Announcement

Collapse
No announcement yet.

How do I set up LUKS full disk encryption on Kubuntu?

Collapse
X
Collapse
 
  • Page of 1
  • Filter
  • Time
  • Show
Clear All
new posts
Previous template Next
    #1

    How do I set up LUKS full disk encryption on Kubuntu?

    So I'm trying to install Kubuntu will full encryption and manual partitioning.

    I try:
    1024MB FAT32 partition with /boot/efi flagged as "boot"
    1024MB Ext4 partition with /boot
    142GB Ext4 LUKS partition with root

    It gives me a warning "Boot partition not encrypted", tells me it's insecure and I should encrypt it.

    So I delete that partition and just have the following (since I don't need the boot partition separate if it's not unencrypted):
    1024MB FAT32 partition with /boot/efi flagged as "boot"
    143GB Ext4 LUKS partition with root​

    After I install and reboot, GRUB doesn't detect anything and the various remediation steps I tried don't seem to work on Kubuntu.

    Anyone know how I go about setting this up?
    Tags: boot, encryption, grub, install, luks
    • Top
    • Bottom
    #2
    Maybe see https://www.kubuntuforums.net/forum/...4-10-with-luks

    Welcome to KFN!
    Windows no longer obstruct my view.
    Using Kubuntu Linux since March 23, 2007.
    "It is a capital mistake to theorize before one has data." - Sherlock Holmes
    • Top
    • Bottom

    Comment

      #3
      Originally posted by Snowhog View Post
      Maybe see https://www.kubuntuforums.net/forum/...4-10-with-luks

      Welcome to KFN!
      That post didn't come up in my searches so thanks for bringing it up, but it's not really helpful. Their solution was to use the erase disk option but I need manual partitioning because I want to leave half my drive for dual-boot.
      • Top
      • Bottom

      Comment

        #4
        Just let the installer take care of it for you?
        Maybe the /boot is too small, and the installer doesn't like that?

        ​​

        Click image for larger version Name: Screenshot_20250731_043724.png Views: 19 Size: 95.0 KB ID: 687895

        25.04 here doesn't gripe about the apparently unencrypted /boot, and the process and layout used would be the same if shrinking Windows or another OS, other than sharing the existing EFI partition.




        Hmm... are you trying to install 24.04? This might be helpful.
        I do think that this is a warning message you see when manually setting things up, but the installer would still proceed, just like it does if you make the EFI partition smaller than 300Mb.

        I did not see any warnings with 25.04 here, using automatic partitioning.
        • Top
        • Bottom

        Comment

          #5
          Originally posted by claydoh View Post
          Just let the installer take care of it for you?
          Maybe the /boot is too small, and the installer doesn't like that?

          25.04 here doesn't gripe about the apparently unencrypted /boot, and the process and layout used would be the same if shrinking Windows or another OS, other than sharing the existing EFI partition.

          Hmm... are you trying to install 24.04? This might be helpful.
          I do think that this is a warning message you see when manually setting things up, but the installer would still proceed, just like it does if you make the EFI partition smaller than 300Mb.

          I did not see any warnings with 25.04 here, using automatic partitioning.
          I need manual partitioning for dual-boot (I'll install the other OS later).
          I have been trying to install it without a separate /boot partition, since I don't need one if I'm not trying to leave it decrypted.
          I am trying to install 25.04

          A warning is still presumably founded. Leaving /boot unencrypted must be bad if they say so.
          • Top
          • Bottom

          Comment

            #6
            The calamares devs are not always completely correct, though - they really want you to have a 300Mb EFI, when 100 is far more than enough for almost every situation.

            It is also perhaps intended as a sane warning as people may assume that everything is encrypted, when it isn't, maybe?

            Calamares itself iirc supports FDE , but I am not sure if it does so for however Ubuntu and others would need it set up for encrypting /boot
            • Top
            • Bottom

            Comment

              #7
              From a Google search:

              Ubuntu doesn't automatically encrypt the /boot partition during installation because the bootloader (GRUB) needs to access the kernel and initramfs files directly from it to start the operating system. If /boot is encrypted, the bootloader cannot access these files, and the system cannot boot.
              Windows no longer obstruct my view.
              Using Kubuntu Linux since March 23, 2007.
              "It is a capital mistake to theorize before one has data." - Sherlock Holmes
              • Top
              • Bottom

              Comment

              Previous template Next

              Users Viewing This Topic

              Collapse

              There are 0 users viewing this topic.

              Working...
              X