In this guide I'm going to show you how to install Ubuntu 11.10 with full disc encryption with XTS. I'm using the desktop installer, the alternate installer does not support this mode. I've done this setup on earlier versions of Ubuntu, but it isn't quite the same with 11.10
I have two partitions on the HDD, sda1(/boot) and sda2(LUKS/LVM).
After booting the installer from USB and configuring the network, I install lvm2.
Code:
sudo apt-get install lvm2
Next I create the LUKS volume with cryptsetup.
Code:
sudo cryptsetup luksFormat -c aes-xts-plain -s 512 -h sha512 /dev/sda2
Now open the LUKS and setup the LVM.
Code:
sudo cryptsetup luksOpen /dev/sda2 pvcrypt
sudo vgcreate vg /dev/mapper/pvcrypt
sudo lvcreate -n root -L 1G vg
sudo lvcreate -n tmp -L 1G vg
sudo lvcreate -n opt -L 1G vg
sudo lvcreate -n var -L 2500M vg
sudo lvcreate -n swap -L 4G vg
sudo lvcreate -n usr -L 9G vg
sudo lvcreate -n home -l 100%FREE vg
Activate swap.
Code:
sudo mkswap /dev/mapper/vg-swap
For some reason, the installer does not let me format the volumes, so I do it manually. Example:
Code:
sudo mkfs.ext4 /dev/mapper/vg-root
Begin the installation process now. Don't connect to the internet, it seems there's another bug that will cause the installer to hang if you try install the updates during installation. When you get to installation type, select 'something else'/manual and configure the LVs with the appropriate mount points.
DO NOT RESTART YET!! After the installation has finished, DO NOT RESTART! We are not done. We need to mount the installation and configure some stuff.
Code:
cd /mnt
sudo mkdir ubuntu
sudo mount /dev/mapper/vg-root ubuntu
sudo mount /dev/mapper/vg-home ubuntu/home
etc...
Chroot in and install lvm2. Re-connect your network here.
Code:
sudo chroot ubuntu
mount -t proc proc /proc
mount -t sysfs sys /sys
mount -t devpts devpts /dev/pts
apt-get update
apt-get install lvm2 cryptsetup
Add the encrypted volume's UUID to /etc/crypttab
Code:
echo "pvcrypt UUID=`blkid -s UUID -o value /dev/sda2` none luks" | tee -a /etc/crypttab
Make sure the initrd is up to date.
Code:
update-initramfs -u
And it's done! Go ahead and reboot.
Bookmarks