How can I enable a Windows-like, full-system encryption under Ubuntu?


I switched my OS from Windows to Ubuntu. On my Windows system I had my whole laptop encrypted so no one could access anything without the correct password. Now I have Ubuntu and TrueCrypt won't let me encrypt my whole system. I considered encrypting my whole C drive, but that wouldn't work, would it?

What are the Linux alternatives for full system encryption like the Windows version of TrueCrypt has to offer?

Iiro Krankka

Posted 2012-02-04T10:07:57.243

Reputation: 125

have you taken a look at this

– Raystafarian – 2012-02-04T12:25:14.930



If you truly want full disk encryption, you will need to install from the Ubuntu Server or Ubuntu Alternate installer. In the partitioning section, you can select full disk encryption, using LVM, dmcrypt, and LUKS.

However, the Ubuntu Desktop graphical installer supports total encryption of your entire home directory by clicking a single checkbox. When you select your username and password, you'll have an option to "require a password to login and access your home directory contents." This is a very easy, seamless approach to cryptographically protecting the private data you store in your home directory.

This is only necessary for Ubuntu Versions <=12.04. Beginning with 12.10, Ubuntu shipped a new option with their graphical installer which allows easy full disk encryption.

Dustin Kirkland

Posted 2012-02-04T10:07:57.243

Reputation: 7 101


First - You should have separate unencrypted boot partition because linux, or more precisely grub or other bootloader cannot boot from encrypted partition.
Second - it's not practical or absolutely necessary to encrypt whole drive. You should set up separate partition for /home directory and encrypt only that partition.

To encrypt your /home directory you could use ecryptfs-migrate-home command from eCryptfs project.

Guide on how to do use it

If you really need for full system encryption on linux - have you tried searching? Also it is much harder to set up full sytem encryption after installation.


Posted 2012-02-04T10:07:57.243

Reputation: 107

Got any citations for why you think FDE isn't practcal? IMO ecryptfs isn't great because it does nothing for swap or tmo folders. Meaning you could be leaving unecryped docs available when you don't expect it. – Zoredache – 2012-02-04T12:14:53.097

From my own eperience - every time I've tried FSE it slowed down file access speeds and system in general. – AndyDeGroo – 2012-02-04T16:45:26.890


LUKS is probably what you're looking for. From memory, Oneiric can set this up for you during the installation process.


Posted 2012-02-04T10:07:57.243

Reputation: 23

This is the only tutorial I understand regarding the matter. I installed Ubuntu yesterday, so I guess I don't use anything that important that I couldn't install it again. Just looking at the post-installation ecnryption instructions give me a headache.

– Iiro Krankka – 2012-02-05T12:27:06.693

@liro see Dustin's answer. Post-Install is not painless, best to do it on install from the Ubuntu alternate installer. I've run FDE for years on Ubuntu with great success. – krondor – 2013-06-13T20:14:23.520


Just to keep a better list of options here - it's possible to implement FDE on Linux with Truecrypt (yes, both full paritition encryption, hidden volumes or file-based containers are possible; access from other OS is also possible); you just have to glue together a minimal initrd consisting of init script, statically linked truecrypt and a number of required libs/binaries

I don't want to put my init script / initrd filelist here, but to give a few ideas:

  • don't forget to do umount -l /dev/; umount -l /proc/; umount -l /sys/ before changing to real root
  • you can use either switch_root or implement a full init subsystem which will switch you to your distro's real enviroment

Also, don't forget to add some protection against Evil Maid-class attacks..


Posted 2012-02-04T10:07:57.243

Reputation: 1 404

I was going to mention Truecrypt in an answer, glad you did so. I'm not sure there's any benefit to using that versus just using LUKS, but maybe if you move between OSes... – krondor – 2013-06-13T20:15:20.837