Hacker News new | past | comments | ask | show | jobs | submit login

This is a great article. I have a different strategy that I think is "better" in a few ways but definitely still complicated.

(I'm assuming this is starting on a machine that already has windows on it because that's how my computers generally come (although maybe not the future since Lenovo is selling Thinkpads with Linux now):

Step 1. Install Ubuntu (let it set up the dual-boot stuff for you). The main advantage of this approach is I don't have the issue where grub can't boot windows as described in the article. (NOTE: ubuntu's installer won't do encryption in this setup for some reason: Ubuntu please fix this and save me the following steps!):

Step 2: reboot into the installer. Now things are going to get crazy.

Step 3: shrink the ubuntu partition as small as it will go (resize2fs -M ...). Then create a new partition of the same size at the end of the drive and copy the data over to the new partition.

Step 4. delete the original ubuntu partition. replace it with a /boot partition and a luks partition.

Step 5. Copy the boot stuff into /boot, copy the rest of the data onto your new encrypted / partition (i usually do lvm here also). chroot into the /, do the mounting stuff TFA suggests, install lvm/dmcrypt/etc. Reconfigure your initramfs and run update-grub.

Step 6. Delete the copy of the original ubuntu partition made in step 3 and resize the encrypted partition as needed.

OK I agree that's a pretty ridiculous sequence and I wish Ubuntu would do it for me, but it's pretty cool that it can be done at all (takes about an hour).




Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact

Search: