Install Ubuntu 15.04 with full disk encryption, but without swap partition

partitioning lvm encryption swap

I have a laptop with 16GB of RAM, but SSD is only 64GB. I need to install Ubuntu 15.04 with both standard options - "Encrypt the new Ubuntu installation for security" and "Use LVM with the new Ubuntu installation". I don't want to create a swap partition, or at the very least I need to decrease it to the minimum, because by default it's taking up 16GB that will never be used.

How can I make this work? If I choose "Something else" I can't see any clear options how to accomplish this.


Solution 1:

The ubuntu installer (ubiquity) is quite limited in this regard. So we need to do it manually instead of the installer.

So when you run the Live CD/USB, choose "Try ubuntu", and launch gparted to partition your drive.

You need to make an ESP (sda1) (if you use EFI+GPT), a boot partition (256MB for example, sda2), another partition (for example, sda3) that will hold the crypted container called LUKS.

Then open a terminal (ctrl-alt-t)

Setup LUKS device

sudo cryptsetup --key-size 512 luksFormat /dev/sda3
sudo cryptsetup luksOpen /dev/sda3 crypted

Setup LVM on LUKS

If you don't want to use multiple partition, you can skip the following paragraph and avoid LVM. In that case, use /dev/mapper/crypted as you root latter on instead

sudo pvcreate  /dev/mapper/crypted
sudo vgcreate vg /dev/mapper/crypted
sudo lvcreate -L 15G vg -n root
sudo lvcreate -l 100%FREE vg -n home

Installation

Keep the terminal opened and now run the installation. Choose "Something else" when partitioning and specify

  • your boot partition (/dev/sda2)
  • your root partition (/dev/mapper/vg-root)
  • your home partition (/dev/mapper/vg-home)
  • any other needed partition...
  • and check the checkbox to format your partitions

At the end of the installation, don't reboot but just click "Continue trying ubuntu"

Post-install

In our opened terminal:

Create /etc/crypttab to add crypted partition

sudo mount /dev/mapper/vg-root /mnt
echo "crypted UUID=`blkid -o value /dev/sda3|head -1` none luks" | sudo tee /mnt/etc/crypttab
sudo umount /mnt

That's it ! Reboot now.

Related

What is a good starter Ubuntu book?
How do I get the Apple Wireless Keyboard Working in 10.10?
Programmaticaly change lightdm autologin session type
How can I enable the drivers for beats audio speakers for hp envy dv6?
Xerus - missing L2TP plugin for Network-Manager?
No access to Samba shares
notify-osd replaced with dunst after switching back to unity from i3wm
How do I use MAAS to prepare to install OpenStack?
How to update Qt from 5.5.1 to 5.9.5 on Ubuntu 16.04
DisplayLink USB 3.0 Not working on Ubuntu 14.04LTS
How can I get the A2DP output option and the input working again?
Why do none of my local servers resolve?