Mailing List Archive


[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[tlug] Configuring encrypted Linux disk on a system with Windows



On 2017-10-27 16:25 +0900 (Fri), Edmund Edgar wrote:

> But I wiped [Windows] because Ubuntu makes it a PITA doing full-disk
> encryption if you want to dual-boot.

Not really, so long as you understand the disk partitioning. What you
want to do is the following. (The same procedure also works for Debian
(of course), CentOS 7, and probably lots of other distros.)

Shrink your Windows partition to leave an appropriate amount of space
for the Linux system. There are various ways to do this, including
GParted, but I don't recall the exact details so you'll need to look
it up on the net. You can also just wipe and re-install later if your
laptop came with Windows 10 and you know your laptop's product key; MS
now offers installers you can just download on to a USB stick.

Choose custom partitioning during the install.

Start by creating two DOS partitions , a 250 MB (or so) one for
`/boot` and the rest for the encrypted partition. I always just create
two primary partitions (leaving two other primary partitions for
Windows and possibly its recovery partition), but you can give up one
of the primary partitions in order to create extended partitions if
necessary. I think that `/boot` needs to be on a primary partition,
though. 

`/boot` should be formatted as ext4, and the other designated as space
for an encrypted partition. After writing this, create the encrypted
partition (you'll assign it a passphrase at this point).

Once the encrypted partition is mounted as a new device, assign it as
"for use by LVM." Then create an LVM volume group and a single
physical volume on the encrypted device assigned to it. In the volume
group create two logical volumes: swap (which should be larger than
your physical RAM if you want your laptop to be able to hibernate) and
root (as all remaining space). Write this out so that the two new
logical volumes appear as new block devices.

Assign the new devices as swap and as ext4 mounted on `/`. Go on with
the rest of the install. If you've made a mistake somewhere with the
partition you will probably be warned about it; if not the installer
will notice that you're set up for an encrypted disk and do the right
thing. It should even recognize that you have a bootable Windows
partition and add that to the Grub menu.

There's nothing particularly tricky or special about this process;
I've been doing it this way for a decade or more. Though why they don't
just add an option to the basic install to do this on unallocated space
on the physical disk rather than wiping the whole disk, I don't know.

cjs
-- 
Curt J. Sampson      <cjs@example.com>      +81 90 7737 2974

To iterate is human, to recurse divine.
    - L Peter Deutsch


Home | Main Index | Thread Index

Home Page Mailing List Linux and Japan TLUG Members Links