Encrypting Linux before the installation.


This blog post is just a refresher, the references have more details.

It goes without saying, that you should do a backup, save your MID (most important data) before you do a reinstall etc. Find the manual on how to access the BIOS. Smash the DEL/F8/F12 key w/e.

If you have a brand new machine. Usually those are the pre requirements:

  • Disable secure boot.
  • If dual boot is required.
    • Disable fast boot in Windows.
    • Remove encryption on the Windows drive.
    • Reduce the size of the Windows drive.
    • Format the new space as ntfs.


  • Download Distro ISO.
  • Make bootable USB stick.
  • Reformat the drive.
  • Use LUKS to encrypt the partition.
  • Use LVM to create a container, where we can put all the logicial volumes in.
  • Install Distros including swap, home drive in the decrypted container.

IMPORTANT Don’t format the EFI Bootloader, so you can keep Windows.

Download the distro and make a bootable USB stick

  • Donwload a software to flash the USB stick.
    • Use Rufus on Windows.
    • Use USB Formatter if on Pop!_OS etc. Just google the software of your choice.
  • Download the distro of your choice, in my case it is Pop!_OS.
  • Boot the installation media.
  • Open the terminal.
  • Find the partition.
fdisk -l
  • Encrypt, where /sdaX or any partition you found. We are going to use cryptsetup.
cryptsetup luksFormat -s 512 /dev/sdaX
pvcreate /dev/mapper/encrypted
vgcreate root /dev/mapper/encryped
  • Create a logicial volume lvcreate, where in our case, the size is choosen in gigabytes.
lvcreate -L [SIZE in gigabytes]G -n [NAME]
  • Unmount all the paritions.
umount -all
  • Restart and boot the installation media again.
  • Decrypt the container via the GUI.
  • Set the bootloader, root and swap partition, where root and swap are in the encrypted mapper
  • Clean and install.


Written on December 27, 2021 at 21:21

Last but not least

If the post is updated, the creation date, will be pushed. So it might happend, you see an existing page back on frontpage. I think, this approach is valid, so wrong information or gained information is covered. But if I am going to write a new part of topic, I might include an updated link to the new post.