to encrypt the full file system while installing Ubuntu.

As you may know, it’s easy to hack against Ubuntu Linux physically. Though users can add password protect to the Grub boot menu, the file system is still accessible via a live system, e.g., bootable USB installer.

To prevent your Ubuntu from physical hacking ultimately, adding password protect to the full system disk can be the best choice. And you can do it during installing Ubuntu.

Important: If you forget the password, all data will be lost! No way to reset forgotten password.

1.) Firstly, this tutorial is not a full Ubuntu installation guide. If you are not getting started, take a look at this step by step how to install guide.

2.) If you’re going to install Ubuntu as the ONLY operating system in the hard drive, just choose ‘Erase disk and install Ubuntu‘ when you’re at Installation type page.

Then click on ‘Advanced features’ to choose either LVM or ZFS and enable ‘Encrypt the new Ubuntu installation for security’.

3.) Mostly I’ll choose ‘Something else‘ to manually create partitions for Ubuntu file system.

Unlike Fedora and Manjaro, Ubuntu does not provide an ‘Encrypt‘ checkbox while creating an EXT4 partition. Instead you need to create a partition use as ‘physical volume for encryption’.

a.) Simply choose the free space and click on ‘+‘ icon on partition table. In the pop-up Create partition dialog do:

DO LEAVE 500 MB free space for /boot partition, and a few GB for Swap area if need.
  • Set the size for Ubuntu file system. 20 GB at least. For long time use, as large as possible.
  • Select use as ‘physical volume for encryption‘.
  • Set your password and confirm, and finally click OK.

b.) After clicking OK, wait for a few seconds. A new device ‘/dev/mapper/sdaX_crypt‘ will be created as EXT4 file system.

Highlight it, and click on ‘Change‘ button. In the pop-up dialog, set the mount point as /.

c.) Same to Fedora, you have to create a separated /boot partition, as it can not be encrypted.

To do so, select the free space and click “+” to create:

  • 500 MB should be enough. 1 GB will be better.
  • use as ‘Ext4 journaling file system’
  • mount point /boot

d.) Also create 250 MB ‘EFI System Partition‘ for UEFI boot machine, or 2 MB ‘Reserved BIOS boot area‘ for legacy BIOS boot machine. For small RAM, a swap area is also recommended.

Finally the partition table will look like:

Finally click on “Install Now” button. And confirm on pop-up dialog.

Once you successfully installed Ubuntu, restart and you’ll get into the password prompt when booting Ubuntu (see the top picture). As well, accessing the file system from any other OS need the password you set.

Twitter

I'm a freelance blogger who started using Ubuntu in 2007 and wishes to share my experiences and some useful tips with Ubuntu beginners and lovers. Please notify me if you find any typo/grammar/language mistakes. English is not my native language. Contact me via [email protected]

4 responses to How to Encrypt Full System Disk While Installing Ubuntu 20.04, 21.04

  1. Is it still possible to access the Ubuntu Server 20.04.2 via SSH when the hard disk is encrypted?

  2. The problem I see with this is the swap partition is not encrypted. I was under the impression that the more recent versions of Ubuntu used a swap file instead of a partition thereby avoiding the exposure of an unencrypted swap partition.

  3. Hello Ji m, Im sorry, do you think this will work with a Dual Boot having Windows as the other SO, im knda worry that if I try this, my windows partition will be lost but I need to have Ubuntu encrypted

Leave a Reply

Text formatting is available via select HTML.

<a href="" title=""> <abbr title=""> <acronym title=""> <b> <blockquote cite=""> <cite> <code> <del datetime=""> <em> <i> <q cite=""> <s> <strike> <strong> 

*

This site uses Akismet to reduce spam. Learn how your comment data is processed.