Ubuntu whole disk encryption

From Cryptolife

Jump to: navigation, search

Data leaks in most cases are caused due to stolen or missing laptops. A good solution to prevent unauthorized  access to data is to use a full disc encryption solution. In this case we are going to use Ubuntu 10.4 and LUKS/LVM to setup a whole disc encryption . The normal Ubuntu Desktop installation doesn't provide this feature, so we need to use the alternate ISO installation.

PLEASE TAKE CARE !!!!

Full disc encryption doesn't protect you from:
"Cold Boot Attacks Against Disk Encryption"

"Weak password brute force."


!!! In this example I've used a virtual machine and I choosed to use the whole hard drive ,if you have allready another operating system please consider the manual option and a corect partition schema, because otherwise the hard drive will be wiped out. !!!

 Comments and feedbacks are welcome by email:


1) Boot ubuntu and begin the installation following the normal installation until the disk partitioning.


Image:Ubuntudiscenc1.png


2) Guided - Use entire disk and set up encrypted LVM


3) Select the disk/partition that you want to use.


4)Use a strong passphrase!!!!


5) Confirm the passphrase.

Image:Ubuntudiscenc5.png


6)Define the LVM size.

Image:Ubuntudiscenc6.png


7) Write  the changes to the disk and proceed with the system installation.


8) At the next boot you will be promped for the hard drive password


9)The boot process will start...... and you can log on .


10) Some notes.


In this case we have 3 partitions: sda1 sda2 sda5

Where sda1 is the boot partion and is not encrypted because otherwise the system won't boot .

And sda2 sda5 are assigned to the LVM volume and can dispayed from the command line  with  lvdisplay


#lvdisplay

--- Logical volume ---
LV Name /dev/ubuntu10/root
VG Name ubuntu10
LV UUID HK0DvK-9k3G-aegz-f7CI-5ir7-cWjY-ikw5Q6
LV Write Access read/write
LV Status available
# open 1
LV Size 9.29 GiB
Current LE 2379
Segments 1
Allocation inherit
Read ahead sectors auto
- currently set to 256
Block device 252:1

--- Logical volume ---
LV Name /dev/ubuntu10/swap_1
VG Name ubuntu10
LV UUID 2V49LP-ztl6-9u2A-K9HA-szm4-cOal-kR4FhS
LV Write Access read/write
LV Status available
# open 1
LV Size 476.00 MiB
Current LE 119
Segments 1
Allocation inherit
Read ahead sectors auto
- currently set to 256
Block device 252:2








Retrieved from "http://www.cryptolife.org/index.php/Ubuntu_whole_disk_encryption"
Personal tools
Creative Commons License