Two Methods to Protect your Data using Ubuntu Disk Encryption

User privacy and security is very hot topic nowadays, with various companies and three letter agencies snooping and mining your data, seemingly at every step. With this article, we take a break from VPN guides to show how can you protect your local data.  For example if your computer gets into wrong hands. In this guide we will use Ubuntu 16.04 desktop ubiquity installer to perform full disk encryption, and we will use cryptsetup to encrypt non-root partition. This guide assumes that you are familiar with Ubuntu installation process, so we will only concentrate on encryption. So if you backed up your data and got yourself empty computer or a VM, lets start.

Full disk encryption

Lets head to official Ubuntu site and download version 16.04 of Ubuntu Desktop. Then make bootable USB flash drive or burn it to the DVD, and boot your computer from it. After booting you will see image like this

install Ubuntu

Proceed by clicking Install Ubuntu button after you chose the language you want to use. Next screen is most important for this guide, because there we pick encryption.

Full disk encryption check boxes

So chose to erase disk and install Ubuntu across fully encrypted new partition table with LVM. We assume that you backed up all important data before doing this. Next screen will be about password.

encryption password setting

You need to choose password which will you use to unlock your encrypted data on every boot of the computer. When you click install now, it will give you prompt to set up a user, user's and administrator's password, timezone,  and keyboard layout. If you ever installed Ubuntu before, you know the drill so we wont waste bandwidth on those pictures. Instead, we move to the point when you first boot your computer after successful install.

entering password on boot

It asks for password. You type one that you entered on third picture, which may or may not be same as your administrator or user password. And you enter your encrypted Ubuntu. It looks the same about it is now accessible only to you.

Encryption of single partition

What if you don't need whole disk encryption? You want only your sensitive data encrypted. So lets start from scratch, lets say you have raw non-encrypted ubuntu install and on disk you have two partition. The / partition which you use for system, and another partition that you keep sensitive data on. So you want to encrypt only that second partition and not have to deal with password on bootup.

We will install cryptsetup first.

sudo apt-get install cryptsetup-bin

Next we need to check partitions we have. So we type:

sudo lsblk

sudo lsblk

So the partition we want to encrypt is sda5. Therefore we use following command:

sudo cryptsetup luksFormat /dev/sda5

It will warn you that partition will be irrevocably overwritten, if you backed up data you can type YES.

It will ask you to enter passphrase for access to your encrypted partition, so type it. At this point, the encrypted locked partition will show up in the launcher. Click on it.

encrypted disk

You will get prompted for your passphrase, enter it and click connect.

Next open disk utility and find partition that is contained in our unlocked LUKS partition.

make file-system on encrypted partition

Format it with desired file-system and name it data or whatever you like to call it. Make sure you are formating partition that is showing as unknown, and not LUKS partition that encapsulates it. After this, you should get this partition on the launcher and it is ready for data to be copied to it.


So there we have two ways to protect your most sensitive data from uncontrolled tampering. Both ways are easy and straightforward, so it is shame not to use one of them. The first method has one trade-off. The whole disk is accessible only from this Ubuntu install. No dual-boot. Not even with other version of Ubuntu. That is why we provided also second method for those that only need some data encrypted, so that dual booting can still be done.

About Mihajlo Milenovic

Miki is a long time GNU/Linux user, Free Software advocate and a freelance system administrator from Serbia. Got introduced to GNU/Linux in year 2003 on old AMD Duron computer, and since than always eager to learn new stuff about this system. From 2016 writes for Linoxide to share his experiences with wider audience

Author Archive Page

Have anything to say?

Your email address will not be published. Required fields are marked *

All comments are subject to moderation.