I've been using Linux for several years. And because the kernel keeps improving a lot has changed in the past few years. I've written this guide to share my knowledge and help others. This guide aims not only to help you install Ubuntu but also to help you create a full Linux laptop experience. Creating this full experience expands multiple posts.

Table of Contents

Introduction

In this guide I will be making several setup choices. If you fancy a different choice, you can do so. And if you have a specific desire for you're own setup, and it is not covered in this manual. You can always request it in the comments, in which I could look into it and describe how to setup it up in a separate post.

This first post will cover basic install with Full Disk Encryption with UEFI.. This guide will be slightly different than simply choosing full disk encryption from the installer.

The reason for not using the default encryption option available from the installer is part of some personal choices.

  • I want a separate SWAP partition (not file)
  • I want to provide a guide template for other filesystems

About the SWAP partition. Since kernel 2.6 the performance of a swap file versus a swap partition is almost the same. And due to the current speed of SSD and NVMe drives there should be no issue concerning fragmentation. So why... because I personally found it easier to work with when you want to get laptop functionality like Suspend, Hibernate, and Hybrid-Suspend working.

About the second reason, providing a guide template for other filesystems, the choice of a particular filesystem can become quite personal. So by providing this guide, I can easily add an other post in which I only have to provide the specific details about configuring the partitions and setup for that particular filesystem.
This guide will use ext4 for the filesystem. I'm planning on writing an second post on how to do a full disk encryption setup with BTRFS and subvolumes.

This guide will assume the following

  • Ubuntu UEFI Install
  • Boot Partition will be unencrypted
  • SWAP Partition
  • ext4 filesystem
  • Readers choice if you want a separate home partition

Pre Install

Do not forget to backup your data. Because we will be performing a clean install and manual configuration of the partitions all your data will be lost and it will not be possible to recover it.

Disk Identifier

I will be installing to a NVMe SSD disk. This means that my disk is identified as /dev/nvme0n1 please make sure that you do know the id of the drive you will be installing to, for example /dev/sda.

Install

Please boot your laptop with Ubuntu 19.04 either from  DVD, USB, and in the Ubuntu boot menu choose the option:

Try Ubuntu without Installating (Safe Graphics)

Why (Safe Graphics) my laptop is equipped with Optimus technology from Nvidia which basically means I have two graphical cards. An embedded Intel and a discrete Nvidia card. By choosing (Safe Graphics) you will not run into any problems with freezing screens, if there is an issue with detecting your specific hardware.

The install process consists of several steps.

Basic Partition Setup

When the Ubuntu Live Desktop is ready, you will have a option on the desktop with Install Ubuntu 19.04 do not start it directly. First we are going to preform the basic partition setup.

Start GParted. Delete all partitions and hit Apply. Also please make a note of your primary device ID in the top right corner of the disk where you want to install to. My disk ID is /dev/nvme0n1.

After deleting all the partitions you have a complete empty disk with Unallocated space. The first thing we will be creating is the EFI partition which is required for UEFI boot.

Question: I don't know if my laptop uses UEFI

Answer:
There are two possible scenario's; either your hardware uses UEFI or it does not. There is however the possiblity that it is disabled in your BIOS but thats beyond this scope.

You can even check for UEFI from a Ubuntu live desktop, by running the following command in a terminal ctrl-alt-t:

ls /sys/firmware/efi/

If the command returns a listing fo the directory then you have UEFI. If the folder efi is missing then you run in legacy BIOS mode.

First step before creating partition is to create a partition table. Choose from the menu in Device -> Create Partition Table , select gpt as table type and click apply.

Create a new partition by choosing Partition -> New.

Option Value
New Size (MB) 256
Partition name EFI System Partition
File system fat32
Label esp

Click Add to add the partition to the partition table.

Create a new partition by choosing Partition -> New.

Option Value
New Size (MB) 512
File System ext2

This second partition will be our boot partition from which the kernel(s) are loaded.

The partitions are not yet created. When you click on Apply the partition will actually be created, perform this now so we can mark the partition as an actual EFI partition.

After creating the partitions you can now right click on the efi partition and choose Manage Flags. Select esp this will also auto select boot. GParted should have auto applied the new flags. This can be confirmed by the Apply button which should be grayed out. If not click Apply.

Note: You might see an exclamation mark after the device ID. You can ignore this.

Partition Configuration with the Installer

We are now ready to start the ubuntu installer for the first time. While it looks like there are a lot of steps, using the installer to perform certain actions is easier than doing everything manual.

When you are at the install screen Installation Type choose the option Something else.

Right click on the free space beneath your second partition which we are going to use a boot partition and choose add.

Select physical volume for encryption in Use as, enter a security key and click ok.
The installer will now have created a secondary LVM partition with encryption.

Make a note of the partition ID, with me its /dev/nvme0n1p3. The part nvme0n1p3 will be needed in the next section.

Do not continue the installer, click Quit.

LVM Partition Setup

We are now going to continue the configuration by creating partitions inside the LVM encrypted partition we just created.

Open a terminal with ctrl-alt-t

Switch to root: sudo su -

Get the partition ID of the disk by id.

ls /dev/disk/by-id/

In the contents which are returned, there should be an entry with the name: dm-name-{ID}_crypt in which {ID} is the id from the last section.

For me the name of the entry is dm-name-nvme0n1p3_crypt.

Now we are ready to create the LVM volume group in which we will be creating the encrypted partitions. In the next command replace the disk ID by the one you just found.

vgcreate system /dev/disk/by-id/dm-name-nvme0n1p3_crypt

Now we are going to actually create the partitions. For my personal setup, I've made the choice not to have a separate home partition, this because I backup to my own personal NAS. The commands to create a separate home partition are also provided.

Because I have 32GB of memory I will be creating a SWAP partition of 34GB, this so I configure Hibernation and Hybrid-Standby in the future. For convenience I have simply used the following formula for my SWAP space. Total Memory + 2GB.

Without Home Partition.

lvcreate -L 34G -n swap system
lvcreate -l 100%FREE -n root system

With Home Partition

lvcreate -L 34G -n swap system
lvcreate -L 40G -n root system
lvcreate -l 100%FREE -n home system

Root Partition is configured to 40 GB, change to your own preference.

Install Ubuntu 19.04

What have we done so far. We have created an EFI and boot partition, we then have used the installer to configure an encrypted partition. And then we configured our actual partitions inside this encrypted partition.

Now we are ready to install Ubuntu, so restart the installer.

At the screen Installation Type select Something else again like we did last time.

You will notice that there are a little more entries in the device list then before. The entries starting with /dev/mapper/* are the logical volumes within the encrypted partition.

So first things first, select your EFI partition with a right mouse click and click on Change, select EFI System Partition in Use as.

Next up is the boot partition. Select Ext2 file system in Use as, check the Format the Partition option and set /boot as the mount point.

The device listing within the installer might have an issue which will cause some entries to show up twice. In this case select the entry which has a value within the column size.

Next up is the SWAP partition, /dev/mapper/system-swap select swap area in Use as.

Configure the root partition, /dev/mapper/system-root with an Ext4, and a mount point of /. Do not forget to also check Format the partition.

If you have opted to have a separate home partition, configure it with Ext4 journaling file system and a mount point of /home. And don't forget to check Format the partition.

Finally at Device for boot loader installation select the drive itself. For me this is `/dev/nvme0n1`

Now you are ready to hit Install Now and install Ubuntu.

When the installation is completed, DO NOT REBOOT, simply keep the installer window open.

SSD and Crypt Configuration

What have we so far; we have an installed Ubuntu system on an encrypted partition including an encrypted SWAP partition. However, if we would reboot now, like the installer suggests, we end up with a broken system because our current system cannot boot.

We also have chosen for Ext4 as file system, this is a journaling file system. And without going into the details, we simply have to turn off the journal to make it behave correctly on a SSD drive.

And we have to configure our encrypted drive so it can be mounted when the system boots.

First we have to get the UUID of our encrypted partition, for me this is /dev/nvme0n1p3, so start a terminal (ctrl-alt-t) while keeping the installer notification that the installation has been completed.

Get UUID of encrypted partition

blkik /dev/nvme0n1p3

In the output you will find a key UUID=. Take the value of this key without the quotes for the next command.

echo 'nvme0n1p3_crypt UUID={UUID} none luks,discard' > /target/etc/crypttab

Replace nvme0n1p3 with you partition id, and {UUID} with the UUID value from the blkid command.

The option luks in the mount parameters is for the disk encryption
The option discard is only required if you have a SSD based drive.

Additional option for SSD performance, set the mount option noatime.

vi /target/etc/fstab

Find your mount point entry for your ext4 partitions. And add noatime to the options.

Install Bootloader

In order to install the bootloader we first have to change into the target root system of our installation.

Mount /dev, /sys and proc in the target system

mount --rbind /dev /target/dev
mount --rbind /sys /target/sys
mount -t proc proc /target/proc

Change into the target system

chroot /target

Install the bootloader

grub-install --target=x86_64-efi --efi-directory=/boot/efi --bootloader=ubuntu --boot-directory=/boot/efi/EFI/ubuntu --recheck /dev/nvme0n1

Change /dev/nvme0n1 to your own drive

Output should be:

Installing for x86_64-efi platform.
Installation finished. No error reported.

Create grub config

grub-mkconfig --output=/boot/efi/EFI/ubuntu/grub/grub.cfg

Update initial ramdisk

update-initramfs -ck all

Now everything is completed to boot into our new encrypted system.

Type exit in the terminal to leave the target system, now you can click Restart Now in the Installation Complete window.

I hope this guide was helpful, if you have any comments, ideas for improving this guide. Please let me know.

If you found this post useful, subscribe to this blog.