Archives For Disk Encryption

This is an easy to follow beginner’s guide shows how to encrypt the full file system while installing Ubuntu.

As you may know, it’s easy to hack against Ubuntu Linux physically. Though users can add password protect to the Grub boot menu, the file system is still accessible via a live system, e.g., bootable USB installer.

To prevent your Ubuntu from physical hacking ultimately, adding password protect to the full system disk can be the best choice. And you can do it during installing Ubuntu.

Important: If you forget the password, all data will be lost! No way to reset forgotten password.

1.) Firstly, this tutorial is not a full Ubuntu installation guide. If you are not getting started, take a look at this step by step how to install guide.

2.) If you’re going to install Ubuntu as the ONLY operating system in the hard drive, just choose ‘Erase disk and install Ubuntu‘ when you’re at Installation type page.

Then click on ‘Advanced features’ to choose either LVM or ZFS and enable ‘Encrypt the new Ubuntu installation for security’.

3.) Mostly I’ll choose ‘Something else‘ to manually create partitions for Ubuntu file system.

Unlike Fedora and Manjaro, Ubuntu does not provide an ‘Encrypt‘ checkbox while creating an EXT4 partition. Instead you need to create a partition use as ‘physical volume for encryption’.

a.) Simply choose the free space and click on ‘+‘ icon on partition table. In the pop-up Create partition dialog do:

DO LEAVE 500 MB free space for /boot partition, and a few GB for Swap area if need.
  • Set the size for Ubuntu file system. 20 GB at least. For long time use, as large as possible.
  • Select use as ‘physical volume for encryption‘.
  • Set your password and confirm, and finally click OK.

b.) After clicking OK, wait for a few seconds. A new device ‘/dev/mapper/sdaX_crypt‘ will be created as EXT4 file system.

Highlight it, and click on ‘Change‘ button. In the pop-up dialog, set the mount point as /.

c.) Same to Fedora, you have to create a separated /boot partition, as it can not be encrypted.

To do so, select the free space and click “+” to create:

  • 500 MB should be enough. 1 GB will be better.
  • use as ‘Ext4 journaling file system’
  • mount point /boot

d.) Also create 250 MB ‘EFI System Partition‘ for UEFI boot machine, or 2 MB ‘Reserved BIOS boot area‘ for legacy BIOS boot machine. For small RAM, a swap area is also recommended.

Finally the partition table will look like:

Finally click on “Install Now” button. And confirm on pop-up dialog.

Once you successfully installed Ubuntu, restart and you’ll get into the password prompt when booting Ubuntu (see the top picture). As well, accessing the file system from any other OS need the password you set.

This simple tutorial shows how to install VeraCrypt and create encrypted hard drive, USB stick in Ubuntu 20.04, Ubuntu 18.04, Linux Mint 20, Ubuntu 20.10.

VeraCrypt is a free and open-source disk encryption software based on TrueCrypt 7.1a. It works on Linux, Windows, and Mac OS.

With VeraCrypt, you can:

  • Creates a virtual encrypted disk within a file and mounts it as a real disk.
  • Encrypts an entire partition or storage device such as USB flash drive or hard drive.
  • Encrypts a partition or drive where Windows is installed.

How to Install VeraCrypt in Ubuntu via PPA:

The software offers official 64-bit .deb binaries for all current Ubuntu releases.

For arm64, armhf, ppc64el packages, there’s an unofficial PPA maintained by the administrator of “XUbuntu Developers” team.

1.) To add the PPA, open terminal from system application launcher and run command:

sudo add-apt-repository ppa:unit193/encryption

2.) Then refresh system package cache and install the encryption software via commands:

sudo apt update

sudo apt install veracrypt

How to Create an Encrypted Disk via VeraCrypt:

Once installed the software, open it from system application launcher. Then click on the “Create Volume” button to start creating an encrypted disk.

Then either select “Create an encrypted file container” for a virtual encrypted disk within a file, or “Create a volume within a partition/drive” to encrypt non-system partition, external hard drive, or entire USB stick.

Then follow the setup wizard to choose volume type, encryption algorithm, volume password, file system type, and finally click “Format”.

When everything’s done, mount the volume and you’ll be able to access it via Nautilus file browser.

For more, read the official Documentation.

Uninstall:

To remove VeraCrypt, simply run command in terminal:

sudo apt remove --autoremove veracrypt

To remove the Ubuntu PPA, run command:

sudo add-apt-repository --remove ppa:unit193/encryption