Skip to content

Installing Ubuntu Server With Disk Encryption Support

To ensure a maximum degree of data protection and privacy, it is recommended to install Ubuntu Server with disk encryption support provided by LVM/LUKS.

To achieve this, please initiate the Ubuntu Server installation in its normal way, then follow the instructions below.

Guided Storage Configuration step

  • In the Guided Storage Configuration step, check Set up this disk as an LVM group and Encrypt the LVM group with LUKS boxes
  • Input twice the desired passphrase necessary for encryption
    • You will need to enter this passphrase after each reboot of the Ubuntu Server, so be sure to either remember it, or to have it written in a non-public secure place.
  • Press Continue when ready to move on

Storage Configuration step

  • In the Storage Configuration step, use the up/down arrow keys on your keyboard to select the Logical Volume under the USED DEVICES section.
    • Hint: this is usually labeled as ubuntu-lv and has a default size of 4GB
  • Press Enter to edit the selection.
    • In the Edit Logical Volume dialog, under the Size field, enter the desired value (it is recommended to use the maximum size available)
    • Press Save when done to return to the Storage Configuration step
  • In the Storage Configuration step, confirm that the size of the Logical Volume has the desired capacity, which should be at least 30GB

Installation completion and updates

  • Proceed with the rest of the Ubuntu installation
  • If the installation mentions downloading security updates, DO NOT CANCEL THE UPDATES. Wait until thew installer finishes with updates too.
  • Eventually it will finish and it will prompt you to reboot the server.

Rebooting the server after installation

  • After restarting, you will be prompted to unlock the volume group. Enter the passphrase that you have defined earlier in the process.
  • After the server finished booting up, check that the disk is encrypted via the lsblk command. If the output looks like below, your disk is encrypted, the encrypted partition has a size of 126GB, and it is mounted under the / mountpoint.
user@server:~$ lsblk
NAME                        MAJ:MIN RM  SIZE RO TYPE  MOUNTPOINT
sda                           8:0    0  127G  0 disk
├─sda1                        8:1    0    1M  0 part
├─sda2                        8:2    0    1G  0 part  /boot
└─sda3                        8:3    0  126G  0 part
  └─dm_crypt-0              253:0    0  126G  0 crypt
    └─ubuntu--vg-ubuntu--lv 253:1    0  126G  0 lvm   /

Your Ubuntu Server is now ready.