7

I'm a very long time ubuntu user (over a decade) but have not been here as I've had no issues with Ubuntu. With the arrival of 20.04 LTS I decided to encrypt my data (or system if needed). I'm looking for the following:

  • Method to reinstall ubuntu with LUKS encryption on a previous LUKS encrypted ubuntu install on a dual boot system with Win10.
  • Keep all my personal files (ie /home folder) intact, with or without a separate partition. I do not wish to move everything out, reinstall and then move stuff back in.
  • Simple GUI based approach through the standard installer. I know how to use the command line but I'd rather not, especially for something as sensitive as encryption.

What I'm looking for is basically the same as this document: (https://help.ubuntu.com/community/UbuntuReinstallation) except that I need it on an LUKS encrypted system/partition. I tried doing this on a spare system with 20.04, and I could not find a way of telling the installer the passphrase to the encrypted system. The end result was a reinstall that wouldn't boot or the encrypted partition gets wiped out. I also tried to run installer with and without pre-unlocking the encrypted partition but to no avail'.

I am able to do all of the above with Fedora,OpenSUSE,Manjaro, (although they only do this when /home is on separate partition, which is fine for me) so I'm not sure what I'm doing wrong in Ubuntu.

Thanks!

2 Answers2

4

Based on the my personal experiments using the Ubuntu 20.04 installer, online research, and asking various forums (and lack of answers there), I conclude that as of today, there is no way to do all of the following:

  • Installing/reinstalling Ubuntu ...
  • using the installer GUI ...
  • on a pre-encrypted system (LUKS, with separate /home partition or not) without destroying pre-existing personal files...
  • with dual booting another OS.

Of course there are ways of doing this if you rely on the command line, which I was looking to avoid. I've decided to switch to Fedora 32 as it meets all these requirements. Ubuntu served me rather well for over a decade, hope to return when the above issue is fixed.

For those interested in my Fedora 32 setup:

  • Dual-boot setup with Windows 10.
  • Reuse (DO NOT FORMAT) /boot/efi partition from Windows 10 install
  • Create UNENCRYPTED /boot partition
  • Create/Reuse ENCRYPTED / partition
  • Create/Reuse ENCRYPTED /home partition
  • Provide Passphrase to unlock above encrypted partitions.
  • Post install, added RPMFusion repository and Gnome Tweaks extension

Thats the summary, its been a week and so far things have been great with Fedora 32. I've not really noticed much difference from Ubuntu for my needs (Email, Browsing, viewing photos/videos, music, skype, spreadsheets, documents).

Thanks!

4

https://bugs.launchpad.net/ubuntu/+source/ubiquity/+bug/1904270 describes a way to work around this atrocity:

Ubuntu 20.04: Extra Steps for Re-Using Existing LUKS Encrypted Partition (replace nvme0n1p8 with your encrypted LUKS partition)

BEFORE starting the installer (if in Ubuntu or Kubuntu live CD desktop), or at the first step (if using Ubuntu Server text-based live CD installer):

# open existing LUKS partition (
cryptsetup luksOpen /dev/nvme0n1p8 nvme0n1p8_crypt

Then, either do this at the end after the installer has run, or boot into a live CD environment (e.g. Kubuntu) and do:

cryptsetup luksOpen /dev/nvme0n1p8 nvme0n1p8_crypt
mount -o subvol=@ /dev/mapper/MainVG-root /mnt/
mount /dev/nvme0n1p7 /mnt/boot/
mount --rbind /dev/ /mnt/dev/
mount --rbind /sys/ /mnt/sys/
mount --rbind /run/ /mnt/run/
mount --rbind /proc/ /mnt/proc/
chroot /mnt /bin/bash -l
blkid | grep crypto_LUKS
# Example: /dev/nvme0n1p8: UUID="8cb9831a-692e-4b0e-936f-72529a3ed56d" TYPE="crypto_LUKS" PARTUUID="139f23d2-a0ff-4f4f-b41f-8083964ac894"
apt install vim
vim /etc/crypttab
# Add a line for the encrypted partiton, e.g:
# nvme0n1p8_crypt UUID="8cb9831a-692e-4b0e-936f-72529a3ed56d" none luks
#
# MAKE SURE There's a newline at end of /etc/crypttab

update the initramfs


update-initramfs -u -k all


umount -l /mnt


Optional, probably not needed


grub-install --recheck /dev/nvme0n1
grub-mkconfig -o /boot/grub/grub.cfg

I'll note that this set of instructions didn't work for me though.

mount -o subvol=@ /dev/mapper/MainVG-root /mnt/

gave a non-specific error ("wrong fs type, or whatever, etc, etc."). What did work were the commands from this answer on SuperUser.SE.

MWB
  • 684