Create An Encrypted Logical Volume on Ubuntu [ Xenial | Bionic | Cosmic ]
Using encrypted partitions and file systems is a good way to keep things secret and this can be done with ease either on the system HDD or on a external HDD or usb drive. In this case I will demonstrate how this can be done in the system HDD.
First I assume that you did not use your entire HDD while installing your OS else these steps will be impossible but in my case I did this on a Virtual Machine so I left out some space (10G) to do this demonstration. And note it’s a good practice to leave some space but that will take some practice and expertise to achieve this, any ways you could always use a VM to get this done and learn in the process.
The tools we need are fdisk (which comes pre-installed), cryptsetup [ install this with the command: sudo apt install cryptsetup ], Logical Volume Manager [ install with the command: sudo apt install lv2 ].
Now to the process:
Partition creation will be done using fdisk commands sudo fdisk /dev/sda, note that here my device identifier ended in a but your might end in b but since we’re using our HDD. Now at the prompt type n to create a new partition and accept the default number and when asked if you desire a primary or logical partition, choose primary. After that you will be asked to pick a start point for this partition just press the enter button to accept the default and for the end type +10G as we will be creating a partition of this size. Now to create a partition of type logical volume type t and then enter 8e (the code for linux partition type logical volume) after that type p to see what partitions have been created and you should see something like this:
With that done type w to write these changes to disk, and the command will automatically exit.
Setup the Logical Volumes from the just created partitions:
The normal structure of this would be physical volume => volume group => logical volume. So we begin by creating a physical volume from that partition with the command sudo pvcreate /dev/sdaX, X here being the default number fdisk command used in creating that partition. Now we create a volume group with the command sudo vgcreate myvg /dev/sda3 . Now we create the logical volume from the volume group with the command sudo lvcreate -L 3G -n lvname myvg , lets breakdown the commands:
-L: This is the size of the logical volume, we start with a size of 3G and can increase with time or even reduce.-n: The name of the logical volume we are creatingmyvg: The name of the volume group we created earlier.
Now make a mount point for this partition with the command sudo mkdir -p /secrete , we will now setup the encryption.
Setup Encryption:
Run these commands sudo cryptsetup luksFormat /dev/myvg/lvname , then sudo cryptsetup luksOpen /dev/myvg/lvname secret now a passphrase will be asked in both steps in first command you enter a new one and in the second you re-enter the previously created passphrase. Take note of this passphrase as you will need to enter it at boot to be able to mount and access that encrypted partition.
We will now format that partition with the commands: sudo mkfs -t ext4 /dev/mapper/secret , add entries in the /etc/crypttab and /etc/fstab files respectively. In the former add: secret /dev/myvg/lvname, and in the latter /dev/mapper/secret /secret ext4 defaults 1 2 . Now let us mount the partition with the command sudo mount -a or sudo mount /secrete . Now run lsblk -f to see the new partition scheme we just created and it should look similar to the image below:
