## page was renamed from ManualFullSystemEncryption/DetailedProcessPartitionFormatEncrypt #language en #pragma section-numbers on #title Manual Full System Encryption (with Extras): Detailed Process: Partition ||<>|| This document belongs to [[../DetailedProcess#The_stages|Manual Full System Encryption (with Extras): Detailed Process]]. = Get ready (for the newbie) = You have started the computer using your Live DVD or Live USB. 1. Learn how to open the menu for your chosen distribution. For Ubuntu, you press the "Super" key (on most keyboards, this is known as the Windows key), and then start typing what you want. 1. Learn how to start GPartEd. * In Ubuntu and Kubuntu, press the Super key, type the word `gparted` and select its icon. * In other distributions, you'll find GPartEd in the menu under System Tools. 1. You should already know how to open the Terminal * Press `Ctrl`+`Alt`+`T` * In Mint, this doesn't work, so find it in the menu > Accessories. = Set up the drive = ---- If you are installing onto a system that already has a drive, or drives, with something on them (e.g. Windows), skip this step and continue with [[#Set_up_the_ESP|Set up the ESP]] below. ---- However, if you are installing a system from scratch on a new, empty drive, it will need to have a partition table. In our example, there are two drives: `/dev/sda`, which isn't empty (it contains Windows), and `/dev/sdb`, which is empty and which will contain the data. You can see from the following screenshot of GParted that the drive `/dev/sdb` is empty. Your system might have a different naming convention such as `/dev/nvme0n1`. {{attachment:gparted-sdb-before.png}} {{{#!wiki warning Beware This step will erase all data from the '''entire''' drive! Do it only if the drive is already completely empty. }}} 1. In `gparted`, ensure that the correct drive is selected at the top right. The default is `/dev/sda`, so change it if wrong. In the example, it is `/dev/sdb`. 1. Check that the drive is empty, as per the image above. 1. Select the menu item Device > Create Partition Tableā€¦ 1. In the drop-down menu, select `gpt`. Press ''Apply''. = Set up the ESP = ESP:: :: EFI System Partition. A special partition required for a computer with UEFI to be able to boot. This step is only if your computer doesn't already have an ESP. If your computer already has an ESP, skip this step and proceed with [[#Create_the_system_partition|Create the system partition]] below. 1. In `gparted`, at the top right-hand corner, select the drive where the ESP is to go. 1. Visually locate the empty space where the ESP is to go. 1. Select that space, and right-click > New. 1. Set the following fields: || Free space preceding || Change only if required (it might not accept zero) || || New Size || Required ESP size (recommended 550MiB, but as little as 100MiB works on most hardware) || || Free space following || (will be calculated automatically) || || Align to || MiB || || Partition Name || EFI System Partition || || File System || fat32 || || Label || ESP || 1. Press ''Add'', and then the big green tick and "Apply". 1. Right-click your new partition (with the name "EFI System Partition") and select "Manage Flags". 1. Select "esp", which will automatically change a couple of other flags. Press Close. Done right, you might see something like this screenshot, although of course your setup might be quite different. {{attachment:gparted-ESP-created.png}} = Create the system partition = [[../OverviewPartitionPreparation|As described previously]], you should have cleared a space for the system partition. This must be large enough to take Boot, Root and swap; and if you want it to also hold your data, large enough to hold your data as well. If you will never use hibernation, you won't need swap, as it's now handled with a swap file. Our example (as seen in [[../OverviewPartitionPreparation#Linux|a previous page]]) has spare space on `/dev/sda`. You will find your specific space, wherever it is, and add the system partition there. 1. In `gparted`, at the top right-hand corner, select the drive where the system partition is to go. 1. Visually locate the empty space where the system partition is to go. 1. Select that space, and right-click > New. 1. Set the following fields: || Free space preceding || Change only if required (it might not accept zero) || || New Size || The size that you require; the default is the entire available (spare) space || || Free space following || (will be calculated automatically) || || Align to || MiB || || Partition Name || system || || File System || cleared || || Label || system || 1. Press ''Add'', and then the big green tick and "Apply". Done right, you might see something like this screenshot (where `/dev/sda5` is the new partition), although of course your setup might be quite different. {{attachment:gparted-system-partition-created.png}} = Create the data partition = ---- If you have chosen to hold your data in the same partition as the system partition, skip this step and head on to [[#Data_fill_for_paranoid_mode|Data fill]] below. ---- If you have chosen to hold your data in a separate partition, create it now. Our example (as seen in [[#Set_up_the_drive|Set up the drive]] above) will use all the spare space on `/dev/sdb`. You will find your specific space, wherever it is, and add the data partition there. 1. In `gparted`, at the top right-hand corner, select the drive where the system partition is to go. 1. Visually locate the empty space where the system partition is to go. 1. Select that space, and right-click > New. 1. Set the following fields: || Free space preceding || Change only if required (it might not accept zero) || || New Size || The size that you require; the default is the entire available (spare) space || || Free space following || (will be calculated automatically) || || Align to || MiB || || Partition Name || data || || File System || cleared || || Label || data || 1. Press ''Add'', and then the big green tick and "Apply". Close `gparted` now, because it has done its job and cannot correctly handle encryption. = Data fill for paranoid mode = This section is only for the paranoid. Skip to [[#Summary|Summary]] if you don't need this. {{attachment:Mentally-Deranged-Smiley-Face-Silhouette.png}} This fills the partition with random data.<> <> {{{#!wiki warning Warnings * Ensure that you choose the correct partition, otherwise you will destroy existing data. * If your partition is on an SSD (rather than a hard drive), it can be heavy work for the SSD and might not completely fill it with random data, especially if there is already an existing system (such as Windows). }}} * This potentially takes a long, long time to run, depending on the size of your partition and the speed of your hardware. Open the terminal. Enter the following command to randomise your system partition. '''Special note:''' I don't know which partition you have chosen for your system, so I've put `/dev/PARTITION`. Replace that with the actual partition, e.g. `/dev/sda5` (as in our example), or `/dev/nvme0n1p5`, or whatever yours is. {{{ sudo dd bs=16M if=/dev/urandom of=/dev/PARTITION }}} If you also have a separate data partition, repeat the command but this time with your data partition (in our example, it's `/dev/sdb1`). = Summary = Close `gparted` (if open), because it has done its job and cannot correctly handle encryption. At this point, the physical disk is fully set up and ready for the next step. Return to the [[../DetailedProcess#The_stages|detailed process]] and continue from there. ---- CategoryInstallation CategorySecurity