Encrypted Filesystems Via Ubiquity

By | May 7, 2016

(i) Please refer to EncryptedFilesystems for further documentation.

Contents

The Desktop CD installer (ubiquity) currently does not provide support for setting up LVM or encrypted partitions. With the recipe below, the Desktop CD can be used to install Ubuntu on a previously created (optionally encrypted) LVM.

  • Boot desktop CD, open terminal, and install missing packages:
    apt-get install cryptsetup lvm2
    sudo modprobe dm-crypt

     

  • Now set up the LVM and crypto partitions with the command line tools. If you already have Ubuntu installed on a standard LVM-on-LUKS, this is as easy as:
    sudo cryptsetup luksOpen /dev/sda4 sda4_crypt

     

    or whichever partition is the encrypted LVM PV. This should automatically create the LVM LVs in /dev/mapper/.

  • Start ubiquity with manual partitioning, and use the existing

    partitions; keep /home etc. as they are, and reformat the root partition in the LVM. Do not reboot immediately, your system will not boot!

  • Mount the newly installed target system:
    sudo mount /dev/mapper/ubuntu*-root /mnt
    sudo chroot /mnt mount /proc
    sudo mount --bind /dev /mnt/dev
    sudo chroot /mnt mount /boot

     

  • Create an appropriate crypttab:
    echo "sda4_crypt UUID=`sudo blkid -s UUID -o value /dev/sda4` none luks" | sudo tee -a /mnt/etc/crypttab

    or alternatively on older systems:

    echo "sda4_crypt UUID=`sudo vol_id --uuid /dev/sda4` none luks" | sudo tee -a /mnt/etc/crypttab

     

  • Rebuild the ramdisk:
    • This only applies to Ubuntu version >= 11.04

      • Run the following command to rebuild the ramdisk:
      •  sudo chroot /mnt update-initramfs -u

         

    • This only applies to Ubuntu version < 11.04

      • Install a few missing packages into the target system (this will also take care of updating the initramfs):
      • sudo chroot /mnt apt-get install cryptsetup lvm2 dmsetup

         

  • Unmount the target system:
    sudo umount /mnt/proc /mnt/dev /mnt/boot /mnt

     

  • Reboot into your newly installed system.

reference -> https://help.ubuntu.com/community/EncryptedFilesystemsViaUbiquity

Сomments аrchive