I've been using Linux for several years. And because the kernel keeps improving a lot has changed in the past few years. I've written this guide to share my knowledge and help others. This guide aims not only to help you install Ubuntu but also to help you create a full Linux laptop experience. Creating this full experience expands multiple posts.
Table of Contents
Introduction
In this guide I will be making several setup choices. If you fancy a different choice, you can do so. And if you have a specific desire for you're own setup, and it is not covered in this manual. You can always request it in the comments, in which I could look into it and describe how to setup it up in a separate post.
This first post will cover basic install with Full Disk Encryption with UEFI.. This guide will be slightly different than simply choosing full disk encryption from the installer.
The reason for not using the default encryption option available from the installer is part of some personal choices.
- I want a separate
SWAP
partition (not file) - I want to provide a guide template for other filesystems
About the SWAP
partition. Since kernel 2.6
the performance of a swap
file versus a swap
partition is almost the same. And due to the current speed of SSD
and NVMe
drives there should be no issue concerning fragmentation. So why... because I personally found it easier to work with when you want to get laptop functionality like Suspend
, Hibernate
, and Hybrid-Suspend
working.
About the second reason, providing a guide template for other filesystems, the choice of a particular filesystem can become quite personal. So by providing this guide, I can easily add an other post in which I only have to provide the specific details about configuring the partitions and setup for that particular filesystem.
This guide will use ext4
for the filesystem. I'm planning on writing an second post on how to do a full disk encryption setup with BTRFS
and subvolumes.
This guide will assume the following
- Ubuntu UEFI Install
- Boot Partition will be unencrypted
SWAP
Partitionext4
filesystem- Readers choice if you want a separate home partition
Pre Install
Do not forget to backup your data. Because we will be performing a clean install and manual configuration of the partitions all your data will be lost and it will not be possible to recover it.
Disk Identifier
I will be installing to a NVMe SSD
disk. This means that my disk is identified as /dev/nvme0n1
please make sure that you do know the id of the drive you will be installing to, for example /dev/sda
.
Install
Please boot your laptop with Ubuntu 19.04
either from DVD, USB, and in the Ubuntu boot menu choose the option:
Try Ubuntu without Installating (Safe Graphics)
Why (Safe Graphics)
my laptop is equipped with Optimus
technology from Nvidia
which basically means I have two graphical cards. An embedded Intel
and a discrete Nvidia
card. By choosing (Safe Graphics)
you will not run into any problems with freezing screens, if there is an issue with detecting your specific hardware.
The install process consists of several steps.
- Basic Partition Setup
- Partition Configuration with the Installer
- LVM Partition Setup
- Install Ubuntu 19.04
- SSD and Crypt Configuration
- Install Bootloader
Basic Partition Setup
When the Ubuntu Live Desktop is ready, you will have a option on the desktop with Install Ubuntu 19.04
do not start it directly. First we are going to preform the basic partition setup.
Start GParted
. Delete all partitions and hit Apply
. Also please make a note of your primary device ID in the top right corner of the disk where you want to install to. My disk ID is /dev/nvme0n1
.
After deleting all the partitions you have a complete empty disk with Unallocated space. The first thing we will be creating is the EFI
partition which is required for UEFI
boot.
Question: I don't know if my laptop usesUEFI
Answer:
There are two possible scenario's; either your hardware usesUEFI
or it does not. There is however the possiblity that it is disabled in yourBIOS
but thats beyond this scope.
You can even check forUEFI
from a Ubuntu live desktop, by running the following command in a terminalctrl-alt-t
:ls /sys/firmware/efi/
If the command returns a listing fo the directory then you haveUEFI
. If the folderefi
is missing then you run in legacy BIOS mode.
First step before creating partition is to create a partition table. Choose from the menu in Device
-> Create Partition Table
, select gpt
as table type and click apply
.
Create a new partition by choosing Partition
-> New
.
Option | Value |
---|---|
New Size (MB) | 256 |
Partition name | EFI System Partition |
File system | fat32 |
Label | esp |
Click Add
to add the partition to the partition table.
Create a new partition by choosing Partition
-> New
.
Option | Value |
---|---|
New Size (MB) | 512 |
File System | ext2 |
This second partition will be our boot partition from which the kernel(s) are loaded.
The partitions are not yet created. When you click on Apply
the partition will actually be created, perform this now so we can mark the partition as an actual EFI
partition.
After creating the partitions you can now right click on the efi
partition and choose Manage Flags
. Select esp
this will also auto select boot
. GParted
should have auto applied the new flags. This can be confirmed by the Apply
button which should be grayed out. If not click Apply
.
Note: You might see an exclamation mark after the device ID. You can ignore this.
Partition Configuration with the Installer
We are now ready to start the ubuntu installer for the first time. While it looks like there are a lot of steps, using the installer to perform certain actions is easier than doing everything manual.
When you are at the install screen Installation Type
choose the option Something else
.
Right click on the free space
beneath your second partition which we are going to use a boot partition and choose add
.
Select physical volume for encryption
in Use as
, enter a security key and click ok
.
The installer will now have created a secondary LVM partition with encryption.
Make a note of the partition ID, with me its /dev/nvme0n1p3
. The part nvme0n1p3
will be needed in the next section.
Do not continue the installer, click Quit
.
LVM Partition Setup
We are now going to continue the configuration by creating partitions inside the LVM encrypted partition we just created.
Open a terminal with ctrl-alt-t
Switch to root: sudo su -
Get the partition ID of the disk by id.
ls /dev/disk/by-id/
In the contents which are returned, there should be an entry with the name: dm-name-{ID}_crypt
in which {ID}
is the id from the last section.
For me the name of the entry is dm-name-nvme0n1p3_crypt
.
Now we are ready to create the LVM volume group in which we will be creating the encrypted partitions. In the next command replace the disk ID by the one you just found.
vgcreate system /dev/disk/by-id/dm-name-nvme0n1p3_crypt
Now we are going to actually create the partitions. For my personal setup, I've made the choice not to have a separate home partition, this because I backup to my own personal NAS. The commands to create a separate home partition are also provided.
Because I have 32GB of memory I will be creating a SWAP
partition of 34GB, this so I configure Hibernation
and Hybrid-Standby
in the future. For convenience I have simply used the following formula for my SWAP
space. Total Memory + 2GB
.
Without Home Partition.
lvcreate -L 34G -n swap system
lvcreate -l 100%FREE -n root system
With Home Partition
lvcreate -L 34G -n swap system
lvcreate -L 40G -n root system
lvcreate -l 100%FREE -n home system
Root Partition is configured to 40 GB, change to your own preference.
Install Ubuntu 19.04
What have we done so far. We have created an EFI
and boot partition, we then have used the installer to configure an encrypted partition. And then we configured our actual partitions inside this encrypted partition.
Now we are ready to install Ubuntu
, so restart the installer.
At the screen Installation Type
select Something else
again like we did last time.
You will notice that there are a little more entries in the device list then before. The entries starting with /dev/mapper/*
are the logical volumes within the encrypted partition.
So first things first, select your EFI
partition with a right mouse click and click on Change
, select EFI System Partition
in Use as
.
Next up is the boot partition. Select Ext2 file system
in Use as
, check the Format the Partition
option and set /boot
as the mount point.
The device listing within the installer might have an issue which will cause some entries to show up twice. In this case select the entry which has a value within the column size
.
Next up is the SWAP
partition, /dev/mapper/system-swap
select swap area
in Use as
.
Configure the root partition, /dev/mapper/system-root
with an Ext4
, and a mount point of /
. Do not forget to also check Format the partition
.
If you have opted to have a separate home partition, configure it withExt4 journaling file system
and a mount point of/home
. And don't forget to checkFormat the partition
.
Finally at Device for boot loader installation
select the drive itself. For me this is `/dev/nvme0n1`
Now you are ready to hit Install Now
and install Ubuntu.
When the installation is completed, DO NOT REBOOT, simply keep the installer window open.
SSD and Crypt Configuration
What have we so far; we have an installed Ubuntu system on an encrypted partition including an encrypted SWAP
partition. However, if we would reboot now, like the installer suggests, we end up with a broken system because our current system cannot boot.
We also have chosen for Ext4
as file system, this is a journaling file system. And without going into the details, we simply have to turn off the journal to make it behave correctly on a SSD drive.
And we have to configure our encrypted drive so it can be mounted when the system boots.
First we have to get the UUID of our encrypted partition, for me this is /dev/nvme0n1p3
, so start a terminal (ctrl-alt-t
) while keeping the installer notification that the installation has been completed.
Get UUID of encrypted partition
blkik /dev/nvme0n1p3
In the output you will find a key UUID=
. Take the value of this key without the quotes for the next command.
echo 'nvme0n1p3_crypt UUID={UUID} none luks,discard' > /target/etc/crypttab
Replace
nvme0n1p3
with you partition id, and {UUID} with the UUID value from theblkid
command.
The option luks
in the mount parameters is for the disk encryption
The option discard
is only required if you have a SSD based drive.
Additional option for SSD performance, set the mount option noatime
.
vi /target/etc/fstab
Find your mount point entry for your ext4
partitions. And add noatime
to the options.
Install Bootloader
In order to install the bootloader we first have to change into the target root system of our installation.
Mount /dev
, /sys
and proc
in the target system
mount --rbind /dev /target/dev
mount --rbind /sys /target/sys
mount -t proc proc /target/proc
Change into the target system
chroot /target
Install the bootloader
grub-install --target=x86_64-efi --efi-directory=/boot/efi --bootloader=ubuntu --boot-directory=/boot/efi/EFI/ubuntu --recheck /dev/nvme0n1
Change
/dev/nvme0n1
to your own drive
Output should be:
Installing for x86_64-efi platform.
Installation finished. No error reported.
Create grub config
grub-mkconfig --output=/boot/efi/EFI/ubuntu/grub/grub.cfg
Update initial ramdisk
update-initramfs -ck all
Now everything is completed to boot into our new encrypted system.
Typeexit
in the terminal to leave the target system, now you can clickRestart Now
in theInstallation Complete
window.
I hope this guide was helpful, if you have any comments, ideas for improving this guide. Please let me know.
If you found this post useful, subscribe to this blog.