[GUIDE] How to encrypt your new installation when dual booting
Posted: Thu Aug 01, 2019 3:36 am
In a dual boot scenario the installer will grey out the checkbox to encrypt your installation, so it has to be set up manually. Below you find the general overview on how to do that in easy to follow pictures.
- Prepare your drives. You will need enough unallocated space on the drive to install Linux Mint. If there currently is none, either delete partitions you do not need anymore or resize one or more existing partitions to make them smaller. This is best done before starting the installation with the GParted or Disks tools. I'll refer you to other guides on how to do that should you require those.
- Start the installer and move through the options until you get to the screen where you get to select the installation type, choose Something else:
- Select the unallocated space and click the
+button to create an ext4 /boot partition to hold your kernels (we need a separate partition because encrypting /boot as well makes things exponentially more complicated so we're not doing that here). Don't make it too small if you plan on installing many kernels at the same time and/or not removing old ones:
- If you are not installing in UEFI mode (why?) but your boot drive's partition table is GPT then you will need an additional 1 MB small partition on that drive where you select in the Use as: dropdown Reserved BIOS boot area. I'm not including a screenshot so as not to confuse anyone for this is a non-standard configuration. Modern systems should use UEFI/GPT.
- Finally create another partition that will be encrypted and eventually hold the rest of your Linux Mint operating system, so this should be sufficiently sized, typically all of the remaining free space. Select physical volume for encryption in the Use as: dropdown:
- Set it up with your desired passphrase (best take a longer one than in my screenshot) and select to overwrite empty space (if you don't care about anybody accessing what was previously on that drive you can leave that box unchecked, it will considerably speed the process up):
- When it's done scroll to the top, you'll find your new encrypted volume there, select it and click on the
Change...button to mount it as
/root like this:
- Finally you click on
Install Now, confirm the changes, and once you reboot and select your newly installed Linux Mint from the boot menu, you'll see something like this:
Enter your passphrase and your encrypted Linux Mint partition will be unlocked and the Linux Mint system will continue to boot and operate normally.