This document belongs to Manual Full System Encryption (with Extras).
If you have followed the high-level overview, you have the following all set up and ready to go.
1.1. Passphrase and password
- A strong, memorable and easy-to-type system passphrase for encryption, one for each user (up to seven users) if necessary.
- A strong, not necessarily memorable, data passphrase, but only if you will keep your data on a partition or drive separate from your system.
- A strong, memorable and easy-to-type password for your Ubuntu account login.
- You have recorded these items somewhere away from your computer in a secure place.
1.2. Live DVD or Live USB
You have an Live DVD or Live USB ready in your preferred flavour (e.g. Ubuntu, Lubuntu, Mint, etc.). At the time of writing, only version 18.04 is supported.
See the software compatibility list. If you aren't using one of those distributions, but it is Ubuntu-based, there is a good chance that it will work.
These instructions will use the following example, which of course you must adjust to your specific requirements. Some of the comments repeat what has been described in previous pages, in case of misunderstanding.
1.3.1. Physical system
The example system has two physical drives, namely /dev/sda and /dev/sdb.
The naming convention depends partly on your computer's hardware, e.g. yours might be /dev/nvme0n1 and /dev/nvme0n2 (if you have two drives).
The following screenshot of gparted shows that the example's /dev/sda (first drive) has Windows.
Reserved for Windows
The ESP (EFI System Partition)
Reserved for Windows
A spare unpartitioned space of 35.59GB
The 35.59GB unallocated area is where the system partition will go.
In your case, be sure that you know:
- Where will your ESP (EFI System Partition) go?
- If the ESP already exists, leave it alone.
- If the ESP doesn't exist, you need spare space for it (recommended 550MiB (577MB), but as little as 100MB will work on most hardware).
- Where will your system partition go?
- The space must be contiguous.
The following screenshot shows that the example's /dev/sdb (second drive) is tiny, with just 5GB, which has been cleared. It is sufficient for the example's data (it's only an example, after all), so this is where the data partition will go.
In your case, be sure where you want to put your data partition, if you have decided to separate it from your system partition.
2. Naming conventions
2.1. Names of partitions and file systems
Unless you have a clear familiarity and good experience with LUKS and LVM, these instructions recommend that you use the naming conventions exactly as given, and do not change the case (i.e. do not change upper case to lower case or vice versa).
Boot your computer using the Live DVD or Live USB. To do this, insert the DVD or USB and restart your computer. It should boot into Ubuntu, and you will see the following (ugly) screen.
Press Enter (Try Ubuntu without installing).
Wait for Ubuntu to boot (it will take a minute or more, depending on the speed of your system and whether you used a Live DVD or a Live USB).
3.1. Check your keyboard
If your keyboard is incorrectly set, you will find that when you use the text editor or the terminal, the wrong characters might be typed. For example, the default keyboard is English (US), but I use an English (UK) keyboard; this means that when I type a quotation mark, I get the at-sign (@) instead.
Press the cog-wheel at the very top-right corner and select System Settings…
Select Text Entry.
- If you are not using the highlighted keyboard, change it as follows.
Press the "+" button at the bottom of the window.
Select the required keyboard and press Add.
Now select the wrong keyboard so that it is highlighted, and press the "-" button at the bottom of the window.
- Close the window.
If you chose the wrong keyboard, you will later find that typing in the terminal could give you the wrong results. If this happens to you, return here and choose a different keyboard.
3.2. Open these instructions
You will want to open these instructions in the browser so that you can cut-and-paste. To do so:
Press the Firefox logo to open the internet browser.
- Some distributions will have a different logo for the internet browser.
- Open these instructions in the browser.
4. Installation procedure
The installation has several stages.
Extra notes will be given for the optional paranoid mode.
Image thanks to GDJ.
4.2. The stages
Perform the following stages, in order.
- Create missing partitions as required for the installation.
- Set up the logical volume manager to hold the logical volumes (virtual partitions).
- The previous step will run the Ubuntu Installer, and here are the instructions for what to do.
- Fix the various bits that are left incomplete and broken by the Installer.
- Check that everything is in working order and finalise the installation.
Refer to the Troubleshooting guide if you have problems.