Security :: dm-crypt Encryption for Linux Ubuntu

Printer-friendly versionSend by emailPDF version

Do not encrypt the only copy of protected data. Mobile devices have a greater exposure to damaging environments, and data on these devices, encrypted or not, can suddenly become unrecoverable. Please work closely with ITS to ensure that you create data security, not a data disaster.

Linux Ubuntu disk encryption capability is provided through DeviceMapper, a generic framework used to map one blockdevice into another. More information about DeviceMapper can be found on the Ubuntu documentation site.

Installing and Using Ubuntu Disk Encryption

The following steps outline how to install Ubuntu Linux 9.04 with disk encryption:

  1. Begin a standard Ubuntu Linux 9.04 install using the alternate install disc.
  2. Proceed through the first part of the install, selecting the desired options (language, time, and host-name settings).
  3. Once the partitioner is reached, select the "Guided - use entire disk and set up encrypted LVM" option.
  4. Select the disk you wish to partition.
  5. Select "Yes" to write the changes to the disk.
  6. Provide an Encryption passphrase.
  7. Input how much of the disk you wish to allot to Ubuntu.
  8. Select "Yes" to write all final changes to the disk.
  9. The installer will proceed to install the base system. Once the install is complete, you will need to configure users and other local system options.

If you wish to manually configure your partitions, you can follow the general guide steps listed below:

  1. Begin a standard Ubuntu Linux 9.04 install using the alternate install disc.
  2. Proceed through the first part of the install, selecting the desired options (language, time, and host-name settings).
  3. Once the partitioner is reached, select the "Manual" option.
  4. Create your desired partitions. If you wish for a partition to be encrypted, then select the "Use physical volume for encryption" option in the "Use as:" option. (Note the boot partition should not be encrypted)
  5. Once you have finished specifying your desired partitions. Select the "Configure encrypted volumes" option.
  6. Select "Yes" when asked to write the changes to the disk and configure the encrypted volumes.
  7. Input an encryption passphrase for each encrypted partition you specified.
  8. Once the passphrases have been configured, you will need to at least specify which partition will function as the root file system, as well as any other partition assignments you wish to configure.
  9. The installer will proceed to install the base system. Once the install is complete, you will need to configure users and other local system options.
feedback