Page 1 of 2 12 LastLast
Results 1 to 10 of 15

Thread: HOWTO: Encrypt the system manually upon installation

  1. #1
    Join Date
    Jun 2006
    Location
    Switzerland
    Beans
    Hidden!
    Distro
    Kubuntu Jaunty Jackalope (testing)

    HOWTO: Encrypt the system manually upon installation

    Introduction

    Another howty by me concerning encryption. However this one will be pretty intens on graphics. I have a step-by-step guide on how to do a manual full encryption of the system.

    Due to a bug current in the ubuntu installation, you cannot encrypt the swap partition directly during the manual install. The install will just hang. Here's a link to the bug report: https://bugs.launchpad.net/ubuntu/+bug/231451

    Also the sizes used were just exemplary... please consider carefully how you want to size your partitions. I did this on a 15 GB virtual image, hence swap, root, home are quite small. As I've just told, I will make a seperate home partition. If you need to reinstall, you can just follow this guide again BUT leave the /home partition untouched during installation. Once you've setup then boot, swap and root, you can manually add the /home partition into the local filesystem and setup it up to automatically unlock by a key.

    Because I used a virtual machine for creating this howto, I also set all partitions to be primary partitions. Remeber, you can only have 4 primary partitions on a harddisk. You could also create a logical partition and make partitions in there.

    Due to the restrictions of 8 pics per post, I will split it up into multiple posts.

    Step 1: Getting to the partitioner

    So, once you reach the partitioner, select manual partitioning:


    As I have a completely new harddisk (or rather virtual harddisk) I have to select it first:


    Then to create an empty partition list:


    Now we got a blank harddisk with an empty partition list:

  2. #2
    Join Date
    Jun 2006
    Location
    Switzerland
    Beans
    Hidden!
    Distro
    Kubuntu Jaunty Jackalope (testing)

    Re: (Work in Progress) HOWTO: Encrypt the system manually upon installation

    Step 2: Creating the boot partition

    Now we select to create a new partition on the harddisk:


    About 100 MB is a good size for a boot partition... that will be sufficent for multiple kernels. However it's up to you how big you want to make it.


    Well, as said in the introduction I make all the partitions primary ones. If you want to create a logical one, make it as big as you want so that all other partitions will fit within.


    I set it at the beginning. You could also set it at the ened... IMHO it doesn't matter much.


    And then we finally get to the partition properties. Make sure to select as filesystem ext3, as mount point /boot and make it bootable.

  3. #3
    Join Date
    Jun 2006
    Location
    Switzerland
    Beans
    Hidden!
    Distro
    Kubuntu Jaunty Jackalope (testing)

    Re: (Work in Progress) HOWTO: Encrypt the system manually upon installation

    Step 3: Creating the swap partition

    Afterwards we end in the main partitioning menu again. Select the free space:


    Make a new partition:


    I select here 256 MB ram because it's just a virtual drive. Generally you should make it about twice your ram size but not more than 4 GB, except if you want to hibernate and have more than 4 GB ram. You should make it then at least equal your ram size.


    Again primary:


    Again at the beginning:


    Set the properties according to the picture:

    Remember, this will not be immediately setup due to the bug here: https://bugs.launchpad.net/ubuntu/+bug/231451 - we'll setup swap once we installed the system.

  4. #4
    Join Date
    Jun 2006
    Location
    Switzerland
    Beans
    Hidden!
    Distro
    Kubuntu Jaunty Jackalope (testing)

    Re: (Work in Progress) HOWTO: Encrypt the system manually upon installation

    Step 4: Creating the "/" folder

    Afterwards we end in the main partitioning menu again. Select the free space:


    Make a new partition:


    I select here 5 GB as root. This is because of the virtual disk. Normally you should use at least 10 Gb.... better 20 Gb to have enough space to install all the apps you want.


    Again primary:


    Again at the beginning:


    Set the properties according to the picture however you can change encryption, key size and algorithm according to your preferences. Make sure the encryption key is a passphrase.

  5. #5
    Join Date
    Jun 2006
    Location
    Switzerland
    Beans
    Hidden!
    Distro
    Kubuntu Jaunty Jackalope (testing)

    Re: (Work in Progress) HOWTO: Encrypt the system manually upon installation

    Step 5: Creating the "/home" folder

    Afterwards we end in the main partitioning menu again. Select the free space:


    Make a new partition:


    use all the remaining disk space for your home folder. That's where you normally want to store most of your data.


    Again primary:


    Set the properties according to the picture however you can change encryption, key size and algorithm according to your preferences. Make sure the encryption key is a passphrase.

  6. #6
    Join Date
    Jun 2006
    Location
    Switzerland
    Beans
    Hidden!
    Distro
    Kubuntu Jaunty Jackalope (testing)

    Re: (Work in Progress) HOWTO: Encrypt the system manually upon installation

    Step 6: Configure the encrypted devices

    Afterwards we end in the main partitioning menu again. Select the encrypted volumes:


    Select here yes:


    Then enter the password for the root device (partition #3 sda):


    Verify the password for the root device:


    If your password is too weak you will get this error message. Either go back and fix it or accept it. However a weak password defeats the purpose of having encryption. I only selected yes, because it's a demo setup on a virtual machine. So once I'm done it gets deleted anyway.


    Then enter the password for the home device (partition #4 sda):


    Verify the password for the home device:


    Again the week password message:

  7. #7
    Join Date
    Jun 2006
    Location
    Switzerland
    Beans
    Hidden!
    Distro
    Kubuntu Jaunty Jackalope (testing)

    Re: (Work in Progress) HOWTO: Encrypt the system manually upon installation

    Step 7: Set the encrypted devices up

    Afterwards we end in the main partitioning menu again. You can see that we have two new devices there. We need to set those up now and start with the root partition:


    Set the properties according to this. Make sure to select "/" as mount point.


    We end up again in the main partition menu and select now the home partition:


    Set the properties according to this. Make sure to select "/home" as mount point.

  8. #8
    Join Date
    Jun 2006
    Location
    Switzerland
    Beans
    Hidden!
    Distro
    Kubuntu Jaunty Jackalope (testing)

    Re: (Work in Progress) HOWTO: Encrypt the system manually upon installation

    Step 8: Finish the partitioner

    For the last time we are now in the partitioner main menu. Select finish partitioning and write changes to disk:


    You will get then a warning about swap. Just ignore it and go on:


    Write changes to disk and the let install continue:

  9. #9
    Join Date
    Jun 2006
    Location
    Switzerland
    Beans
    Hidden!
    Distro
    Kubuntu Jaunty Jackalope (testing)

    Re: (Work in Progress) HOWTO: Encrypt the system manually upon installation

    Step 9: Enable swap and setup key unlocking of /home

    Now after the system has finished installed, start it. You will be prompted to enter the crypto password twice. Once for the root partition and then a bit later for the /home partition. Once the computer has booted up run the commands
    Code:
    df -l
    sudo fdisk -l
    You should get an output similar to this one:


    Enabling swap is pretty simple. You first need to edit the crypttab:
    Code:
    sudo nano /etc/crypttab
    and there you need to add a line like this:
    Code:
    cswap	/dev/sda2	/dev/urandom	swap
    Save and close it with ctrl-x (follow the instructions) and then open
    Code:
    sudo nano /etc/fstab
    and add this line:
    Code:
    /dev/mapper/cswap	none	swap	sw	0	0
    So, if you don't want to enter the password twice for unlocking the root and the home partition, follow this guide here: http://ubuntuforums.org/showthread.php?t=837416

    After you set that up accordingly, you can reboot and then you will have to enter the password only once and you will also have an encrypted swap at your disposal. Enjoy!
    Last edited by hyper_ch; July 3rd, 2008 at 11:30 PM.

  10. #10
    Join Date
    Mar 2007
    Location
    Denver, CO
    Beans
    7,728
    Distro
    Ubuntu Mate 16.04 Xenial Xerus

    Re: HOWTO: Encrypt the system manually upon installation

    Great tutorial -- I liked that a lot. 100mb boot partition is pretty stingy. If you ever compile your own kernel, that space is going to fill up fast. I see the value of separate home and swap partitions, however boot?? Seems like that should be on the root partition as well?

Page 1 of 2 12 LastLast

Tags for this Thread

Bookmarks

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •