This document belongs to Manual Full System Encryption (with Extras): Detailed Process.
1. Customised Ubuntu Installation
Close any open windows — except maybe this one so that you can read the instructions.
Start the Ubuntu installer.
Fill in the prompts as follows.
- Choose your language and press Continue.
1.2. Download options
- Check box "Download updates while installing Ubuntu" (this saves time), unless you cannot yet connect to the Internet.
- Check box "Install third-party software…" (unless you have a moral objection to proprietary software).
1.3. Installation type
Select "Something else" and press Continue.
1.4. Installation type (continued)
This section is a little bit complicated. Follow the instructions carefully.
1.4.1. Select the ESP partition
Do you remember which partition holds the ESP (as determined in the partition preparation? Scroll down the table to that partition. It will have the device name (e.g. /dev/sda2) with other details in the remaining columns.
Highlight the line by pressing it.
Press the "Change…" button.
In the mini window, set "Use as" to "EFI System Partition" (if not already set).
1.4.2. Select the remaining partitions
Repeat the process for each of the device names in the following table, filling in the details as in the following table.
In all cases, do not select the "Format" checkbox.
- The sizes shown in the table below will most likely differ on your system.
Do the last line (for data-home) only if you have a separate data partition.
Line to highlight
What to fill in after pressing Change…
/dev/mapper/system-swap swap 4294MB …
Use as: swap area
/dev/mapper/system-boot ext3 536MB …
Use as: ext3 journaling file system
/dev/mapper/system-root ext4 25000MB …
Use as: ext4 journaling file system
/dev/mapper/data-home ext4 25000MB …
Use as: ext4 journaling file system
1.4.3. Select the bootloader
Under "Select the device for bootloader installation", select /dev/sda (or whichever is your primary drive).
Press Install Now.
- You will see a warning about one of the partitions not being marked for formatting. Ignore the warning, and press Continue.
- You will receive a clarification that changes will be written to disk. Press Continue.
- Fill in your location when prompted. Press Continue.
Select your keyboard layout. Test by typing various characters (e.g. #) in the available area, and change your mind if required. Then press Continue.
- Fill in your account details:
- Your name: As it says, fill in your name.
- Your computer's name: Whatever you want to name your computer. Recommended no longer than 15 characters (for networking with Windows computers).
- Pick a username: Recommended to be a single word in lowercase, e.g. chris
Choose a password: This is the Ubuntu login password that you chose in the high-level overview.
- Confirm your password: The same password.
- Select "Require my password to log in" (see the following note for the reason why).
- Select "Encrypt my home folder" (see the following note for the reason why).
- Press Continue.
2.1. Note about encrypting your home folder
It may seem crazy to need to log in, and to encrypt your home folder, when the entire system is already highly encrypted. However, they both have a purpose.
The Ubuntu login is part of the security paradigm to help protect against malware while your system is running. The UAC in Windows is roughly equivalent to this.
If anyone else shares your computer, even if they only use Windows and not Ubuntu, they will still be able to access your data (because they have the system passphrase).
When you encrypt your home folder, your data will be unavailable even to them — unless you happen to be logged in to Ubuntu at the time.
That is why you should always log out of your Ubuntu account whenever you let someone else use your computer (unless it is OK for them to access your data).
In other words, select "Encrypt my home folder" unless you never share your computer with anyone else or you don't care if the people with whom you share your computer access your data.
3. Completion of Installation
3.1. Completion errors
On completion of the installation, you will receive some errors.
Ignore this error, and press OK.
Ignore this error, and press Close.
When you see either of these error messages, press Cancel — unless (for advanced users) you have an account with Launchpad and you are happy to submit this error.
Do not reboot afterwards.
Instead, return to the detailed process and continue from there.