0

When I first installed Ubuntu it gave me the option of encrypting the install. At the time I opted not to do so.

I am interested in doing so now. I know there are speed considerations, but I am not concerned with them. Do I have to do a clean install of Ubuntu to get the full disk encryption or can I do it right from the running OS..?!

Michael Lauzon
  • 1
  • 1

1 Answers1

0

First you should always back up any important directories/files then install some encryption software by running sudo apt-get install ecryptfs-utils cryptsetup. You will have to encrypt your home directory while you’re not logged in. This means that you’ll need another user account with administrator (sudo) privileges – you can create one from Ubuntu’s User Accounts window. Login as the new user and run

sudo ecryptfs-migrate-home -u user

Do not reboot until you have logged back in as your normal user.

After you log in, click the Run this action now button to create a recovery passphrase. Keep this passphrase somewhere safe – you’ll need it if you have to manually recover your files in the future.

When you set up an encrypted home directory while installing Ubuntu, your swap partition is also encrypted. After setting up home directory encryption, you’ll also want to set up swap encryption. To do so, run the following command in a terminal:

sudo ecryptfs-setup-swap

Note that an encrypted swap won’t work properly with Ubuntu’s hibernate feature – which is disabled by default, anyway.

Edited ..

The biggest problem with Ubiquity's automation is the absence of all control which ultimately means you can not dual boot with it, not even with other Linux distros. You can either reformat the entire drive and install only the encrypted Linux, or you can install alongside Windows or whatever else—unencrypted.

Other negatives are relatively trivial, some not. Your drive's partition table must be MBR format and while the installer does this for you, GPT is out of the question. You're also stuck with logical volumes (hence, needing MBR) which does increase convenience, but at the expense of complexity and overhead. A consequence of logical volumes and MBR is that if your computer has UEFI, the distro will be installed in legacy BIOS mode so you can't use Secure Boot. This setting also gives you a swap size equal to that of your system RAM (often unnecessary) and you have no choice over what kind of encryption is used.

The options for encryption are endless this is a quick way to encrypt the important personal files I dont think a full guide (which it would need) is necessary jere, if the OP wants a guide .. just ask and I will be happy to edit my answer to provide a full detailed guide

jamiejackherer
  • 61
  • 1
  • 9
  • This assumes you want to encrypt your Home Directory and not your entire system. If you want full disk encryption, you'd be better off backing up your system and re-installing with LVM and LUKS. If you had the HDD space, you could migrate, but you'll most likely introduce errors if you don't let Ubuntu do the setup with your installation. – earthmeLon Sep 08 '15 at 20:58