I have let this blog go a bit, ok a lot. Maybe because I have been lazy and not documented my recent findings or perhaps I am getting so good I am know all the answers. Yes, the answer is obvious.
Today I setup a laptop work gave me to use. We use Ubuntu 12.04 on the servers here, so I figured it would be smart to use Ubuntu 12.04 (or derived distro). I love KDE and I am using Mint 13 on my desktop, so made sense to go with that. What I quickly found is that the installer is lacking any options for encrypting your disk.
Off I went to find a tutorial on this. Three main pages I used was: https://www.martineve.com/2012/11/02/luks-encrypting-multiple-partitions-on-debianubuntu-with-a-single-passphrase, http://blog.lifebloodnetworks.com/?p=1348 and https://help.ubuntu.com/community/EncryptedFilesystemLVMHowto. The last link is close to what what I wanted (page may be deleted, it is saying!) but I also wanted to go with GPT because...why not, it is 2013. So I will cover the steps here.
sudo -i apt-get install lvm2 cryptsetup gdisk gdisk /dev/sdaSetup a GPT partition table. I can't remember the command, it wasn't hard. Now setup 3 partitions. 1 will be ef02 type and only needs to be 1M. This is for grub-bios. It stores the stage 2 files to allow booting on systems that don't support EFI and do a BIOS boot. GPT doesn't have an alloated space for these files, hence the partition. Then partition 2 will be the boot partition, type 8300. I set it to 500MB. Then last will be the LVM pv, type 8e00, using all remaining space.
cryptsetup luksFormat -c aes-xts-plain64 -s 512 -h sha512 /dev/sda3 cryptsetup luksOpen /dev/sda3/ systemAnd now the LVM on top of the encrypted partition (/dev/sda3).
pvcreate /dev/mapper/system vgcreate luks /dev/mapper/system lvcreate -n swap -L 8G lvcreate -n slash -L 12G lvcreate -n home -l 100%FREEThen I found the installer wouldn't recognise these logical volumes unless they were formated so...
mkfs.ext2 /dev/sda2 mkfs.ext4 /dev/luks/slash mkfs.ext4 /dev/luks/home mkswap /dev/luks/swap
/dev/luks/slash (/) /dev/luks/home (/home) /dev/sda2 (/boot) /dev/luks/swap (swap)Don't reboot once the install has completed.
sudo -i mkdir a mount /dev/luks/slash a mount /dev/sda2 a/boot mount -B /dev a/dev mount -B /dev/pts a/dev/pts mount -B /sys a/sys mount -B /proc a/proc chroot a apt-get update apt-get install lvm2 cryptsetup
system /dev/sda3 none luksYou can use a UUID="840311bc-9333-47f6-b64f-a9becf3c5b1e" style entry there in place of /dev/sda3 And the next step that got me was to tell grub about this setup. vim /etc/defaults/grub (/root/a/etc/defaults/grub outside the chroot)
GRUB_CMDLINE_LINUX_DEFAULT="quiet splash" to GRUB_CMDLINE_LINUX_DEFAULT="cryptopts=target=system,source=/dev/sda3,lvm=luks quiet splash"Change as required. Then run update-grub.
Done!