HOWTO: Encrypt The System Manually Upon Installation (Ubuntu 8.04)

Author: Stephan Jau
Revision: v1.0
Last Change: July 5 2008


Another howto by me concerning encryption. However this one will be pretty intense on graphics. I have a step-by-step guide on how to do a manual full encryption of the system.

Due to a bug current in the ubuntu installation, you cannot encrypt the swap partition directly during the manual install. The install will just hang. Here's a link to the bug report:

Also the sizes used were just exemplary... please consider carefully how you want to size your partitions. I did this on a 15 GB virtual image, hence swap, root, home are quite small. As I've just told, I will make a seperate home partition. If you need to reinstall, you can just follow this guide again BUT leave the /home partition untouched during installation. Once you've setup then boot, swap and root, you can manually add the /home partition into the local filesystem and setup it up to automatically unlock by a key.

Because I used a virtual machine for creating this howto, I also set all partitions to be primary partitions. Remeber, you can only have 4 primary partitions on a harddisk. You could also create a logical partition and make partitions in there.


Step 1: Getting to the partitioner

So, once you reach the partitioner, select manual partitioning:

As I have a completely new harddisk (or rather virtual harddisk) I have to select it first:

Then to create an empty partition list:

Now we got a blank harddisk with an empty partition list:


Step 2: Creating the boot partition

Now we select to create a new partition on the harddisk:

About 100 MB is a good size for a boot partition... that will be sufficent for multiple kernels. However it's up to you how big you want to make it.

Well, as said in the introduction I make all the partitions primary ones. If you want to create a logical one, make it as big as you want so that all other partitions will fit within.

I set it at the beginning. You could also set it at the ened... IMHO it doesn't matter much.

And then we finally get to the partition properties. Make sure to select as filesystem ext3, as mount point /boot and make it bootable.

