Mint 17.X to 20.X (but also Ubuntu) Full Disk Encryption (directory /boot included) - Using LUKS, SecureBoot & TPM 2.0

Write tutorials for Linux Mint here
There are more tutorials here http://community.linuxmint.com/tutorial/welcome
Forum rules
Please don't add support questions to tutorials, start your own topic in the appropriate sub-forum instead. Before you post please read this
dobp
Level 1
Level 1
Posts: 22
Joined: Thu Sep 26, 2019 1:32 pm

Re: Mint 17.X to 20.X (but also Ubuntu) Full Disk Encryption (directory /boot included) - Using LUKS, SecureBoot & TPM 2

Post by dobp »

Hi lofi,
lofi wrote:
Wed Nov 16, 2022 1:12 pm
It is very easy to set up a home partition
ok, I remember repeating here what I heard elsewhere, that it was hard. Of course it depends on our level. That sentence was probably addressed to a beginner, of course here we are in the Chad thread! Can't be that hard!
Indeed setting up a home partition is more advanced compared to the standard install process, but still relatively easy considering you were able to follow linux22's tutorial.
It all boils down to creating 2 partitions (say mint-root and mint-home) out of your sda2_encrypt partition and add adequate mountpoints to your system's /etc/fstab file.
  • If only willing to modify an existing install, it would involve performing the operations from a Live USB system (after making sure to have up to date backups just in case since an error with partitioning can cause data loss and messing with fstab might prevent your system to reboot though that issue can always be fixed restoring or correcting fstab file from a Live USB System...).
  • If you perform a clean install, that would be even easier, just create the partition layout (I did it using LVM and you can find for inspiration the commands I used and a note of warning in the two first points of this post) and then in Ubiquity you will be able to add the /home mountpoint via the GUI (cf. first screenshot of p.11 of linux22 FDE tutorial v1.4 - it would be one more step similar to that one for root mountpoint).
Good luck with your upgrade!
lofi
Level 2
Level 2
Posts: 58
Joined: Sun Mar 10, 2019 3:10 pm
Location: France

Re: Mint 17.X to 20.X (but also Ubuntu) Full Disk Encryption (directory /boot included) - Using LUKS, SecureBoot & TPM 2

Post by lofi »

Hi dobp,

As you guessed, I haven't updated yet! I want to do it soon to benefit from the effect of your encouragement and useful tips. I'm also listing everything that will be better after upgrading (for example I've had to do a backport of Midnight Commander, because of a bug fixed 4 years ago...)
Yes, I'll try a separate /home install with FDE, thanks a lot for the LVM (lvcreate) commands. I think I'll do a fresh install. But if I can separate my home folder from the rest from Live USB, it would be already done, and safer.

>mfw the paranoid thread is full of good people

thanks a lot dobp
lofi
Post Reply

Return to “Tutorials”