This is a short overview of how to install Ubuntu 16.10 on an existing LUSK-encrypted partition containing logical volumes, and using two unencrypted partitions for /boot and /boot/efi/.
All the commands shown later, will be according to this layout.
NAME SIZE RO TYPE Note
- Boot from your install medium in UEFI mode.
- Start the live system (“Try Ubuntu …”)
Unlock the encrypted partition
# find partition
# open it
sudo cryptsetup luksOpen /dev/sdc3 sdc3_crypt
run the installer
- set the root to be /dev/mapper/vg01-root select a filesystem (ext4) and check the format box
- set /boot as mountpoint for /dev/sdc2
- set /dev/sdc as boot device
prepare the new install for chroot
# mount the root partition
sudo mount /dev/mapper/vg01-root /mnt
sudo mount /dev/sdc2 /mnt/boot
sudo mount /dev/sdc1 /mnt/boot/efi
# bind the dev, proc, and sys to the new root
sudo mount --bind /dev /mnt/dev
sudo mount --bind /proc /mnt/proc
sudo mount --bind /sys /mnt/sys
chroot into the new install
sudo chroot /mnt
find the uuid of the luks encrypted partition
add a new file /etc/crypttab with the content (where sdc3_crypt is just a name, I used the same here as in the luksOpen above)
# <target name> <source device> <key file> <options>
sdc3_crypt UUID=f2ee83ef-a828-4a84-a150-2ffd781b495a none luks,discard
The discard option is only relevant for SSD drives and may reduce the security, see the warning in the manpage here.
- fix the boot setup
# reinstall grub
apt-get install --reinstall grub-efi-amd64
# update the initramfs
update-initramfs -k all -c -v
# update grub
That should be it, reboot the system and there should be an “ubuntu” entry in the UEFI menu, boot from it and it should prompt for the LUKS password and then boot to the normal lightdm login screen.
Thank you for reading, I hope that it was helpful :)
Edit: Post edited on 2016-10-14. Changed from single partition for /boot and /efi to separate partitions and fixed errors.
This work is licensed under a Creative Commons Attribution 4.0 International License.