EFF delivers easy full-disk encryption for Ubuntu


8 Responses to “EFF delivers easy full-disk encryption for Ubuntu”

  1. benenglish says:

    I have never had a bit of problem using the alternate install disk to get whole-disk encryption when installing Ubuntu.  I’ve been doing it for a bunch of releases already.

    Two tips

    First, the “using the alternate installer to config the partitions … was just too much of a hassle” is (now, was) a legit complaint.  I always just selected the check box to let the installer have the complete disk.  This seems like a useful improvement that will encourage FDE use for more people.  Yay.

    Second, have they solved the “impossible to upgrade” problem yet?  I have *never* successfully upgraded version numbers for a Ubuntu machine with FDE.  After beating my head against the wall a hundred different ways over the years, I find that the only method that works for a version number upgrade is to back up the boot disk, use a disk wiper to *fully* overwrite that disk (*especially* the boot sector), then do a new install from scratch.

    Congrats to Canonical for delivering something that lots and lots of people have been asking for for a long time.

    The best news in the article, though?  It looks like this improvement will carry over to the next Mint release.  I think I just decided to delay my next Ubuntu upgrade; I was going to do it this weekend.  Mint 14, here I come!

  2. I had no idea it was that hard – Fedora has had this as a basic feature for years.  Upgrades work without hesitation.

    • hanoverfiste says:

      Ii have been using Fedora daily for 11 months now  I actually didn’t realize that this was a feature.  As for the upgrading, Beefy Miracle wasn’t painless. The day after I gave up and did a fresh install I found the work around for the problem with 15 and 16 having the same core name.  Oh well, over the years I have learned a lot from starting over.

  3. herklots says:

    The problem with Ubuntu’s default installation is they don’t make a separate partition for / (system stuff) and /home (your stuff). Linux should be set up with 4 partitions: boot (100MB), swap (same size as you RAM is a good), / (10 to 20GB), and /home (rest of drive). Encrypt all but the boot partition. Now it’s easy to slap a new Linux on by telling the installer to keep the existing partitions, re-format the boot and / ones, but keep the /home as is.

    • Sigmund_Jung says:

      Newbie question: how do you read your encrypted /home if you add a whole new / ? If that’s possible, doesn’t it defeat the purpose of encryption (I mean, I could steal a notebook, wipe the / , add my own system and read the /home contents?)

  4. David Huff says:

    Be happy to try Ubuntu again once the problem of “(decent) ATI graphics cards support”is fixed. No, sorry…I can’t afford to replace it with NVIDIA just to get that support, either.

    Been using Linux since RedHat 5 or thereabouts, and tried Ubuntu as recently as a year or so ago. Getting the ATI card working was hideous. Brought me back to the (not so) Good Ol’ Days of editing X11 conf files by hand :P

  5. herklots says:

    I found the best instructions at http://joernfranz.net/2011/01/20/installing-ubuntu-10-10-with-full-disk-encryption/, but the site is dead. I put a PDF of the instructions at http://home.comcast.net/~herklots/Installing%20Ubuntu%2010.10%20with%20LVM.pdf which I use whenever I use this, because there are a lot of details. Note that some of the screenshot pics don’t quite agree with the text (the text is correct).

Leave a Reply