Page 12 of 12 FirstFirst ... 2101112
Results 111 to 114 of 114

Thread: Manual Full System Encryption has been updated and simplified

  1. #111
    Join Date
    Oct 2015
    Beans
    17

    Re: Manual Full System Encryption has been updated and simplified

    When I first started mucking around with getting a Windows 10 and Ubuntu 18.04 full system encryption dualboot setup on my HP17 laptop by running 18.04 as the live DVD, it wouldn't allow WiFi. Turning off secure boot remedied the problem. Still I decided to try the 18.10 version and I got WiFi and secure boot automatically with that live disk. I haven't installed anything yet, still waiting for a model of encryption that suits my skill levels.

    I did try something that I read about yesterday, about encrypting Windows with VeraCrypt and then booting a live Ubuntu medium and installing Ubuntu. It sounded reasonable, Ubuntu would overwrite the VC loader and you would use the rescue disk to mount Windows when needed, otherwise a default boot to Ubuntu. The VC encryption went fine but afterward I couldn't boot a live DVD or thumb for the Ubuntu installment and encryption.

    I have a "boot from an EFI file" in my UEFI setup (f9) that recognized the 18.10 live thumb drive but, even if it were possible, I had no clue as to how to navigate the file if it could be booted.

    Now I want to try a "something else" installation (after I decrypt Windows partition) and install an encrypted Ubuntu to a separate internal SSD. Before finishing installing, I know that I have to direct the loader to sdb (or whatever it may be). I recall that "something else" allows you to set mount points. Do I have to install separate unencrypted /EFI and /boot mount points along with intended encrypted /root or a single mount point labeled /boot/EFI or something similar?

    BTW, when I installed VC, I use "system partition" encryption only, not "system full disk", to allow the Windows EFI to accommodate the Ubuntu setup that I'd hoped to install on the Windows drive.

  2. #112
    Join Date
    May 2008
    Location
    United Kingdom
    Beans
    4,548
    Distro
    Lubuntu 16.04 Xenial Xerus

    Re: Manual Full System Encryption has been updated and simplified

    Quote Originally Posted by Franz_Ziereis View Post
    … I decided to try the 18.10 version and I got WiFi and secure boot automatically with that live disk.
    That's interesting, Franz.
    Quote Originally Posted by Franz_Ziereis View Post
    … encrypting Windows with VeraCrypt
    VeraCrypt is an excellent product, but I've never used it to encrypt an operating system. What would happen, I wonder, if you were to use VeraCrypt to encrypt Windows and Ubuntu?
    Quote Originally Posted by Franz_Ziereis View Post
    … Before finishing installing, I know that I have to direct the loader to sdb (or whatever it may be).
    I don't know quite how it would work with VeraCrypt. Typically, you want to put the bootloader onto your primary drive, so it would usually be /dev/sda, even if Ubuntu goes on /dev/sdb. That's because Grub has to intercept the boot process before Windows gets hold of it.
    Quote Originally Posted by Franz_Ziereis View Post
    I recall that "something else" allows you to set mount points. Do I have to install separate unencrypted /EFI and /boot mount points along with intended encrypted /root or a single mount point labeled /boot/EFI or something similar?
    The process used in Manual Full System Encryption encrypts everything Ubuntu, including /boot, except for the EFI System Partition. The ESP has to remain unencrypted because the firmware needs to be able to access it prior to decryption.
    Quote Originally Posted by Franz_Ziereis View Post
    BTW, when I installed VC, I use "system partition" encryption only, not "system full disk", to allow the Windows EFI to accommodate the Ubuntu setup that I'd hoped to install on the Windows drive.
    Unfortunately, I don't know the details of how VeraCrypt works, so I can't answer this. If you have the time to play, it would be a great experiment to install both Windows and Ubuntu unencrypted, and then use VeraCrypt to encrypt the entire drive, to see what happens. Also, is VeraCrypt compatible with Secure Boot? I'd love to know!

  3. #113
    Join Date
    May 2019
    Beans
    8

    Re: Manual Full System Encryption has been updated and simplified

    Hi Paddy, sorry that I took so long to reply. Thank you a lot for your time and help. I was on a business trip so I didn't have any possibility to get back to you.
    I will go through the steps you told me and keep you informed how it went. Especially the part of having the extra drive mounted directly at boot.

    Best Regards
    Yann

  4. #114
    Join Date
    May 2019
    Beans
    8

    Re: Manual Full System Encryption has been updated and simplified

    @Franz
    Veracrypt was updated to support UEFI full system disk encryption under Windows. I did Encrypt my fuul system disk prior UEFI with TrueCrypt having Windows and Ubuntu installed. When booting Grub started from there you decided which OS to boot. Booting Windows started the trucrypt bootloader. In my knowledge this should now work the same with veracrypt and UEFI. In my setup however I never encrypted Ubuntu. But this might also be possible, with the presented setup by paddy. If you get it to work please let us know.
    This link might be helpfull for you.

    https://medium.com/@lankycyril/using...p-27d1eacbf36b

    Best regards
    Yann

    Another Point that might be from interest for you, in that setup above I always got rid of the Bootpartition from Windows. Tot do that you have to Partition your Hardrive before installing Windows. Don leave any unused space, that windows could use for it.
    Last edited by yrn2; 1 Week Ago at 10:25 PM.

Page 12 of 12 FirstFirst ... 2101112

Tags for this Thread

Bookmarks

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •