Help installing Linux FDE (LUKS) on a partitioned HDD

Discussion in 'all things UNIX' started by dogbite, Dec 20, 2015.

  1. dogbite

    dogbite Registered Member

    Joined:
    Dec 13, 2012
    Posts:
    1,166
    Location:
    EU
    I want to install a fully encrypted linux system (xubuntu) on a 500GB HDD.
    I would like to install it just on a 350GB partition and leave 150GB for other stuff.

    So, when I get to the proper installation prompt, I check "Encrypt...", "LVM.." and then "something else" (this because the default "Erase disk and install Xubuntu" will just use the whole 500GB).
    Then I am stuck. In the following screen I set up the 350GB partition (format to Ext4, mount point :/, bootloader, etc.) but then after clicking on "continue" the installation begins and it seems the Installation forgets to ask me the LUKS encryption password.
    So, basically it does forget my previous choice and installs it without LUKS.

    Using the whole disk and resizing afterwards is a pita...so I would like to avoid it.
     
  2. mirimir

    mirimir Registered Member

    Joined:
    Oct 1, 2011
    Posts:
    6,029
    It would be easiest to use a distro with the full Debian installer aka "alt installer". Most (if not all) Ubuntu flavors dropped that for desktop installers. Your best bet may be to do a server install, and then add the XFCE desktop.
     
  3. Baserk

    Baserk Registered Member

    Joined:
    Apr 14, 2008
    Posts:
    1,317
    Location:
    AmstelodamUM
    Boot Xubuntu live, create 2 partitions with GParted.
    Then install Logical Volume Manager and create new volume group and new volume on partition 1.
    Then reboot Xubuntu live and install. Does that work perhaps?
     
  4. amarildojr

    amarildojr Registered Member

    Joined:
    Aug 8, 2013
    Posts:
    1,977
    Location:
    Brasil
    Yes. However, just by using the default installer crypto-partitioner, the user won't be able to use anything but AES with a 1 second iter time. If he'd like to edit a few parameters on Debian (like KEY size, algorithm, IV-Algorithm, iter time, etc) I could help him. For some reason Ubuntu doesn't like this.
     
  5. mirimir

    mirimir Registered Member

    Joined:
    Oct 1, 2011
    Posts:
    6,029
    Doing manual LUKS installs is pretty iffy for most users ;)
     
  6. amarildojr

    amarildojr Registered Member

    Joined:
    Aug 8, 2013
    Posts:
    1,977
    Location:
    Brasil
    That's why I'm offering my help :)
     
  7. Palancar

    Palancar Registered Member

    Joined:
    Oct 26, 2011
    Posts:
    1,592
    I went through this several months ago and these same two members made it happen for me. I created a personal guide for doing this and it works beyond amazingly. On my setup I also remove /boot from the machine and place it on a usb flash for better security. Debian is so flexible and powerful with their installer if you take just a little time to learn it. Try reading through the entire thread linked below. The final resolution is awesome and not tough at all. Using this method I have 3 OS's all bare metal on my machine (3 separate usb /boot devices), which are fast and independent since all are FDE with LUKS and there is NO bootloader of any kind on the hard drive. Nice.

    If you have any questions place them here and not on that old thread.

    Start in post #3 in the linked thread and disregard the first two completely. -- > https://www.wilderssecurity.com/threads/idiots-guide-for-getting-luks-to-boot.378560/


    ps ---- don't waste your time trying this with Ubuntu. You will end up disappointed in every way. The Debian 8 installer has all the options that you need to make this happen.
     
    Last edited: Dec 21, 2015
  8. dogbite

    dogbite Registered Member

    Joined:
    Dec 13, 2012
    Posts:
    1,166
    Location:
    EU
    Thanks much to all of you for this support. Time to learn, now.
     
  9. Balthazar

    Balthazar Registered Member

    Joined:
    Nov 8, 2013
    Posts:
    137
    Location:
    Earth
    Last edited: Dec 22, 2015
Loading...