This document belongs to Manual Full System Encryption (with Extras).

1. Ready…

If you have followed the high-level overview, you have the following all set up and ready to go.

1.1. Passphrase and password

You have:

  • A strong, memorable and easy-to-type system passphrase for encryption
  • A strong, not necessarily memorable, data passphrase, only if you will keep your data separate from your system

  • A strong, memorable and easy-to-type password for your Ubuntu account login

In addition:

  • You have recorded these two or three items somewhere away from your computer in a secure place.

1.2. Live DVD or Live USB

You have an Ubuntu Live DVD or Live USB ready.

If you have chosen a different distribution (e.g. Mint), you will be aware that these instructions are untested with it, although Lubuntu and Xubuntu are expected to work well.

1.3. Space

These instructions will use the following example, which of course you must adjust to your specific requirements. Some of the comments repeat what has been described in previous pages, in case of misunderstanding.

1.3.1. Physical system

The example system has two physical drives, namely /dev/sda and /dev/sdb.

However, If you have only one drive, it will almost certainly be /dev/sda.

1.3.2. Partitioning

The following screenshot of gparted shows that the example's /dev/sda (first drive) has Windows.

Partition

Purpose

1

Reserved for Windows

2

The ESP (EFI System Partition)

3

Windows

4

Reserved for Windows

unallocated

A spare unpartitioned space of 35.59GB

The 35.59GB unallocated area is where the system partition will go.

In your case, be sure that you know:

  • Where will your ESP (EFI System Partition) go?
    • If the ESP already exists, leave it alone.
    • If the ESP doesn't exist, you need spare space for it (recommended 577MB (550MiB), but as little as 100MB will work on most hardware).
  • Where will your system partition go?
    • The space must be contiguous.

gparted-sda-before.png

The following screenshot shows that the example's /dev/sdb (second drive) is tiny, with just 5GB, which has been cleared. It is sufficient for the example's data (it's only an example, after all), so this is where the data partition will go.

In your case, be sure where you want to put your data partition, if you have decided to separate it from your system partition.

gparted-sdb-before.png

2. Naming conventions

2.1. Protection against cut-and-paste

You will most likely do a lot of cut-and-paste from these instructions to the CLI (the terminal). These instructions use the above example, but your system might well have different details (e.g. /dev/sda6 instead of /dev/sdb1).

This means that for every cut-and-paste, it is crucial to ensure that you correct the details as required. Failing to do so means that you could delete or overwrite a critical partition.

In order to try to prevent this from happening, whenever these instructions give you a command for the terminal, sda and sdb will be replaced with sdA and sdB. (Linux names are case-sensitive, so sda is not the same as sdA.) This will remind you to replace the names of the drive or partition with your specific computer's requirements.

If you forget to make the change, the command will merely return an error instead of overwriting valuable data!

For clarity, here are the examples in these instructions with their replacements.

Name

Replacement in CLI

Purpose in the examples

/dev/sda

/dev/sdA

The primary drive where the ESP and system partition go

/dev/sda2

/dev/sdA2

The ESP

/dev/sda5

/dev/sdA5

The system partition

/dev/sdb

/dev/sdB

The second drive where the data partition goes

/dev/sdb1

/dev/sdB1

The data partition

This upper case change applies only to the terminal, where you might cut-and-paste commands. It does not apply to examples displayed through screenshots and notes.

2.2. Names of partitions and file systems

Unless you have a clear familiarity and good experience with LUKS and LVM, these instructions recommend that you use the naming conventions exactly as given, and do not change the case (i.e. do not change upper case to lower case or vice versa).

3. Set…

Boot your computer using the Live DVD or Live USB. To do this, insert the DVD or USB and restart your computer. It should boot into Ubuntu, and you will see the following (ugly) screen.

InitialBootEFI.png

Press Enter (Try Ubuntu without installing).

Wait for Ubuntu to boot (it will take a minute or more, depending on the speed of your system and whether you used a Live DVD or a Live USB).

3.1. Check your keyboard

If your keyboard is incorrectly set, you will find that when you use the text editor or the terminal, the wrong characters might be typed. For example, the default keyboard is English (US), but I use an English (UK) keyboard; this means that when I type a quotation mark, I get the at-sign (@) instead.

  1. Press the cog-wheel at the very top-right corner and select System Settings…

  2. Select Text Entry.

  3. If you are not using the highlighted keyboard, change it as follows.
    1. Press the "+" button at the bottom of the window.

    2. Select the required keyboard and press Add.

    3. Now select the wrong keyboard so that it is highlighted, and press the "-" button at the bottom of the window.

  4. Close the window.

If you chose the wrong keyboard, you will later find that typing in the terminal could give you the wrong results. If this happens to you, return here and choose a different keyboard.

3.2. Open these instructions

You will want to open these instructions in the browser so that you can cut-and-paste. To do so:

  • Press the Firefox logo to open the browser.
    Firefox-logo.png

  • Open these instructions in the browser.

4. Installation procedure

4.1. Description

The installation has several stages.

Mentally-Deranged-Smiley-Face-Silhouette.png

Extra notes will be given for the optional paranoid mode.

  • Image thanks to GDJ.

4.2. The stages

Perform the following stages, in order.

  1. Partition, format and encrypt

    • Create missing partitions, and format and encrypt them as required for the installation.
  2. Set up LVM

    • Set up the logical volume manager to hold the logical volumes (virtual partitions).
  3. Install Ubuntu

    • Run the Ubuntu Installer, telling it what to do.
  4. Fix broken pieces

    • Fix the various bits that are left incomplete and broken by the Installer.
  5. Set up boot

    • Fix the boot partition, including the EFI, so that the computer can start up and you can select Ubuntu or any other preinstalled system.
  6. Check and finalise

    • Check that everything is in working order and finalise the installation.

5. Troubleshooting

Refer to the Troubleshooting guide if you have problems.


ManualFullSystemEncryption/DetailedProcess (last edited 2017-04-04 09:11:06 by slickymaster)