The best way to keep your Ubuntu 22.04 system and files completely secure in the case of theft is to enable full disk encryption. This way, if your device is stolen or someone is sitting at your desk and trying to boot into your PC, they will need to know your password in order to mount any partitions. Even if they access the hard drive content through other means, all files would be encrypted and no one could read their contents.
Full disk encryption is something that must be enabled during the installation of Ubuntu 22.04. If you have already installed the operating system, you will unfortunately need to reinstall to enable full disk encryption, otherwise you can only encrypt and mount individual partitions. Full disk encryption covers everything like the swap space and boot partition, therefore must be enabled from the very beginning.
In this tutorial, we will take you through the step by step instructions of enabling full disk encryption on Ubuntu 22.04 Jammy Jellyfish. This is really just an extra option that must be selected and configured during the installation process, as you will see below. The setup utilizes LVM and LUKS to facilitate the secure encryption of your hard drive.
In this tutorial you will learn:
- How to enable full disk encryption in Ubuntu 22.04
- How to decrypt hard disk at boot
|Category||Requirements, Conventions or Software Version Used|
|System||Ubuntu 22.04 Jammy Jellyfish|
|Other||Privileged access to your Linux system as root or via the
# – requires given linux commands to be executed with root privileges either directly as a root user or by use of
$ – requires given linux commands to be executed as a regular non-privileged user
Ubuntu 22.04 Enable full disk encryption step by step instructions
If you decide to proceed with full disk encryption and then forget your password in the future, please keep in mind that all of your data will be rendered irrecoverable. Only pick a password that you are sure to remember, and if needed, also create a recovery key (we’ll show you how below). If you think you may forget the password, consider writing it down and keeping it in a secure location.
- To start off, you will just go through the Ubuntu 22.04 installation like normal. See our Ubuntu 22.04 installation article if you need help with that. The part we are concerned with in this tutorial will begin with the “Installation type” menu as seen below. We need to select “Advanced features” on this window.
- In the Advanced Features menu, we need to select both of the options for “Use LVM with the new Ubuntu installation” and “Encrypt the new Ubuntu installation for security.”
You will not be able to select full disk encryption if you set up manual partitions or have a dual boot system.
- Press OK to confirm these choices, then click the “Install now” button.
- Now it is time to choose a password for our encryption. Make sure you select a strong, secure password. The installation menu will let you know once it deems your password strength as “good.” You also have the option to create a recovery key file. This file can be used to unlock your system instead of needing to type the password. It could be handy if you forget the password one day or want to authenticate without typing the password.
- You can now go through the rest of the Ubuntu 22.04 installation as normal. When you boot up your PC in the future, you will need to provide your password in order to decrypt the hard drive. Failure to do so will not allow anyone to boot into the Ubuntu 22.04 installation.
In this tutorial, you saw how to enable full disk encryption on Ubuntu 22.04 Jammy Jellyfish Linux. This will keep your files and other data safe in case your computer falls into the wrong hands, but has its own limitations since you are only prompted for the password at boot. Keep your computer turned off when in transit, so that thieves will be faced with the password prompt if they were to intercept your property.