This document belongs to Manual Full System Encryption (with Extras): Detailed Process.

1. Customised Ubuntu Installation

Close any open windows — except maybe this one so that you can read the instructions.

Start the Ubuntu installer.

Fill in the prompts as follows.

1.1. Language

  • Choose your language and press Continue.

1.2. Download options

  • Check box "Download updates while installing Ubuntu" (this saves time), unless you cannot yet connect to the Internet.
  • Check box "Install third-party software…" (unless you have a moral objection to proprietary software).

Press Continue.

1.3. Installation type

Select "Something else" and press Continue.

1.4. Installation type (continued)

This section is a little bit complicated. Follow the instructions carefully.

1.4.1. Select the ESP partition

Do you remember which partition holds the ESP (as determined in the partition preparation? Scroll down the table to that partition. It will have the device name (e.g. /dev/sda2) with other details in the remaining columns.

Highlight the line by pressing it.

Press the "Change…" button.

In the mini window, set "Use as" to "EFI System Partition" (if not already set).

Press OK.

1.4.2. Select the remaining partitions

Repeat the process for each of the device names in the following table, filling in the details as in the following table.

  • In all cases, do not select the "Format" checkbox.

  • The sizes shown in the table below will most likely differ on your system.
  • Do the last line (for data-home) only if you have a separate data partition.

Line to highlight

What to fill in after pressing Change…

/dev/mapper/system-swap  swap  4294MB 

Use as: swap area

/dev/mapper/system-boot  ext3  536MB  

Use as: ext3 journaling file system
Mount point: /boot

/dev/mapper/system-root  ext4  25000MB

Use as: ext4 journaling file system
Mount point: /

/dev/mapper/data-home    ext4  25000MB

Use as: ext4 journaling file system
Mount point: /home

1.4.3. Select the bootloader

Under "Select the device for bootloader installation", select /dev/sda (or whichever is your primary drive).

2. Install

Press Install Now.

  • You will see a warning about one of the partitions not being marked for formatting. Ignore the warning, and press Continue.
  • You will receive a clarification that changes will be written to disk. Press Continue.
  • Fill in your location when prompted. Press Continue.
  • Select your keyboard layout. Test by typing various characters (e.g. #) in the available area, and change your mind if required. Then press Continue.

  • Fill in your account details:
    • Your name: As it says, fill in your name.
    • Your computer's name: Whatever you want to name your computer. Recommended no longer than 15 characters (for networking with Windows computers).
    • Pick a username: Recommended to be a single word in lowercase, e.g. chris
    • Choose a password: This is the Ubuntu login password that you chose in the high-level overview.

    • Confirm your password: The same password.
    • Select "Require my password to log in" (see the following note for the reason why).
    • Select "Encrypt my home folder" (see the following note for the reason why).
    • Press Continue.

2.1. Note about encrypting your home folder

It may seem crazy to need to log in, and to encrypt your home folder, when the entire system is already highly encrypted. However, they both have a purpose.

The Ubuntu login is part of the security paradigm to help protect against malware while your system is running. The UAC in Windows is roughly equivalent to this.

If anyone else shares your computer, even if they only use Windows and not Ubuntu, they will still be able to access your data (because they have the system passphrase).

When you encrypt your home folder, your data will be unavailable even to them — unless you happen to be logged in to Ubuntu at the time.

That is why you should always log out of your Ubuntu account whenever you let someone else use your computer (unless it is OK for them to access your data).

In other words, select "Encrypt my home folder" unless you never share your computer with anyone else or you don't care if the people with whom you share your computer access your data.

3. Completion of Installation

3.1. Completion errors

On completion of the installation, you will receive some errors.


Ignore this error, and press OK.


Ignore this error, and press Close.

apport-data-collection.png send-problem-to-the-developers.png

When you see either of these error messages, press Cancel — unless (for advanced users) you have an account with Launchpad and you are happy to submit this error.

3.2. Continuation

Do not reboot afterwards.

Instead, return to the detailed process and continue from there.

ManualFullSystemEncryption/DetailedProcessInstallUbuntu (last edited 2017-04-18 12:41:28 by paddy-landau)