I want to install a fully encrypted linux system (xubuntu) on a 500GB HDD. I would like to install it just on a 350GB partition and leave 150GB for other stuff. So, when I get to the proper installation prompt, I check "Encrypt...", "LVM.." and then "something else" (this because the default "Erase disk and install Xubuntu" will just use the whole 500GB). Then I am stuck. In the following screen I set up the 350GB partition (format to Ext4, mount point :/, bootloader, etc.) but then after clicking on "continue" the installation begins and it seems the Installation forgets to ask me the LUKS encryption password. So, basically it does forget my previous choice and installs it without LUKS. Using the whole disk and resizing afterwards is a pita...so I would like to avoid it.
It would be easiest to use a distro with the full Debian installer aka "alt installer". Most (if not all) Ubuntu flavors dropped that for desktop installers. Your best bet may be to do a server install, and then add the XFCE desktop.
Boot Xubuntu live, create 2 partitions with GParted. Then install Logical Volume Manager and create new volume group and new volume on partition 1. Then reboot Xubuntu live and install. Does that work perhaps?
Yes. However, just by using the default installer crypto-partitioner, the user won't be able to use anything but AES with a 1 second iter time. If he'd like to edit a few parameters on Debian (like KEY size, algorithm, IV-Algorithm, iter time, etc) I could help him. For some reason Ubuntu doesn't like this.
I went through this several months ago and these same two members made it happen for me. I created a personal guide for doing this and it works beyond amazingly. On my setup I also remove /boot from the machine and place it on a usb flash for better security. Debian is so flexible and powerful with their installer if you take just a little time to learn it. Try reading through the entire thread linked below. The final resolution is awesome and not tough at all. Using this method I have 3 OS's all bare metal on my machine (3 separate usb /boot devices), which are fast and independent since all are FDE with LUKS and there is NO bootloader of any kind on the hard drive. Nice. If you have any questions place them here and not on that old thread. Start in post #3 in the linked thread and disregard the first two completely. -- > https://www.wilderssecurity.com/threads/idiots-guide-for-getting-luks-to-boot.378560/ ps ---- don't waste your time trying this with Ubuntu. You will end up disappointed in every way. The Debian 8 installer has all the options that you need to make this happen.
Just as an addition you could read the following page from the Arch Wiki which I think is very well written and has helped me a lot in the past: https://wiki.archlinux.org/index.php/Dm-crypt/Encrypting_an_entire_system The overview gives a good impression of what is possible and what you are dealing with later on. It's nice to know. Edit: corrected link
