HOWTO: Encrypt The System Manually Upon Installation (Ubuntu 8.04) - Page 4
Step 7: Set the encrypted devices up
Afterwards we end in the main partitioning menu again. You can see that we have two new devices there. We need to set those up now and start with the root partition:
Set the properties according to this. Make sure to select "/" as mount point.
We end up again in the main partition menu and select now the home partition:
Set the properties according to this. Make sure to select "/home" as mount point.
Step 8: Finish the partitioner
For the last time we are now in the partitioner main menu. Select finish partitioning and write changes to disk:
You will get then a warning about swap. Just ignore it and go on:
Write changes to disk and the let install continue:
Step 9: Enable swap and setup key unlocking of /home
Now after the system has finished installed, start it. You will be prompted to enter the crypto password twice. Once for the root partition and then a bit later for the /home partition. Once the computer has booted up run the commands
df -l
sudo fdisk -l
You should get an output similar to this one:
Enabling swap is pretty simple. You first need to edit the crypttab:
sudo nano /etc/crypttab
and there you need to add a line like this:
cswap /dev/sda2 /dev/urandom swap
Save and close it with ctrl-x (follow the instructions) and then open
sudo nano /etc/fstab
and add this line:
/dev/mapper/cswap none swap sw 0 0
So, if you don't want to enter the password twice for unlocking the root and the home partition, follow this guide here: https://www.howtoforge.com/automatically-unlock-luks-encrypted-drives-with-a-keyfile
After you set that up accordingly, you can reboot and then you will have to enter the password only once and you will also have an encrypted swap at your disposal. Enjoy!