I got a laptop with Ubuntu 16.04 and full encrypted hard disk but, I need dual boot with Windows and still have encryption on Ubuntu.
Ubuntu installer does not provide a wizard to encrypt a partition. Full house or nothing, baby.
note: these steps apply for a single partition only (root + boot), if you want to go deeper (swap, anyone?) take a look at the source at the end of this post. The concepts are the same.
- install Windows as usual
- shrink Windows partition (the way you prefer, from Windows or from Ubuntu live)
- boot Ubuntu live, shrink Windows partition (if you still have to)
- sudo cryptsetup –key-size 512 luksFormat /dev/sda3 #create the crypted volume, where sda3 is your device obv.
- sudo cryptsetup luksOpen /dev/sda3 crypted #access the volume from /dev/mapper/crypted
- mke4fs -j /dev/mapper/crypted #create the filesystem
- Run the Ubuntu installer wizard as usual.
- Select something else (you know when)
- Set boot partition to a partition (~250mb)
- Set root partition to /dev/mapper/crypted
- Install. DO NOT REBOOT AT THE END
- sudo mount /dev/crypted/ /mnt #mount the freshly installed root partition
- YOUR_UUID = blkid -o value /dev/sda3|head -1
- echo “crypted UUID= YOUR_UUID none luks” | sudo tee /mnt/etc/crypttab #it’s like fstab but for encrypted devices
- check carefully /mnt/fstab, you should have something like /dev/mapper/crypted / ext4 errors=remount-ro 0 1 as first row
- Now we need to update the initramfs so…
- mount /dev/sdaX /mnt/boot # where sdaX is the boot partition (the one I said about 250mb)
- chroot /mnt #you wanna be sudo
- mount -t proc proc /proc
- mount -t sysfs sys /sys
- update-initramfs -u -k all #finally, update your initramfs
It should work, if not, I may wrote some steps without paying the needed attention but, the procedure is this one. Roughly.