Encrypting your Ubuntu 24.04 installation provides an added layer of security by scrambling data on your disk, making it unreadable without the decryption key.
This guide will walk you through encrypting the boot, swap, and root partitions during the installation of Ubuntu 24.04.
Pre-installation Considerations
Before starting the installation process, ensure you have:
- 2 GHz dual-core processor or better.
- 4 GB system memory.
- 25 GB of free hard drive space.
- Either a USB port or a DVD drive for the installer media.
- Back up any critical data on the target system as the entire disk will be erased during encrypted installation.
Step 1: Create a Bootable Ubuntu 24.04 USB Drive
Go to the official Ubuntu download page and select the 24.04 LTS version, which will begin downloading automatically.
Alternatively, you can download the Ubuntu 24.04 Desktop or Server ISO image directly from the command line using the following wget command.
wget https://releases.ubuntu.com/24.04/ubuntu-24.04-desktop-amd64.iso OR wget https://releases.ubuntu.com/24.04/ubuntu-24.04-live-server-amd64.iso
Next, insert your USB stick into your computer and create a bootable image using the USB creation tool or use a tool like the dd command as shown.
sudo dd if=ubuntu-24.04-desktop-amd64.iso of=/dev/sdX bs=4M status=progress && sync
Replace /dev/sdX
with the name of your USB device and make sure you choose the correct device to prevent losing any data.
If you’re unsure of the name of your USB device, you can use the lsblk command, which will list all block devices connected to your system, including your USB device.
lsblk
Look for your USB device in the list, which will typically be listed as something like /dev/sdX
(where X
is a letter) and will often have a size listed next to it that matches your USB device’s capacity.
Once you’ve identified your USB device, replace /dev/sdX
in your command with the correct device name as shown.
sudo dd if=ubuntu-24.04-desktop-amd64.iso of=/dev/sdc1 bs=4M status=progress && sync
Step 2: Install Ubuntu 24.04
Now that you’ve made a USB drive that can start up your computer, you need to start your computer from it. You can do this by choosing the system’s start-up choices (often by pressing F2
, F12
, or the Del
key) and choosing the USB Drive as the start-up device.
After starting your computer from the USB drive, you can begin installing Ubuntu by selecting the “Try or Install Ubuntu” option.
Once the installer has initialised you will be invited to choose your language.
Next, you will be presented with the option to select any accessibility settings you require.
Choose your preferred keyboard layout language.
Next, connect to your network, which will enable Ubuntu to fetch most recent updates and third-party drivers during installation.
You are then offered the choice to try or install Ubuntu.
You will be prompted to choose between Interactive installation and Automated Installation. The interactive option is the standard route, but more advanced users can use the automated installation option to import a configuration file from a web server to standardize multiple installs and add further customizations.
In this tutorial, we will remain on the primary route.
You will be prompted to choose between the Default selection and Extended selection options. The default installation comes with the basic essentials to get started which you can then expand on after installation using the App Center. The extended selection contains additional office tools and utilities, useful for offline situations.
In the following screen, you will be prompted to install third-party software that may improve device support and performance (for example, Nvidia graphics drivers) and support for additional media formats. It is recommended to check both of these boxes.
Next, the screen allows you to configure your installation. If you would like Ubuntu to be the only operating system on your hard drive, select Erase disk and install Ubuntu.
This option also allows you to encrypt your entire drive using LVM, ZFS, or using the Trusted Platform Module on the device. To do this open the Advanced features option before proceeding to the above screen and select ‘Use LVM and encryption’.
Next, you will see a window where you need to create a Security key, which will be required before you can log in with your username and password on your Ubuntu system.
On this screen, you’ll be asked to type in your name and the name you want your computer to have on the network. After that, you’ll choose a username and create a strong password.
Choose where you are on the map and pick your timezone.
Clicking Next will show you a summary of your installation setup, which double-check everything before you click Install.
Once you proceed, Ubuntu will start the installation process.
After the installation finishes, you’ll be asked to restart your computer.
After you restart your computer, you’ll see a message asking you to take out your USB flash drive. Once you’ve done that, just press the ENTER key.
Enter your encryption password if you created one.
After that, you’ll see the login screen where you can type in your username and password.
And there you have it! Welcome to your new Ubuntu Desktop!
After you install your operating system, it’s important to keep it updated, which will help you to fix bugs and improve security.
sudo apt update sudo apt upgrade
You’ve installed Ubuntu 24.04 with complete disk encryption, so your data stays safe even if someone unauthorized gets their hands on your storage device.
Thank you Ravi for your answer.
Yes can you please make a guidance on setting it up.
@Vasileios,
Using LVM with Encryption on Ubuntu
1. Boot from the Ubuntu installation media and select “Install Ubuntu“.
2. When you reach the “Installation type” screen, choose “Something else” to manually configure your partitions.
3. Select the disk you want to use for LVM and click on the “New Partition Table” to create a new partition for the encrypted LVM setup.
4. After setting up the encrypted partition, it will be shown as a LUKS partition, here select this LUKS partition and click on “Configure encrypted volumes” to set it up.
5. You can then create logical volumes for root, home, swap, etc. by selecting the encrypted partition and clicking “
+
” to create new logical volumes.6. When creating logical volumes, set Use as to Ext4 journaling file system (or your preferred file system) for each logical volume.
7. Once you have created and formatted the partitions, select the logical volume for root (/) and click “Continue” to proceed with the installation.
8. Finish the installation process, and you will have Ubuntu installed with LVM on an encrypted disk.
Thank you Ravi you are the best!!
Hello Ravi Saive,
Can I use LVM with encryption and then customize the partitions before continuing?
I want to do full disk encryption but also set up the partitions in the way I prefer.
Thank you!
@Vaseileios,
Yes, you can use LVM with full disk encryption and customize your partitions as needed before continuing. Let me know if you need any guidance on setting it up!
Hi!
While it’s decent of you to write this article, what I meant with my request was if you could find out how to encrypt both the boot and root partitions during installation.
You know, like in the article “How to Full Disk Encrypt Ubuntu 22.04 During Installation” shows you how to do. I tried that on Ubuntu 24.04, but it won’t let me boot up afterward.
I, of course, managed to get Ubuntu 22.04 to work according to the article. Do you think there is a way to get Ubuntu 24.04 to have both the boot and root partitions encrypted?
@Christian,
Unfortunately, I didn’t find any option to encrypt individual partitions during the installation of Ubuntu 24.04 LTS. The only available option is to encrypt the entire disk.