Ubuntu – Dual Boot unencrypted Windows 10 + encrypted Ubuntu 14.04

14.04dual-bootencryptionwindows 10

I have Windows 10 installed on my laptop and I want to install Ubuntu 14.04 in encrypted form so I can boot into a non encrypted Windows 10 or an encrypted Ubuntu 14.04.

I have booted into the laptop using an Ubuntu 14.04 live cd and this is what the current partitions look like:

enter image description here

If I then start the Ubuntu 14.04 installation and select "something else" from the partition screen, I get this:

enter image description here

What do I need to do to the unused space in order to install Ubuntu 14.04 in encrypted form?

I have read many existing questions, but find them very confusing.

Best Answer

If you want to perform a "full disk encryption" of your Ubuntu installation do the following:

  • Boot live cd
  • Open gparted
  • Create 3 partitions:
    • boot (ext2) - If you have Windows installed with UEFI, this can be skipped,
    • root (ext4),
    • swap (linux-swap)
  • Apply changes
  • Open terminal and sudo -i
  • Encrypt volumes root and swap

    cryptsetup luksFormat --cipher aes-xts-plain --key-size 512 --hash 
    sha512 --iter-time 2000 /dev/sdax
  • Name the encrypted volumes

    cryptsetup luksOpen /dev/sda2 root
    cryptsetup luksOpen /dev/sda3 swap
  • Make an ext4 filesystem inside and a swap space

    mkfs.ext4 /dev/mapper/root
    mkswap /dev/mapper/swap
  • Proceed with OS installation
  • Select Something else
  • Set boot, root and swap partitions (Select each partition, press Change and set the appropriate values)
  • Continue with installation. Press Install now.
  • After installation is finished choose Continue testing
  • Open terminal and sudo -i
  • Chroot Magic

    cd /mnt
    mkdir root
    mount /dev/mapper/root root
    mount /dev/sda1 root/boot
    chroot root
    mount -t proc proc /proc
    mount -t sysfs sys /sys
    mount -o bind /dev root/dev
  • Block Device & Filesystem Tables

    nano /etc/crypttab
  • Open a second terminal

    sudo blkid
  • Enter the following content to the crypttab file

    root UUID= (find it from blkid) none luks
    swap UUID= (find it from blkid) none luks,swap
  • Save and exit
  • Open the file /etc/fstab and check that it has the root and swap entries
  • Fix Hibernate and Update Init.
  • Open with nano /etc/initramfs-tools/conf.d/resume and make the following change

  • Run in terminal the following command

    update-initramfs -u
  • LUKS Header Backup. Open terminal and run the following commands

    cryptsetup luksHeaderBackup /dev/sda2 --header-backup-file /root/root.img
    cryptsetup luksHeaderBackup /dev/sda3 --header-backup-file /root/swap.img

The above guide was based on this

Related Question