Install Ubuntu 19.10 with encrypted swap/home partitions, specifying manually the swap partition

Question

I would like to install ubuntu 19.10 with encrypted home and swap partitions, specifying manually the size of the swap partition.

I struggled with gparted and the installer to have something working, without success... For instance:

• the EFI and a /boot (ext4) partitions + a single encrypted container containing 3 partitions (system/swap/home): the installer crashes
• the EFI an system partitions + 2 encrypted containers for the swap and the home: error "an unsafe swap has been created" or "the creation of the swap space in partition #1 of encrypted volume (xxx) failed"
• the EFI an system partitions + a single encrypted container containing 2 partitions (swap/home), it manage to install and run, but the system starts without asking the password, the encrypted volume is not mounted...
• modifying the recipe files in /lib/partman to increase the minimum swap partition size: error "An error occurred while configuring encrypted volumes."

Is there a simple way, mainly using the installer gui, to do that?

Many thanks!

Answer 1

LVM with LUKS encryption

The method with encrypted home and swap is deprecated (after problems to keep things secret with that method). I suggest that you use the method that is now the only encryption method in Ubuntu's installer, LVM with LUKS encryption.

• In the installer, at the partitioning window 'Installation type', select Erase disk and install Ubuntu

• Encrypt the new Ubuntu installation for security

  

• Write the changes to the target drive

  

• Continue with the installation

  The partition structure seen from the live system after installation shows that there is LVM with LUKS encryption.

  

• After reboot you must enter the passphrase, that should be long, difficult to guess but easy for you to remember.

  There is no back-door, so it is important to have a good backup routine.

• This is the partition structure seen from the installed system,

  

Swap file /swapfile

Add a swap file if you need more swap. This swap file should be in the root directory

tester@tester-Lenovo-V130-14IKB:~$ sudo fallocate -l 8G /swapfile

tester@tester-Lenovo-V130-14IKB:~$ sudo mkswap /swapfile
mkswap: /swapfile: insecure permissions 0644, 0600 suggested.
setting up swapspace version 1, size = 8 GiB (8589930496 bytes)
no label, UUID=d34cc88f-0b25-4366-9f61-e477c87f5581

tester@tester-Lenovo-V130-14IKB:~$ sudo chmod 0600 /swapfile

tester@tester-Lenovo-V130-14IKB:~$ sudo nano /etc/fstab

I suggest that you add the following line to /etc/fstab

/swapfile                   none            swap    sw              0       0

Then you can swap it on

tester@tester-Lenovo-V130-14IKB:~$ sudo swapon -a

and check the result

tester@tester-Lenovo-V130-14IKB:~$ swapon
NAME      TYPE      SIZE USED PRIO
/dev/dm-2 partition 976M   0B   -2
/swapfile file        8G   0B   -3

/swapfile will work after reboot because it is in /etc/fstab (and with higher priority)

/swapfile file        8G   0B   -2
/dev/dm-2 partition 976M   0B   -3

This should be enough for hibernation with 8 GiB RAM and for running rather big tasks, that need heavy swapping.