This document belongs to Manual Full System Encryption (with Extras).

1. Definitions

drive

A storage medium that, for the purposes of this document, may be either a hard drive or an SSD. (There are other types of drives, e.g. DVD and virtual cloud drives, but we're not interested in them here.)

hard drive
A spinning disk that holds operating systems, programs, data and so forth.
SSD
A computer chip (solid state drive) that pretends to be a hard drive but is very much faster.
partition
a section of a drive that has been reserved for a specific use.
file system
A structure to store data (files) on a partition.

1.1. It's like this

johnny-automatic-transfer-cabinet.png

A drive is a large chest of drawers.

A partition is one drawer.

When you open the drawer (partition), if you don't have any sort of system, everything is just a messy scrambled jumbled pile of papers, and you can't organise anything.

But when you have a system (a file system), everything is tidy and organised.

You can then add files to your file system, and inside each file is one or more pieces of paper (data).

(Image with thanks to jonny_automatic)

1.2. Blank space

Imagine that the chest of drawers is missing a drawer. That part is empty and cannot take any files.

On a drive, it is possible to have a blank space that is missing a partition. That can happen when a partition hasn't been created in that space, or when an existing partition is deleted.

Depending on your starting point, part of this process might require you to delete a partition. This will leave a blank space that will be later filled in with a new partition (a new drawer).

1.3. More on file systems

A partition contains either no file system (which makes it useless until you add one), or it contains one file system. A partition cannot contain two or more file systems.

There are many different types of file systems. You might have come across the terms FAT and NTFS. USB sticks often use FAT32; Windows prefers NTFS; Ubuntu prefers ext4. Linux systems support a large range of file systems including those that Windows uses. DVDs, CDs and Blue Ray all have their own file systems, which can differ according to the type of content (e.g. a DVD can contain a program or a video, and they use different file systems).

File systems that we use in this process are as follows.

FAT32
An old system, required by EFI.
ext4
A modern, fast and reliable system preferred by some Linux distributions, including Ubuntu.
ext3

A system slightly older than ext4, used by Boot because Boot doesn't recognise ext4.

swap
A special file system used by hibernation including hybrid suspend. Also used by the operating system when it runs out of RAM (working memory).

There are also two special file systems that aren't usually thought of as file systems, because they add a layer of abstraction to provide extra functionality and flexibility.

LUKS
Used to encrypt the partitions.
LVM
Used for greater flexibility and extra features, and to allow a single passphrase instead of multiple ones when powering on your computer.

1.3.1. A special note for Windows users

There is an important thing to know about file names in Linux. While file systems that originated in Windows (FAT, NTFS) don't care whether a file name uses uppercase or lowercase letters, the file systems used by Linux do care.

So, in a typical Windows installation, a file called Cats and Dogs.txt is the very same file as cats and dogs.txt and CATS AND DOGS.TXT.

In Linux, however, they would be three different files.

So, whenever you enter file names, partition names and file system names, please ensure that you use the case given by these instructions. If the instructions say to create a file /etc/crypttab, but you create /etc/CryptTab, the changes won't work!

The same generally goes for the contents of those files. E.g., the file /etc/fstab includes a keyword swap, which must be in lowercase. Simply follow the case given in the instructions, and you won't go wrong.

2. For Windows users

If you come from Windows, it is vital to know the difference between a drive and a partition. This is because Windows unhelpfully conflates the two, and calls them by the same name (a "drive").

It is normal for modern Windows computers to have two drives, namely a C: drive and a D: drive. However, what you will most likely find is that there is just one physical hard drive, which is divided into several partitions. A typical layout is:

Partition

Purpose

Comments

File system

Name in Windows

Typical Linux name

1

Recovery

To recover Windows in case of catastrophic failure

NTFS

Hidden

/dev/sda1

2

ESP

Required to boot an EFI machine

FAT32

Hidden

/dev/sda2

3

Reserved

Holds Microsoft-specific system programs

unknown

Hidden

/dev/sda3

4

Windows

The Windows operating system

NTFS

C: drive

/dev/sda4

5

Data

A separate partition for data

NTFS

D: drive

/dev/sda5

So, you see, typically, the C: drive and the D: drive are not drives at all, but in fact are two partitions on the same drive. This is not always the case, of course, but every drive must be divided into partitions, or just a single partition. The C: drive is always a partition, not a drive.

If your computer actually comes with two drives (probably an SSD for the first drive, and a hard drive for the second drive), you might find that the setup looks like the following. Notice the only differences are for the Data partition, which is on the second drive on the first (and only) partition, and the Linux name, which is sdb1 instead of sda5.

  • First drive

Partition

Purpose

Comments

File system

Name in Windows

Typical Linux name

1

Recovery

To recover Windows in case of catastrophic failure

NTFS

Hidden

/dev/sda1

2

ESP

Required to boot an EFI machine

FAT32

Hidden

/dev/sda2

3

Reserved

Holds Microsoft-specific system programs

unknown

Hidden

/dev/sda3

4

Windows

The Windows operating system

NTFS

C: drive

/dev/sda4

  • Second drive

Partition

Purpose

Comments

File system

Name in Windows

Typical Linux name

1

Data

A separate partition for data

NTFS

D: drive

/dev/sdb1

2.1. Linux partition naming

Did you notice how Linux names the partitions?

/dev

/dev lists all devices (hence the name "dev").

/sda1

"sd" stands for "SCSI device", which is a historical term that you don't need to worry about. The important parts are the letter 'a' and the digit 1. The first drive that the computer finds is called 'a'; the second drive, 'b'; the third, 'c'; and so on. Each partition is given a number. The first partition on each drive is 1; the second partition, 2; the third, 3; and so on.

Hence the fourth partition on the first drive (C: or "Windows") is called 'a4', thus /dev/sda4.
The first partition on the second drive (D: or "Data") is called 'b1', thus /dev/sdb1.

3. Warning about old systems

tl;dr If you're a newbie and you have an old-style system (Windows 7 or earlier), full-system encryption is probably not for you.

MBR
Old systems (typically Windows 7 and earlier) usually — but not always — use an old style of partitioning called MBR. If you need to have more than four partitions, which this process requires if you have Windows, it becomes complicated.
GPT
Computers that come with Windows 8 and later use a new style of partitioning called GPT. These instructions assume that you have GPT; if you have MBR, you need to either know all about MBR partitioning or convert to GPT.

4. Does my drive use MBR or GPT?

4.1. Windows

If your computer came with Windows 8 or later, it has GPT.

Otherwise, read How to Check if a Disk Uses GPT or MBR, and Convert Between the Two.

4.2. Linux

  1. Open a terminal (press Ctrl+Alt+T).

  2. Enter the command:

    • sudo fdisk --list /dev/sda
    You'll be asked for your account password. Nothing will be displayed while you type it.
  3. In the output, if you see

    • Disklabel type: dos

    you have the old-style MBR. If you see

    • Disklabel type: gpt

    you have the new-style GPT.

5. Human-friendly names

The final thing that you need to know about partitions is human-friendly naming. Human-friendly naming helps when dealing with partitions and file systems.

drive
A drive cannot be given a friendly name.
partition

Every partition can be given a friendly name, and this process will instruct you accordingly. The friendly name is helpful when setting up or maintaining the system. This name is important and visible only in setting up and maintaining the system; it won't be used in your day-to-day work. MBR does not support this type of naming.

file system
In addition to a partition having a friendly name, a file system can also have a friendly name. It is helpful in maintenance. This process will instruct you accordingly.

Example: In Windows, if you right-click your C: drive (partition) and select Properties, you can name your C: drive. In fact, this names neither your drive nor the Windows partition, but instead the Windows NTFS file system!

In Windows, file system names are normally unimportant, because your "drives" are called C:, D: and so forth, and you have no choice in that.

But in Linux, you would identify the file system (which is what you really work with) by its friendly name. Some applications (such as Disks on Ubuntu) use the friendly name when mounting (making it available to you).

You can use a different name for your partition and file system. For example, you might name the C: drive partition "Windows 10" (because that is what it holds), and the C: drive file system "Chris" (because the system belongs to Chris).


ManualFullSystemEncryption/BasicsPartitioning (last edited 2017-04-04 08:49:46 by slickymaster)