Encrypt disk in Ubuntu

I installed  a Ubuntu 12.04 desktop by using the 12.04.2 alternate CD. After generated a distribution iso, I found the disk encryption feature was not included in the custom install process. To make the new iso support disk encryption, I wrote a script. Here is how it works:

1) Boot from the live CD.

2) Run the script (the codes can be found at the bottom).


3) The script will set up the partitions and ask you to provide the encryption passphrase.


4) Choose the language.


5) Choose Continue.


6) Choose ‘Something else’.


7) Choose /dev/mapper/sda5_crypt as the mount point for / and /dev/sda1 as the mount point for /boot, then click ‘Install Now’.


8) Click ‘Continue’.


9) Choose location.


10) Choose Keyboard


11) Choose ‘Continue testing’.


12) The script will automatically configure the newly installed system and reboot.

13) The system will ask for the encryption passphrase after reboot.





# Wipe existing partition
dd if=/dev/zero of=/dev/sda bs=512 count=1

# Set up partition
(echo n; echo p; echo; echo; echo +300M; echo n; echo p; echo; echo; echo +2G; echo n; echo e; echo; echo; echo; echo n; echo l; echo; echo; echo t; echo 2; echo 82; echo w) | sudo fdisk /dev/sda

sudo fdisk -l

# Encrypt disk
sudo cryptsetup -y -v luksFormat /dev/sda5
sudo cryptsetup luksOpen /dev/sda5 sda5_crypt

# Format disk
sudo mkfs.ext2 /dev/sda1
sudo mkswap /dev/sda2
sudo mkfs.ext4 /dev/mapper/sda5_crypt

# Install Ubuntu
ubiquity –desktop %k gtk_ui

# Configure the new system
sudo mount /dev/mapper/sda5_crypt /mnt
sudo chroot /mnt mount /proc
sudo mount –bind /dev /mnt/dev
sudo chroot /mnt mount /boot

echo “sda5_crypt UUID=`sudo blkid -s UUID -o value /dev/sda5` none luks” | sudo tee -a /mnt/etc/crypttab

sudo chroot /mnt update-initramfs -u
sudo umount /mnt/proc /mnt/dev /mnt/boot /mnt
echo rebooting…
sudo reboot



