** Description changed: - I'll try to keep this as concise as I can by telling you to circumstance - I found myself in so you've got a real use case. + It won't look like it, but I've tried to keep this as concise as + possible whilst trying to keep the detail needed to show a genuine + frustration with the situation faced. -- - My workplace gave me a new Dell laptop and (although I don't use - Windows, unlike my colleagues) I have been told to keep the Windows - partitions intact (e.g. the Dell/Windows recovery, EFI and main Windows - partitions) probably so that if the laptop needs re-purposing later they - can as Windows 10 doesn't seem to use a serial/recovery media any more. + My employer gave me a new Dell laptop and (although I don't use Windows, + unlike my colleagues) I'd been told to keep the Windows/Dell/EFI + partitions intact for any potential later use (as it seems Windows 10 + doesn't believe in serial keys/recovery media any more). - I was happy to oblige with this request and on first ever laptop power - on got it booting the Ubuntu MATE 18.04 installer from USB pen. I'd - have loved to have just picked the encryption option presented (which - also makes LVM mandatory) but this would erase Windows off too... so I - had to use the advanced partitioning screen... where I shrank the main - Windows partition and made myself a little ext4 /boot partition and an - encrypted ext4 root partition. + I happily obliged, and on first boot up got it straight into the Ubuntu + MATE 18.04 installer via USB pen. I wanted to pick the "Encrypt the new + Ubuntu installation for security" but this would've wiped the whole + disk. So I head in to 'Something else' to shrink the main Windows + partition and made myself a little ext4 /boot partition and an encrypted + ext4 root partition. - This was fine until I realised that hibernation doesn't work with swap - files (read other reports online about this) and needs a swap partition - (I'd normally be overjoyed as I hate swap partitions - that is... until - now, when I need one). + But I quickly learned that hibernation doesn't work with swap files and + needs a swap partition (I'd normally be overjoyed as I hate swap + partitions - that is... until now, when I need one). - Making another partition for encrypted swap would have worked but would - surely have resulted in two password prompts on boot and a lot of re- - configuring. Which got me thinking that what was really needed in this - use case... is a way of using the normal encryption option in the - installer (not using the advanced partition screen) which uses LVM also - (so both swap and root partitions are covered by the same encryption)... - BUT in a way that it just uses whatever free space is available... - rather than wiping the whole disk. + What is really needed is to be able to use the "Encrypt the new Ubuntu + installation for security" as that will put both an ext4 root and swap + partition within LVM and also within LUKS/crypt. - In the end I had to manually create the ext4 /boot, the crypt partition, - LVM pv on top of that, the LVM vg, two LVM lv's and format them... then - open up the installer for the advanced partitioning screen to see the - pre-existing /dev/mapper/ entries for it to install to. But because the - installer doesn't know it is installing to an encrypted area I still had - to (afterwards) teach it about these by making a /etc/crypttab and - reinstalling grub. + So I did just that (but using a VM) so I could witness what things got + named... turns out I'd need /dev/nvme0n1p5 to be an ext4 /boot and + /dev/nvme0n1p6 to be LUKS as /dev/mapper/nvme0n1p6_crypt. Then make an + LVM PV with a VG named ubuntu-mate-vg and 2 LVs which end up being + /dev/mapper/ubuntu--mate--vg--root and /dev/mapper/ubuntu--mate--vg- + swap_1. This way I'd end up with what "Encrypt the new Ubuntu + installation for security" would have created if it just supported going + into available free space rather than wiping the whole disk. - So I do *at last* have a hibernating, dual booting and encrypted laptop. + So using the 'Try Ubuntu' option on the USB pen I got a desktop and + manually created all the entities talked about... then immediately after + ran the installer from the desktop which could then see the /dev/mapper + entries to install to. This has been fine but since the installer + didn't set up LUKS I had to manually install a /etc/crypttab afterwards + and re-initramfs/re-install GRUB. - But it shouldn't be this difficult to get that surely? + I suppose I *could* have just made another partition as encrypted + swap... but that'd require jumping through just as many hoops doing that + to then possibly then find on boot it may ask for two encryption + passwords. - I'd equally welcome a way of installing with encryption (again to free - space, not wipe whole disk) without LVM... but if this is with a swap - partition then the user should only be prompted for a password once on - boot (for both encrypted root and encrypted swap)... or if this is using - a swap file inside the encrypted root partition then the - hibernation/resume to/from swap file needs fixing. + So I do *at last* have a hibernating, dual booting and encrypted laptop + :) + + But surely it would be better to allow the "Encrypt the new Ubuntu + installation for security" option to work in available free space ... + rather than forcing a wipe of the whole disk? Or an "Install alongside + Windows" type option but with encryption? + + I'd equally welcome any other way of installing with encryption (again + to free space, not wipe whole disk) *without* LVM... but if this is with + a swap partition then the user should only be prompted for a password + once on boot (for both encrypted root and encrypted swap)... or if this + is using a swap file then hibernation needs to work with it. Sorry for the long report :)
** Summary changed: - Insufficient simple partitioning options + Insufficient options for encryption -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1780971 Title: Insufficient options for encryption To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/ubiquity/+bug/1780971/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
