Results 1 to 8 of 8

Thread: Ubuntu 11.10 FDE w/ XTS

Threaded View

  1. October 23rd, 2011 #1
    ztux
    ztux is offline Spilled the Beans
    Join Date
    Oct 2011
    Beans
    15

    Ubuntu 11.10 FDE w/ XTS

    In this guide I'm going to show you how to install Ubuntu 11.10 with full disc encryption with XTS. I'm using the desktop installer, the alternate installer does not support this mode. I've done this setup on earlier versions of Ubuntu, but it isn't quite the same with 11.10

    I have two partitions on the HDD, sda1(/boot) and sda2(LUKS/LVM).

    After booting the installer from USB and configuring the network, I install lvm2.

    Code:
    sudo apt-get install lvm2
    Next I create the LUKS volume with cryptsetup.

    Code:
    sudo cryptsetup luksFormat -c aes-xts-plain -s 512 -h sha512 /dev/sda2
    Now open the LUKS and setup the LVM.

    Code:
    sudo cryptsetup luksOpen /dev/sda2 pvcrypt
sudo vgcreate vg /dev/mapper/pvcrypt
sudo lvcreate -n root -L 1G vg
sudo lvcreate -n tmp -L 1G vg
sudo lvcreate -n opt -L 1G vg
sudo lvcreate -n var -L 2500M vg
sudo lvcreate -n swap -L 4G vg
sudo lvcreate -n usr -L 9G vg
sudo lvcreate -n home -l 100%FREE vg
    Activate swap.

    Code:
    sudo mkswap /dev/mapper/vg-swap
    For some reason, the installer does not let me format the volumes, so I do it manually. Example:

    Code:
    sudo mkfs.ext4 /dev/mapper/vg-root
    Begin the installation process now. Don't connect to the internet, it seems there's another bug that will cause the installer to hang if you try install the updates during installation. When you get to installation type, select 'something else'/manual and configure the LVs with the appropriate mount points.

    DO NOT RESTART YET!! After the installation has finished, DO NOT RESTART! We are not done. We need to mount the installation and configure some stuff.

    Code:
    cd /mnt
sudo mkdir ubuntu
sudo mount /dev/mapper/vg-root ubuntu
sudo mount /dev/mapper/vg-home ubuntu/home
etc...
    Chroot in and install lvm2. Re-connect your network here.

    Code:
    sudo chroot ubuntu
mount -t proc proc /proc
mount -t sysfs sys /sys
mount -t devpts devpts /dev/pts
apt-get update
apt-get install lvm2 cryptsetup
    Add the encrypted volume's UUID to /etc/crypttab

    Code:
    echo "pvcrypt UUID=`blkid -s UUID -o value /dev/sda2` none luks" | tee -a /etc/crypttab
    Make sure the initrd is up to date.

    Code:
    update-initramfs -u
    And it's done! Go ahead and reboot.
    Last edited by ztux; November 5th, 2011 at 08:53 PM. Reason: corrections, additions
« Previous Thread | Next Thread »

Tags for this Thread

Bookmarks

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •  

Ubuntu Forums Code of Conduct