EFF delivers easy full-disk encryption for Ubuntu

Douglas sez,

18 months ago Boing Boing posted about EFF's effort to get Ubuntu to make full disk encryption (FDE) easy upon install. EFF has delivered.

I'm sure many of us have had and continue to have the experience of trying to nudge someone (or ourselves) over from OS X or Windows to GNU/Linux and LUKS full disk encryption, but the process got roadblocked at some point because using the alternate installer to config the partitions and all for FDE was just too much of a hassle for parties involved. Now in Ubuntu 12.10, FDE is just a tickbox in the default installer. How cool is that?

This means it's a good time to donate to EFF. And if you're using Ubuntu 12.10, don't forget to fix the privacy problems for which EFF provides a tutorial (thanks again!).

(Thanks, Doug!)


  1. I have never had a bit of problem using the alternate install disk to get whole-disk encryption when installing Ubuntu.  I’ve been doing it for a bunch of releases already.

    Two tips

    First, the “using the alternate installer to config the partitions … was just too much of a hassle” is (now, was) a legit complaint.  I always just selected the check box to let the installer have the complete disk.  This seems like a useful improvement that will encourage FDE use for more people.  Yay.

    Second, have they solved the “impossible to upgrade” problem yet?  I have *never* successfully upgraded version numbers for a Ubuntu machine with FDE.  After beating my head against the wall a hundred different ways over the years, I find that the only method that works for a version number upgrade is to back up the boot disk, use a disk wiper to *fully* overwrite that disk (*especially* the boot sector), then do a new install from scratch.

    Congrats to Canonical for delivering something that lots and lots of people have been asking for for a long time.

    The best news in the article, though?  It looks like this improvement will carry over to the next Mint release.  I think I just decided to delay my next Ubuntu upgrade; I was going to do it this weekend.  Mint 14, here I come!

    1. Ii have been using Fedora daily for 11 months now  I actually didn’t realize that this was a feature.  As for the upgrading, Beefy Miracle wasn’t painless. The day after I gave up and did a fresh install I found the work around for the problem with 15 and 16 having the same core name.  Oh well, over the years I have learned a lot from starting over.

  2. The problem with Ubuntu’s default installation is they don’t make a separate partition for / (system stuff) and /home (your stuff). Linux should be set up with 4 partitions: boot (100MB), swap (same size as you RAM is a good), / (10 to 20GB), and /home (rest of drive). Encrypt all but the boot partition. Now it’s easy to slap a new Linux on by telling the installer to keep the existing partitions, re-format the boot and / ones, but keep the /home as is.

    1. Newbie question: how do you read your encrypted /home if you add a whole new / ? If that’s possible, doesn’t it defeat the purpose of encryption (I mean, I could steal a notebook, wipe the / , add my own system and read the /home contents?)

  3. Be happy to try Ubuntu again once the problem of “(decent) ATI graphics cards support”is fixed. No, sorry…I can’t afford to replace it with NVIDIA just to get that support, either.

    Been using Linux since RedHat 5 or thereabouts, and tried Ubuntu as recently as a year or so ago. Getting the ATI card working was hideous. Brought me back to the (not so) Good Ol’ Days of editing X11 conf files by hand :P

Comments are closed.