Encrypting Linux before the installation.
This blog post is just a refresher, the references have more details.
It goes without saying, that you should do a backup, save your MID (most important data) before you do a reinstall etc. Find the manual on how to access the BIOS. Smash the DEL/F8/F12 key w/e.
If you have a brand new machine. Usually those are the pre requirements:
- Disable secure boot.
- If dual boot is required.
- Disable fast boot in Windows.
- Remove encryption on the Windows drive.
- Reduce the size of the Windows drive.
- Format the new space as ntfs.
- Download Distro ISO.
- Make bootable USB stick.
- Reformat the drive.
- Use LUKS to encrypt the partition.
- Use LVM to create a container, where we can put all the logicial volumes in.
- Install Distros including swap, home drive in the decrypted container.
IMPORTANT Don’t format the EFI Bootloader, so you can keep Windows.
Download the distro and make a bootable USB stick
- Donwload a software to flash the USB stick.
- Use Rufus on Windows.
- Use USB Formatter if on Pop!_OS etc. Just google the software of your choice.
- Download the distro of your choice, in my case it is Pop!_OS.
- Boot the installation media.
- Open the terminal.
- Find the partition.
- Encrypt, where /sdaX or any partition you found. We are going to use cryptsetup.
cryptsetup luksFormat -s 512 /dev/sdaX
- Create a disk or partition pvcreate - initialize a disk or partition for use by LVM.
- Create a volume group vgcreate.
vgcreate root /dev/mapper/encryped
- Create a logicial volume lvcreate, where in our case, the size is choosen in gigabytes.
lvcreate -L [SIZE in gigabytes]G -n [NAME]
- Unmount all the paritions.
- Restart and boot the installation media again.
- Decrypt the container via the GUI.
- Set the bootloader, root and swap partition, where root and swap are in the encrypted mapper
- Clean and install.
Last but not least
If the post is updated, the creation date, will be pushed. So it might happend, you see an existing page back on frontpage. I think, this approach is valid, so wrong information or gained information is covered. But if I am going to write a new part of topic, I might include an updated link to the new post.Home