HOWTO: Encrypt The System Manually Upon Installation (Ubuntu 8.04)

Want to support HowtoForge? Become a subscriber!
 
Submitted by sjau (Contact Author) (Forums) on Tue, 2008-07-15 16:27. :: Ubuntu | Security

HOWTO: Encrypt The System Manually Upon Installation (Ubuntu 8.04)

Author: Stephan Jau
Revision: v1.0
Last Change: July 5 2008

Introduction

Another howto by me concerning encryption. However this one will be pretty intense on graphics. I have a step-by-step guide on how to do a manual full encryption of the system.

Due to a bug current in the ubuntu installation, you cannot encrypt the swap partition directly during the manual install. The install will just hang. Here's a link to the bug report: https://bugs.launchpad.net/ubuntu/+bug/231451

Also the sizes used were just exemplary... please consider carefully how you want to size your partitions. I did this on a 15 GB virtual image, hence swap, root, home are quite small. As I've just told, I will make a seperate home partition. If you need to reinstall, you can just follow this guide again BUT leave the /home partition untouched during installation. Once you've setup then boot, swap and root, you can manually add the /home partition into the local filesystem and setup it up to automatically unlock by a key.

Because I used a virtual machine for creating this howto, I also set all partitions to be primary partitions. Remeber, you can only have 4 primary partitions on a harddisk. You could also create a logical partition and make partitions in there.

 

Step 1: Getting to the partitioner

So, once you reach the partitioner, select manual partitioning:

As I have a completely new harddisk (or rather virtual harddisk) I have to select it first:

Then to create an empty partition list:

Now we got a blank harddisk with an empty partition list:

 

Step 2: Creating the boot partition

Now we select to create a new partition on the harddisk:

About 100 MB is a good size for a boot partition... that will be sufficent for multiple kernels. However it's up to you how big you want to make it.

Well, as said in the introduction I make all the partitions primary ones. If you want to create a logical one, make it as big as you want so that all other partitions will fit within.

I set it at the beginning. You could also set it at the ened... IMHO it doesn't matter much.

And then we finally get to the partition properties. Make sure to select as filesystem ext3, as mount point /boot and make it bootable.


Please do not use the comment function to ask for help! If you need help, please use our forum.
Comments will be published after administrator approval.
Submitted by Dan (not registered) on Mon, 2008-10-20 23:14.

Seems there is a fatal error with this method of encryption - the same one as with TrueCrypt.  When you get a system update and the initrd file is replaced, the encryption information is lost.  Fortunately, I was still able to boot into the old kernel, and although there were some errors about a missing module now, I could at least get up and running and copy my data off to another system before having to rebuild.....

It could be worse.  I could have install Pointsec and rendered the system into a boat anchor.

If anyone has a good idea about how to migrate the encryption settings into the new initrd file, they would instantly become a "Linux god"... <LOL>

 

Submitted by sjau (registered user) on Sun, 2008-11-30 16:38.
I've had no issues with upgrading kernels... done this several times.