Author

Topic: [Tutorial] Install Ubuntu encrypted (custom install) (Read 149 times)

full member
Activity: 615
Merit: 124
Quote
Step 3) Booting from DVD-drive/Pendrive:
i did using usb flashdrive, rufus needed for that
i make 2 boot for my pc, windows and ubuntu 18.04

Yes exactly, Rufus is the way to go. The dual boot is the best option, but not easy to achieve if you want to encrypt the OS.
member
Activity: 67
Merit: 10
Quote
Step 3) Booting from DVD-drive/Pendrive:
i did using usb flashdrive, rufus needed for that
i make 2 boot for my pc, windows and ubuntu 18.04
full member
Activity: 615
Merit: 124
-----------------------------------------
Part 2: Encrypted Custom Installation

-----------------------------------------
Step 1) Preparing the disk (deleting everything in your disk) with GParted:

Ok, now the real thing.
Open your "Terminal" (it is something like the CMD/Powershell from Windows), it is located in the program list



Write this:
Quote from: write in terminal
sudo gparted
"sudo" is the command to execute something as "administrator", and "gparted" is a software for managing disk partitions.



The idea is to DELETE EVERYTHING in your HDD/SSD, you need to backup it, or you will lose all the data.
I'm repeating, you are going to delete EVERYTHING from your computer (Windows, photos, email stored on your computer, games, everything)
Select each of the partition, and delete them manually, because we are going to create different partitions:

You will need to create the new partition yourself, so read the next:

-----------------------------------------
Step 2) Understanding partitions in Ubuntu:

This will be complex for Windows users. Windows use one partition for the OS, and install there the Windows "System" folder, the Hibernation file and the pagefile.sys are created in the same directory, and the "\Users\Administrator" is also there. Everything is in the same partition.

GNU-Linux uses a different approach, we are going to have these:
- EFI partition (it is for GPT tables, instead of MBR; but I'm not explaining it here).
- Boot partition
- / (root) partition (it is like the "C://" from Windows)
- /swap partition (it is the pagefile.sys from Windows)
- /home partition (it is like the "Documents" from Windows)

This is an example of the partition used:

Partition / Example size / Format   (additional notes)
EFI partition, 1GB size, FAT32               (the recommended size is 256MB, but I just made it 1GB)
Boot partition, 2GB size, EXT4               (it could be 1GB and you will still have plenty space for new kernels, I used 2GB anyway).

Swap partition, 16GB size, SWAP           (this is your pagefile.sys, double of your RAM is the recommended size)
Root partition, 100GB size, EXT4            (this is your "program files" from Windows, the more software you install, the more space you need)
Home partition, the rest GB size, EXT4    (this is your "Documents" from Windows, the more pictures, videos, films, documents and files, the more space you need)


This will work without encryption, but we want to encrypt, and we are going to hide our "swap", "root" and "home" partitions inside an "encrypted box" I'm going to explain in the next step. Our disk will looks like this:

Quote from: example
[(EFI)(BOOT)(-----------------------------------ENCRYPTED BOX (Physical Volume)---------------------------------)]

-----------------------------------------
Step 3) Formating with GParted:

In GParted, after you deleted all the partitions, create an:
EFI partition, 1GB size, FAT32
Boot partition, 2GB size, EXT4
and an EXT4 partition, taking all the rest of the disk space.

Take note of the name of the partitions, example, "sda3".
Do not create the SWAP, ROOT or HOME, because we are going to create it in the terminal.

-----------------------------------------
Step 4) Creating encrypted volumes:

I made this part with the help of this sources:
Site 1: http://www.cim.mcgill.ca/~anqixu/blog/index.php/2018/06/20/install-18-04-on-encrypted-partitions-xps15-cuda/
Site 2: https://askubuntu.com/questions/293028/how-can-i-install-ubuntu-encrypted-with-luks-with-dual-boot/293029

Launch the Terminal again (or reuse it):


We will format the "sda3" partition (again), and we open it with luks to be able to create the encrypted volume next.
Quote from: write in terminal
sudo cryptsetup luksFormat /dev/sda3
sudo cryptsetup luksOpen /dev/sda3 xylber
Note: replace "sda3" for the name of your partition (Part 2 Step 3). Replace "xylber" for a custom name you choose.
In this guide, everything is named "xylber" for the sake of simplicity.


Optional: If you want to clean all the data of your HDD, making it (almost) impossible to recover with specialized forensic tools, then use this command:
Quote from: write in terminal
sudo dd if=/dev/zero of=/dev/mapper/xylber bs=16M status=progress
It can take more than 3 hours in an HDD of 1TB. Don't use it on a SSD!!!
Read more about it here: https://superuser.com/questions/1370584/erase-disk-before-selling


Now, we are creating the volume and "subvolumes" (Physical Volume, Volume Group, )
Quote from: write in terminal
sudo pvcreate /dev/mapper/xylber
sudo vgcreate vgxylber /dev/mapper/xylber
You can rename the "vgxylber" to the name you want, there is no need to make it start with "vg", nor contain the same word than before.


Now we create the actual partitions for SWAP, ROOT and HOME. I'm using the example sizes (in GREEN)
Quote from: write in terminal
sudo lvcreate -n lvxylberswap -L 16g vgxylber
sudo lvcreate -n lvxylberroot -L 100g vgxylber
sudo lvcreate -n lvxylberhome -l 100%FREE vgxylber
We had created the three partitions. In my 500GB HDD: SWAP will have 16GB (I have 8GB RAM), Root have 100GB to install applications, and all the rest of the space is for documents (minus the 2GB of boot and 1GB of EFI).


-----------------------------------------
Step 5) Installing Ubuntu with the Manual assistant:

Time to install Ubuntu with the included assistant. Complete all the info, don't install updates (you will download them later, when you actually boot), but install third party software.



Click on "SOMETHING ELSE", and you are going to be redirected to the partitions screen. It will looks something like this:




You have to assign each partition a task, by double clicking their path in the list:
EFI partition, 1GB size, FAT32             >  use as EFI
Boot partition, 2GB size, EXT4             > EXT4, Format, /boot (in the dropdown menu)
Swap partition, 16GB size, SWAP            > Use as SWAP
Root partition, 100GB size, EXT4           > EXT4, Format, "/" (in the dropdown menu)
Home partition, the rest GB size, EXT4     > EXT4, Format, /home

Device for Bootloader Installation: Choose the HDD, example:
/dev/sda HDD-Model 500GB

Press "INSTALL NOW", wait for the install (maybe 10/15 minutes), but don't reboot when it finishes.



-----------------------------------------
Step 6) Adding the encrypted partitions path to the kernel:

You need the ID of the partition (called "UUID), run:
Quote from: write in terminal
sudo blkid /dev/sda3
Remember to replace "sda3" for the name of your partition.

The Terminal will answer with a code, example:
Quote from: answer
/dev/sda3: UUID="550e8400-e29b-41d4-a716-446655440000"
Copy the code.

And we will mount the volumes. Replace "sda?" for the name of your "BOOT" partition, the 2GB partition of Ste3.
Quote from: write in terminal
sudo mount /dev/mapper/vgxylber-lvxylberroot /mnt
sudo mount /dev/sda? /mnt/boot
sudo mount /dev/mapper/vgxylber-lvxylberhome /mnt

sudo mount --bind /dev /mnt/dev
sudo chroot /mnt
mount -t proc proc /proc
mount -t sysfs sys /sys
mount -t devpts devpts /dev/pts


We will create the /etc/crypttab file:
Quote
sudo nano /etc/crypttab

In this new file you need to add this lines:
Quote from: file
#
cryptroot UUID=550e8400-e29b-41d4-a716-446655440000 none luks,discard
Replace for your own code. Save the file.
Tip: you can write again "sudo nano /etc/crypttab" and reopen the file to check if the file was saved.

Finally
Quote from: write in terminal
update-initramfs -k all -c


It is done unless you needed an special command to boot Ubuntu (do you remember the part1-step3?).

So, if you didn't need an special command, then, reboot, and done. The next time you reboot Ubuntu, you will be asked your encryption password.
If you needed an special command, then follow Step 7:


-----------------------------------------
Step 7) Adding a permanent kernel boot parameter:

In this example we are going to add the pci=noaer command, but it will depend on what you used (if you needed):
Quote from: write in terminal
sudo nano /etc/default/grub

You will fin a line which looks like this one:
Quote from: file
GRUB_CMDLINE_LINUX_DEFAULT="quiet splash"

and add your command, example:
Quote from: file
GRUB_CMDLINE_LINUX_DEFAULT="quiet splash pci=noaer"

save the file and execute on the Terminal:
Quote from: write in terminal
sudo update-grub
Reboot, the next time you reboot Ubuntu, you will be asked your encryption password.



Enjoy



===========THE END===========

It took me 5 hours to make this tutorial  Shocked Be free from the tirany of the closed sourced Windows! Smiley
Stay secure on your encrypted computer! Smiley Be brave and follow it!
If I made a mistake, let me know! Angry

This sites were of a lot of help to achieve what I achieved in this tutorial:
Site 1: http://www.cim.mcgill.ca/~anqixu/blog/index.php/2018/06/20/install-18-04-on-encrypted-partitions-xps15-cuda/
Site 2: https://askubuntu.com/questions/293028/how-can-i-install-ubuntu-encrypted-with-luks-with-dual-boot/293029
Site 3: https://superuser.com/questions/1370584/erase-disk-before-selling
Site 4: https://askubuntu.com/questions/19486/how-do-i-add-a-kernel-boot-parameter
full member
Activity: 615
Merit: 124
Notice: This post is intended for noob/windows users (like me) who wants to install Ubuntu on their computers/laptops for first time, with encryption and custom partition sizes. Ubuntu can do this, but the sizes of the partitions are created automatically. We don't want this, we want to choose the sizes ourselves.

I made it because the tutorials available on the web are either incomplete, or too complicated for an user who never used Linux before (like me). This guide is the most descriptive of all.
Important: Encryption, while secure, reduces the performance of your computer. Source: https://www.phoronix.com/scan.php?page=article&item=ubuntu-1804-encrypt&num=1

Protect your cryptos, your privacy, yourself, use an encrypted OS!
I made this tutorial for you Bitcointalk users, as a way of giving you all back some of the teaching you gave me with the cryptos.


This is Ubuntu 19 (not my video):
https://www.youtube.com/watch?v=sbbPYdpdMb8


Part 1: Let's Start
Step 1) Download Linux:
Step 2) Burn the image in CD or Pendrive:
Step 3) Booting from DVD-drive/Pendrive:
Step 4) Testing UBUNTU from DVD-drive/Pendrive (without installing):


Part 2: Encrypted Custom Installation
Step 1) Creating partitions (and deleting everything in your disk):
Step 2) Understanding partitions in Ubuntu:
Step 3) Formating with GParted:
Step 4) Creating encrypted volumes:
Step 5) Installing Ubuntu with the Manual assistant:
Step 6) Adding the encrypted partitions path to the kernel:
Step 7) Adding a permanent kernel boot parameter:


-----------------------------------------
Part 1: Let's Start

Step 1) Download Linux:

We can see the most popular GNU-Linux distros ("flavors") in this website: https://distrowatch.com/dwres.php?resource=popularity
In this tutorial we are going to use "Ubuntu", because it is one of the most user-friendly ones, even for new people.
Official Ubuntu Website: https://www.ubuntu.com/

We need the "desktop" version (we are not going to create a "server"), and we have 3 options:
A) Ubuntu 18.04.2 LTS: The "LTS" versions are "Long Term Support", these versions are more stable and get more updates, for longer time.
B) Ubuntu 18.10: Newest version, with nine months support.
C) Ubuntu 19.04: This is the version which replaces the "18.04.2 LTS", it is going to be launched on April 18th 2019, but you can try the beta and daily builds right now. <<< I PICKED THIS VERSION

> To download Ubuntu 18, go to this website: https://www.ubuntu.com/download/desktop
and pick between 18.04.2 LTS or 18.10, download the .iso file.
> To download Ubuntu 19 (latest daily-build): http://cdimage.ubuntu.com/daily-live/current/
and look for the file which has the ".iso" extension, example: disco-desktop-amd64.iso


-----------------------------------------
Step 2) Burn the image in CD or Pendrive:

Once we have the .iso file (whichever version you picked), you will need to burn it on a CD or make it "boot ready" in a pendrive.

If you have a DVD-writter then > I'm not explaining how to burn a DVD, just download any of this software, and, if asked, choose "burn a disc image", and pick the .iso file:
A) http://infrarecorder.org/?page_id=5 (open source)
B) http://www.imgburn.com/index.php?act=download (closed source, discontinued)

If you have a pendrive (4gb or more), then > Be sure to backup all the data stored on your pendrive, because it is going to be replaced by the Ubuntu files. You will need:
A) https://rufus.ie/ (Rufus will help you to copy the .iso content to your pendrive and make it bootable).


-----------------------------------------
Step 3) Booting from DVD-drive/Pendrive:

Insert the DVD on the DVD drive, or plug in the pendrive in an USB slot, and restart your computer.

If you have the DVD-drive/Pendrive set as a boot device on your BIOS, then, simply press repeteadly a key on your keyboard while the computer boots. This will tells the computer to boot from the DVD-drive/Pendrive instead of using your HDD or SSD drive. --but, if it doesn't work, you will need to configure your BIOS to boot from the DVD-Drive/Pendrive.

Each BIOS is different, and I'm not goin to cover "how to boot from a pendrive" in this guide. Just some quick recommendations:
-Some BIOSes have an option called "override boot device", and let you pick the device you want, valid for this one time (no changes will be made to the BIOS configuration).
-Some BIOSes have a "Boot device selector/menu", for example, Asus Laptops have it in the F8 key (press F8 when you power up the laptop).
-I recommend to have "Fast Boot" enabled, and "CSM support" disabled for Ubuntu. Or both disabled (I'm not going to explain dual boot, nor MBR vs GPT here).

Once you can boot from the DVD-Drive/Pendrive, you will see something like this:

-----------------------------------------
Step 4) Testing UBUNTU from DVD-drive/Pendrive (without installing):



We are going to check if you computer works well with Ubuntu, and, if you like it. The options you will see are probably:
*Ubuntu
*Install Ubuntu
*System setup

Don't worry, nothing is going to be deleted in your computer

Just pick "Ubuntu", and Ubuntu will launch itself from the DVD-drive/Pendrive, without installing. It is a "live CD" for testing purposes.
It will take more than a minute to boot, because it will be load from your the DVD-drive/Pendrive, not from your HDD/SSD:



Ok, if you achieved that screen, perfect. Try yourself enabling WIFI, browsing the web, opening the included software, like LibreOffice, etc. This is where you actually decide if you want to install it or not.

Problems?:
If you can't boot, then you need to see why Ubuntu can't boot from the DVD-Drive/Pendrive, if it is stuck on the "loading purple screen", then press "Ctrl + Alt + F1" or "down arrow" and you will see the log.
For example, the "PCIe Bus error severity=Corrected" error can be (sometimes) solved by adding "pci=noaer" on the kernel launch options.
I'm not going to explain it here! But you can see the answer there: https://askubuntu.com/questions/19486/how-do-i-add-a-kernel-boot-parameter
Jump to: