(This guide applies to any Debian/Ubuntu based distribution)

For some reason (complexity perhaps) it is not possible to configure full-disk encryption and LVM from the graphical installer in the desktop edition. It is possible to select full-disk encryption but this only creates one filesystem (root).

I want to use LVM to allow me to have more than one filesystem without having to enter more than one password during boot-up. It is not impossible to install Ubuntu desktop (or Linux Mint as in this guide) with encryption and LVM but it does require a little more work.

Before starting the installation, we need to prepare the harddisk. Start up GParted (as this is the easiest to work with, if you feel adventurous it can be done in parted or fdisk as well).

Start by creating a new partition table if needed (if you want to start over or the disk is empty)

VirtualBox_LinuxMint_07_01_2017_14_13_02.png

Of course this will destory any data already on the disk, you may want to resize any existing partitions (Windows for instance) instead.

VirtualBox_LinuxMint_07_01_2017_14_13_08.png

Next, create three new partitions

VirtualBox_LinuxMint_07_01_2017_14_13_17.png

First, the /boot partition

VirtualBox_LinuxMint_07_01_2017_14_14_01.png

Second, create an extended partition

VirtualBox_LinuxMint_07_01_2017_14_14_15.png

Lastly, the partition which will hold the encrypted data

VirtualBox_LinuxMint_07_01_2017_14_14_33.png

Now, apply the configuration

VirtualBox_LinuxMint_07_01_2017_14_14_40.png

Now exit GParted and then start a terminal and sudo su -

First, create the encrypted partition (you need to double check the device names). Needless to say, you need to pick a good password.

# cryptsetup luksFormat /dev/sda5

VirtualBox_LinuxMint_07_01_2017_14_16_49.png

Open (activate) the encrypted container/partition

# cryptsetup open --type luks /dev/sda5 sda5_crypt

VirtualBox_LinuxMint_07_01_2017_14_17_55.png

Create the volume group on the container

# vgcreate systemvg /dev/mapper/sda5_crypt

VirtualBox_LinuxMint_07_01_2017_14_18_39.png

Final step in the terminal is to create the logical volumes - I’ve opted for three: /, /home and swap (having a separate /home makes reinstalling easier).

# lvcreate -n rootlv -L20G systemvg
# lvcreate -n swaplv -L8G systemvg
# lvcreate -n homelv -l100%FREE systemvg

VirtualBox_LinuxMint_07_01_2017_14_19_31.png

Next, start up the Installer and answer the questions until you get to the screen where to decide the way to install Ubuntu/Mint. Select Something else

VirtualBox_LinuxMint_07_01_2017_14_20_17.png

Now, select the filesystems to create, they should be configured like so:

VirtualBox_LinuxMint_07_01_2017_20_38_10.png

It is also important to select the correct device for bootloader installation. It should NOT be installed to /dev/dm-0

Accept the changes

VirtualBox_LinuxMint_07_01_2017_15_17_59.png

And continue to installation.

VirtualBox_LinuxMint_07_01_2017_15_18_46.png

When the installation is done, do not reboot.

VirtualBox_LinuxMint_07_01_2017_15_23_05.png

Go back to the terminal and setup a chroot with your new installation

# mount /dev/systemvg/rootlv /target
# mount /dev/sda1 /target/boot
# mount -o bind /proc /target/proc
# mount -o bind /dev /target/dev
# mount -o bind /sys /target/sys
# chroot /target

Last steps are to let your installation know you are using an encrypted root partition and re-generate the ramdisk used for booting

# echo "sda5_crypt /dev/sda5 none luks" >> /etc/crypttab
# update-initramfs -k all -c

VirtualBox_LinuxMint_07_01_2017_15_26_52.png

The line in crypttab may also use UUID (to prevent problems if your device names change)

# blkid /dev/sda5
# echo "cryptodisk UUID=63a28f07-6f16-4b00-93a1-1c95614efafb none luks" >> /etc/crypttab

63a28f07-6f16-4b00-93a1-1c95614efafb is the UUID of the disk.

Now exit the chroot (press CTRL-D or type exit) and then reboot.