[GUIDE] How to encrypt your new installation when dual booting

[gm10]

In a dual boot scenario the installer will grey out the checkbox to encrypt your installation, so it has to be set up manually. Below you find the general overview on how to do that in easy to follow pictures.

1. Prepare your drives. You will need enough unallocated space on the drive to install Linux Mint. If there currently is none, either delete partitions you do not need anymore or resize one or more existing partitions to make them smaller. This is best done before starting the installation with the GParted or Disks tools. I'll refer you to other guides on how to do that should you require those.
2. Start the installer and move through the options until you get to the screen where you get to select the installation type, choose Something else:
   
3. Select the unallocated space and click the + button to create an ext4 /boot partition to hold your kernels (we need a separate partition because encrypting /boot as well makes things exponentially more complicated so we're not doing that here). Don't make it too small if you plan on installing many kernels at the same time and/or not removing old ones:
   
4. If you are not installing in UEFI mode (why?) but your boot drive's partition table is GPT then you will need an additional 1 MB small partition on that drive where you select in the Use as: dropdown Reserved BIOS boot area. I'm not including a screenshot so as not to confuse anyone for this is a non-standard configuration. Modern systems should use UEFI/GPT.
5. Finally create another partition that will be encrypted and eventually hold the rest of your Linux Mint operating system, so this should be sufficiently sized, typically all of the remaining free space. Select physical volume for encryption in the Use as: dropdown:
   
6. Set it up with your desired passphrase (best take a longer one than in my screenshot) and select to overwrite empty space (if you don't care about anybody accessing what was previously on that drive you can leave that box unchecked, it will considerably speed the process up):
   
7. When it's done scroll to the top, you'll find your new encrypted volume there, select it and click on the Change... button to mount it as / root like this:
   
8. Finally you click on Install Now, confirm the changes, and once you reboot and select your newly installed Linux Mint from the boot menu, you'll see something like this:
   
   Enter your passphrase and your encrypted Linux Mint partition will be unlocked and the Linux Mint system will continue to boot and operate normally.

And that's all. For most users it will be as simple as described above, but if your particular setup is more complicated and/or you require additional assistance, please create a thread in the support part of the forums (Installation & Boot) instead of asking here.

[gostal]

Thank you for this nice guide. I did wonder about this.

Cheers,
gostal

[obscenic]

Followed your instructions to a T, but after creating the encrypted partition and selecting it to use as "/", all of the buttons (+, -, and "change") are greyed out. The partition type is reported as "unknown".

Follow up: This was somehow fixed by a reboot and trying again...

[ricflomag]

Thanks for this much needed tutorial !

Only one thing more to make it : I had to create an EFI partition, because the Mint installer was complaining for the lack of it... I made it 550 MB large.

Cheers !

[darkside]

Hello,

Many thanks, there is about a week i try to install linux mint on a crypt partition.

Because it's new for me. I tried.

First time i let install linux mint in all the drive and i saw, it needs a swap encrypt too.


Then because i want multiboot, i failed during a week.

First , because i did not know what "mapper" choose. you help me a lot.

And the second is about, a crypt partition with a swap.

And that failed, because i had all the time an error "failed to mount partition".

then when i can go on, a step back and tried your guide step by step and then no swap encrypt partition.

And it works.. !!! many thanks.

But a question : It is said it is not safe to have an uncrypted swap, how can make this install with crypted swap ?

Thanks a lot