![\"\"](\"https:\/\/ubuntuhandbook.org\/wp-content\/uploads\/2020\/06\/ubuntu-icon.png\"){kind=icon}
<\/p>\n<\/p>\n
This is an easy to follow beginner’s guide shows how to encrypt the full file system while installing Ubuntu.<\/p>\n
As you may know, it’s easy to hack against Ubuntu Linux physically. Though users can add password protect to the Grub boot menu, the file system is still accessible via a live system, e.g., bootable USB installer. <\/p>\n
To prevent your Ubuntu from physical hacking ultimately, adding password protect to the full system disk can be the best choice. And you can do it during installing Ubuntu.<\/p>\n
1.)<\/b> Firstly, this tutorial is not a full Ubuntu installation guide. If you are not getting started, take a look at this step by step how to install guide<\/a>.<\/p>\n 2.)<\/b> If you’re going to install Ubuntu as the ONLY operating system in the hard drive<\/i>, just choose ‘Erase disk and install Ubuntu<\/b><\/i>‘ when you’re at Installation type<\/b> page.<\/p>\n Then click on ‘Advanced features’ to choose either LVM or ZFS and enable ‘Encrypt the new Ubuntu installation for security’.<\/p>\n 3.)<\/b> Mostly I’ll choose ‘Something else<\/i>‘ to manually create partitions for Ubuntu file system.<\/p>\n Unlike Fedora and Manjaro, Ubuntu does not provide an ‘Encrypt<\/i>‘ checkbox while creating an EXT4 partition. Instead you need to create a partition use as ‘physical volume for encryption’.<\/p>\n a.)<\/b> Simply choose the free space and click on ‘+<\/b>‘ icon on partition table. In the pop-up Create partition<\/i> dialog do:<\/p>\n b.)<\/b> After clicking OK, wait for a few seconds. A new device ‘\/dev\/mapper\/sdaX_crypt<\/b>‘ will be created as EXT4 file system.<\/p>\n Highlight it, and click on ‘Change<\/i>‘ button. In the pop-up dialog, set the mount point as \/<\/b>.<\/p>\n c.)<\/b> Same to Fedora, you have to create a separated \/boot<\/b> partition, as it can not be encrypted.<\/p>\n To do so, select the free space and click “+” to create:<\/p>\n d.)<\/b> Also create 250 MB ‘EFI System Partition<\/b>‘ for UEFI boot machine, or 2 MB ‘Reserved BIOS boot area<\/b>‘ for legacy BIOS boot machine. For small RAM, a swap area is also recommended.<\/p>\n Finally the partition table will look like:<\/p>\n Finally click on “Install Now<\/b>” button. And confirm on pop-up dialog.<\/p>\n![\"\"](\"https:\/\/ubuntuhandbook.org\/wp-content\/uploads\/2021\/06\/ubuntu-boot-password.jpg\")
<\/a><\/p>\n<\/i>Important: If you forget the password, all data will be lost! No way to reset forgotten password.<\/div><\/div>\n<\/a><\/p>\n<\/i>DO LEAVE 500 MB free space for \/boot partition, and a few GB for Swap area if need.<\/div><\/div>\n\n
<\/a><\/p>\n<\/a><\/p>\n\n
<\/a><\/p>\n<\/a><\/p>\n