LUKS<\/a>, short for Linux Unified Key Setup, is a standard hard drive encryption technology for major Linux systems including Ubuntu. It is used for encrypting entire block devices and is therefore ideal for encrypting hard disk drives, SSDs, and even removable storage drives.<\/p>\n\n\n\nIt\u2019s free, supports the management of multiple keys and passwords, and secures all the data stored on your hard drive from unauthorized access. <\/p>\n\n\n\n
LUKS provides a platform-agnostic standard of encryption that not only guarantees compatibility among various Linux distributions but also ensures that they implement password management in a well-documented and secure manner.<\/p>\n\n\n\n
With LUKS, disk encryption is enabled during the installation of the operating system or post-installation. Note that full disk encryption is only achieved during the installation of the Ubuntu Desktop operating system<\/em><\/strong>. It encrypts all the partitions including swap space, system partitions and every bit of data stored on the block volume.<\/p>\n\n\n\nThankfully, Ubuntu 20.04 offers an option that allows you to fully encrypt your hard disk or SSD during the installation process, which this guide will walk you through.<\/p>\n\n\n\n
How to Fully Encrypt Data on Ubuntu 20.04<\/h2>\n\n\n\n As mentioned earlier, you can only fully encrypt your hard drive or SSD during the installation process. Therefore, if you already have an instance of Ubuntu running and you want to fully<\/em> encrypt it, you would need to reinstall Ubuntu; otherwise you would need to encrypt on a partition-by-partition basis. Any time you are considering an OS reinstall, backup all your files to a secure location beforehand.<\/p>\n\n\n\nA few points to note about LUKS disk encryption on Ubuntu 20.04:<\/p>\n\n\n\n
\nThis method of encryption does not apply in a dual-boot setup with Windows 10. LUKS encryption will remove all data from the partition, so we are encrypting on a new installation, which is the preferred method.<\/li>\n<\/ol>\n\n\n\n\nIf you select manual partitioning, you will not be able to encrypt every disk partition. <\/li>\n<\/ol>\n\n\n\nGetting started<\/h2>\n\n\n\n Once you have plugged in the bootable medium and gone through the preliminary stages of the installation which includes selecting the installation language, keyboard layout, and Software Updates to be installed, you will be required to select the mode of installation. Two options will be presented: \u2018Erase disk and install Ubuntu<\/strong>\u2019 which wipes out all the existing data and automatically partitions the drive and \u2018Something else<\/strong>\u2019 which is used when you want to manually configure the disk partitions yourself.<\/p>\n\n\n\nSo, select the \u2018Erase disk and install Ubuntu<\/strong>\u2019 option and click on the \u2018Advanced Features<\/strong>\u2019 button as indicated.<\/p>\n\n\n\n <\/figure>\n\n\n\nSelect LVM with New Installation<\/h2>\n\n\n\n In the next step, be sure to select the \u2018Use LVM with the new Ubuntu installation<\/strong>\u2019 and check the Encryption option below (Encrypt the new Ubuntu installation for Security<\/strong>) to secure your system with LUKS encryption.<\/p>\n\n\n\nThen click the \u2018OK\u2019<\/strong> to save the changes<\/p>\n\n\n\n <\/figure>\n\n\n\nThis prompts you to provide a security key, or simply put, a password. Choose a strong password, to steer clear from being a target of dictionary or bruteforce attacks. This is the password that will be used to decrypt the system right after the system reboots. <\/p>\n\n\n\n
Note the password carefully and don\u2019t forget it, else you won\u2019t have access to your Linux system. A password manager or other program that securely saves critical data is an excellent place to store this. <\/p>\n\n\n\n
Enter Security Key<\/h2>\n\n\n\n Then finally click on the \u2018Install Now<\/strong>\u2019 button to get along with the installation.<\/p>\n\n\n\n <\/figure>\n\n\n\nOn the pop-up that appears, press \u2018Continue\u2019 to save the effect of the changes.<\/p>\n\n\n\n <\/figure>\n\n\n\nFrom this point onwards, the installation will proceed normally with the configuration of the timezone, creation of a new user account and installation of all the files and software packages.<\/p>\n\n\n\n
Complete Installation Process<\/h2>\n\n\n\n When the installation is complete, click the \u2018Restart Now<\/strong>\u2019 button to reboot your system. Be sure to remove the installation medium and press ENTER.<\/p>\n\n\n\n <\/figure>\n\n\n\nAt this point the Disk is fully encrypted. Upon booting , you will be prompted to provide the decryption key which is the password you provided earlier.<\/p>\n\n\n\n
Type in the password or passphrase and hit ENTER.<\/p>\n\n\n\n <\/figure>\n\n\n\nYou will get the output similar to what we have.<\/p>\n\n\n\n <\/figure>\n\n\n\nIf a wrong password is provided, you will run into an error message as shown. <\/p>\n\n\n\n <\/figure>\n\n\n\n