Installing Ubuntu on a LUKS encrypted USB thumb drive
Solution 1:
LUKS or Full Encryption Options in the Installer
Install to USB as you would to HDD. It is recommended that you remove the HDD before proceeding, especially in UEFI mode.
They have done a good job of hiding encryption options in the Live installer. It is located on the install page, just above Something else.
Tag "Erase disk and install Ubuntu" and then click "Advanced features". The Advanced Features popup will popup. Click "Use LVM with the new Ubuntu installation" and then "Encrypt the new Ubuntu installation for security".
Booting in BIOS/UEFI Modes
A USB created with the above method will only boot in the BIOS/UEFI mode it is created in. For a USB that Boots in either mode:
- When Install is complete, open the 20.04 ISO file and copy boot and ESP folders to partition 1.
-
Copy grub.cfg from Partition 5 /boot/grub/ to Partition 1 /boot/grub/ overwriting the existing grub.cfg file.
-
Re-Install GRUB:
sudo mount /dev/sdb1 /mnt
sudo grub-install --boot-directory=/mnt/boot /dev/sdb
-
Encrypted Full install USB should now be working in BIOS and UEFI modes.
If you want an encrypted USB drive that will boot in either BIOS or UEFI mode see: How to Make BIOS/UEFI Flash Drive with Full Disk Encryption