Ubuntu and Full Disk Encryption (FDE)

Mon 22 February 2010 Category: Security

Ubuntu is based on Debian Linux. As part of a regular Debian installation, you can choose to create an encrypted disk volume based on LUKS. This is different from the option within the Ubuntu installation to encrypt home directories. To be able to install Ubuntu and use full disk encryption, you need to download the alternate install CD / DVD. Only this version of Ubuntu supports LUKS as an installation option.

You will have either two options:

  1. use the default choice, creating a swap partition, boot partition and the encrypted root file system on top of LVM;

  2. create separate crypted partitions yourself manualy.

Personaly I don't care for separate partitions and use the provided automatic option. If you do care, please read this blog for more info.