Posted by & filed under Senza categoria.


I got a laptop with Ubuntu 16.04 and full encrypted hard disk but, I need dual boot with Windows and still have encryption on Ubuntu.

Ubuntu installer does not provide a wizard to encrypt a partition. Full house or nothing, baby.


note: these steps apply for a single partition only (root + boot), if you want to go deeper (swap, anyone?) take a look at the source at the end of this post. The concepts are the same.

  1. format
  2. install Windows as usual
  3. shrink Windows partition (the way you prefer, from Windows or from Ubuntu live)
  4. boot Ubuntu live, shrink Windows partition (if you still have to)
  5. sudo cryptsetup –key-size 512 luksFormat /dev/sda3 #create the crypted volume, where sda3 is your device obv.
  6. sudo cryptsetup luksOpen /dev/sda3 crypted #access the volume from /dev/mapper/crypted
  7. mke4fs -j /dev/mapper/crypted #create the filesystem
  8. Run the Ubuntu installer wizard as usual.
  9. Select something else (you know when)
  10. Set boot partition to a partition (~250mb)
  11. Set root partition to /dev/mapper/crypted
  13. sudo mount /dev/crypted/ /mnt #mount the freshly installed root partition
  14. YOUR_UUID = blkid -o value /dev/sda3|head -1
  15. echo “crypted UUID= YOUR_UUID none luks” | sudo tee /mnt/etc/crypttab #it’s like fstab but for encrypted devices
  16. check carefully /mnt/fstab, you should have something like /dev/mapper/crypted / ext4 errors=remount-ro 0 1 as first row
  17. Now we need to update the initramfs so…
  18. mount /dev/sdaX /mnt/boot # where sdaX is the boot partition (the one I said about 250mb)
  19. chroot /mnt #you wanna be sudo
  20. mount -t proc proc /proc
  21. mount -t sysfs sys /sys
  22. update-initramfs -u -k all #finally, update your initramfs
  23. exit
  24. reboot

It should work, if not, I may wrote some steps without paying the needed attention but, the procedure is this one. Roughly.