PDA

View Full Version : Software Encrypted Ubuntu - Step-by-step installation



SonsOfLiberty
02-13-2009, 12:13 AM
This is for v8.04 but "should" work with version upwards.

Data encryption is one of the best methods to protect your sensitive files, especially if you own a laptop. Unfortunately, on the Ubuntu operating system, it's only available in the text mode installer. But that's why this guide is here, to help you install a fully encrypted Ubuntu OS on your computer.

The whole process is completely safe and it is recommended to be used by anyone out there who wants to protect his/her sensitive data. To break it down to you: No more living in fear! Your data will NOT be stolen anymore!

OK, OK, so what are the advantages of this encryption?

In order not to reveal data you may consider confidential, everything on that disk (including the SWAP space) will be fully encrypted;

Pre-boot authentication support. This way, you can set GDM (the GNOME login manager) to automatically log-in the default user.

Any disadvantages I should know of?

Except the fact that the whole installation process is done in text mode and it will take a little longer than the usual graphical installation, there are no other disadvantages!

Things needed:
Ubunto 8.04 Alternative CD (http://linux.softpedia.com/get/System/Operating-Systems/Linux-Distributions/Ubuntu-Hardy-Heron-32974.shtml)

Let's begin, shall we? If you haven't already, get your copy of Ubuntu 8.04 Alternate CD right now from the above link, burn it on a blank CD with your favorite CD/DVD burning application, reboot your computer and boot from this newly created CD. Select your preferred language for the installation process...
http://thumbnails6.imagebam.com/613/f51e826123021.gif (http://www.imagebam.com/image/f51e826123021)

Then, the Ubuntu boot menu will appear, select the first option 'Install Ubuntu' and hit Enter...
http://thumbnails6.imagebam.com/613/d1feb66123023.gif (http://www.imagebam.com/image/d1feb66123023)

Choose your native language and region...
http://thumbnails6.imagebam.com/613/1fb2c96123024.gif (http://www.imagebam.com/image/1fb2c96123024)

http://thumbnails6.imagebam.com/613/84e6b16123025.gif (http://www.imagebam.com/image/84e6b16123025)

On the following screen, choose 'Yes' if you want to let the installer auto-detect your keyboard layout or choose 'No' to select a default layout from the next screen(s) (e.g. for a US English keyboard, select 'No', hit Enter, then on the second screen select 'U.S. English', hit Enter and on the third screen select 'U.S. English' again and hit Enter to continue)...
http://thumbnails6.imagebam.com/613/88661a6123027.gif (http://www.imagebam.com/image/88661a6123027)

http://thumbnails6.imagebam.com/613/12be786123028.gif (http://www.imagebam.com/image/12be786123028)


http://thumbnails6.imagebam.com/613/27b3876123029.gif (http://www.imagebam.com/image/27b3876123029)

It will then detect some of your hardware components and configure the network with DHCP...
http://thumbnails6.imagebam.com/613/3c4c476123030.gif (http://www.imagebam.com/image/3c4c476123030)

Enter a desired hostname when asked...
http://thumbnails6.imagebam.com/613/e49f586123031.gif (http://www.imagebam.com/image/e49f586123031)

Configure the time zone...
http://thumbnails6.imagebam.com/613/24784a6123033.gif (http://www.imagebam.com/image/24784a6123033)

Disk partitioning will start. Select the third option: Guided - use entire disk and set up encrypted LVM...
http://thumbnails6.imagebam.com/613/0858496123034.gif (http://www.imagebam.com/image/0858496123034)

Choose the hard disk where Ubuntu will be installed...
http://thumbnails6.imagebam.com/613/70c05a6123036.gif (http://www.imagebam.com/image/70c05a6123036)
Note: Please provide an MASTER (not SLAVE) empty hard drive for this installation, because all the data will be erased after you confirm the changes and in order to prevent the overwriting of the MBR (boot sector) in case you have another operating system installed.

Confirm the changes...
http://thumbnails6.imagebam.com/613/3fa7606123037.gif (http://www.imagebam.com/image/3fa7606123037)

You'll be asked to enter a passphrase (a strong password; the longer, the better)...
http://thumbnails6.imagebam.com/613/2c148a6123038.gif (http://www.imagebam.com/image/2c148a6123038)

Confirm the passphrase...
http://thumbnails6.imagebam.com/613/4fdb746123040.gif (http://www.imagebam.com/image/4fdb746123040)

Note: Please write down the passphrase in case it's too long and you can't remember it!

Now, the partitioning tool will format the hard drive and create the default partitioning scheme. Confirm the changes...
http://thumbnails6.imagebam.com/613/97c06e6123041.gif (http://www.imagebam.com/image/97c06e6123041)

The hard drive partitioning process will start:
http://thumbnails6.imagebam.com/613/cb457d6123042.gif (http://www.imagebam.com/image/cb457d6123042)

And the base system will be installed...
http://thumbnails6.imagebam.com/613/d14cb86123043.gif (http://www.imagebam.com/image/d14cb86123043)

Create a user and set up a password for it...
http://thumbnails6.imagebam.com/613/bc0d7c6123045.gif (http://www.imagebam.com/image/bc0d7c6123045)

http://thumbnails6.imagebam.com/613/28352b6123047.gif (http://www.imagebam.com/image/28352b6123047)

http://thumbnails6.imagebam.com/613/a4f93b6123050.gif (http://www.imagebam.com/image/a4f93b6123050)

You will be asked to enter a proxy for the package manager. If you use a proxy, please enter it now. If not, just hit Enter on this screen...
http://thumbnails6.imagebam.com/613/01f1aa6123053.gif (http://www.imagebam.com/image/01f1aa6123053)

The rest of the software will be installed now...
http://thumbnails6.imagebam.com/613/c9c25f6123054.gif (http://www.imagebam.com/image/c9c25f6123054)

Then the GRUB boot loader will be automatically configured and installed...
http://thumbnails6.imagebam.com/613/ed411f6123055.gif (http://www.imagebam.com/image/ed411f6123055)

Set the system clock to UTC...
http://thumbnails6.imagebam.com/613/c106e26123056.gif (http://www.imagebam.com/image/c106e26123056)

The installation is complete now, hit 'Continue' to eject the CD and reboot the system...
http://thumbnails6.imagebam.com/613/d7b68d6123057.gif (http://www.imagebam.com/image/d7b68d6123057)

When the system starts, you will be asked to input the passphrase that you've setup during the system's installation...
http://thumbnails6.imagebam.com/613/d23e256123059.gif (http://www.imagebam.com/image/d23e256123059)

http://thumbnails6.imagebam.com/613/b762466123060.gif (http://www.imagebam.com/image/b762466123060)


The system will continue to boot...
http://thumbnails6.imagebam.com/613/d79e246123061.gif (http://www.imagebam.com/image/d79e246123061)


That's it folks, your whole Ubuntu 8.04 is now fully encrypted, like you've always dreamed of!
http://thumbnails6.imagebam.com/613/477ea16123062.gif (http://www.imagebam.com/image/477ea16123062)


Have fun :D

Notes: I got this guide from Softpedia (http://www.softpedia.com), but can't find it anymore on their site.

Also here's a v8.10 install guide (http://news.softpedia.com/news/Installing-Ubuntu-8-10-97417.shtml), but not much has changed.

Radar
03-12-2009, 09:15 PM
Thanks for the Great Guide SonsOfLiberty, Great Work(=

iLOVENZB
03-14-2009, 10:37 AM
Good find. Followed this tutorial about a week ago.

Those wonder the difference between the Alternative and the Desktop edition, It's that the Desktop is a LiveCD as well.

The Alternative is like the old way we installed, with a shit GUI and customizable features.

darkstate01
03-14-2009, 12:12 PM
Good work, I did this a month or so ago with vbox as a test and worked great,glad someone put some effort into letting other people see its possible,shame i haven't got the time to :(
Myself i started with truecrypt and encrypted the whole drive and OS(XP,Win 2003 server) with a cascading AES,Twofish,Serpant 768bit encryption.
If anyone has been thinking about is it possible to encrypt a drive with an OS already on,look into using Truecrypt.
With this program first its free, and 2nd its customisable ,1 example would be,when you boot your P.C and get your bios settings,you can have it stop there and give you an error like NTLdr missing or Operating system missing,then alls you do is put in your password and it continues booting...Now if someone had booted your PC and saw those errors they would think it was fooked ;-)

iLOVENZB
03-15-2009, 12:50 AM
If anyone has been thinking about is it possible to encrypt a drive with an OS already on,look into using Truecrypt.

http://blog.wired.com/27bstroke6/2008/02/researchers-dis.html

cherio
03-15-2009, 05:53 AM
Thank you for the guide. Do you know what encryption Ubuntu setup uses? I tried googling but can't find it. Everything is so vague with LUKS this and dmcrypt that. It's like they don't want you to know. I'm assuming it's AES.
One problem I found is that there isn't an easy way to change the password. Also there is no keyfile authentication like in truecrypt on Windows.

SonsOfLiberty
03-15-2009, 03:53 PM
Have no idea, peace of mind is good enuff :)

darkstate01
03-16-2009, 01:14 PM
Nice vid about the cracking of truecrypt,I don't use mine on a Laptop only a P.C and when it shutsdown i have it erase all index.dat and ram. But hey, I don't have anything on here thats illegal :P I've always known theres a way to crack encryption even on websites(https) So long as you pay attention to what you are doing and what you want it to do, you should be fine.

Buschwusch
04-09-2009, 06:23 PM
wooow. great guide, thanks!

Prinks
04-21-2009, 02:03 AM
Thank you.