Ubuntu 20.04.01, full disk encryption, btrfs, & hibernation?

runswithascript

New Member
Joined
Mar 26, 2020
Messages
2
Reaction score
0
Credits
31
I am trying to install *Ubuntu 20.04.01 on my desktop with full (or almost full as Tj puts it) disk encryption including encrypted swap partition that allows hibernation, and btrfs.

The last few years I am using ManualFullSystemEncryption but even being careful to make sure I do not turn my system off after an update before the grub fix script automatically runs, these updates or *Windows updates if dual booting, have broken grub and I have often had to boot to a live USB and run fix-grub.sh.

Yesterday I followed Tj's Full_Disk_Encryption_Howto_2019 but when I got to the point of formatting /dev/mapper/ubuntu--vg-root I searched to see if I needed to do anything extra to use btrfs and ext3. I have since learned that using btrfs is not as simple as just selecting another filesystem from the dropdown.

This next brought me to Willi Mutschler's Ubuntu 20.04 with btrfs-luks full disk encryption including /boot and auto-apt snapshots with Timeshift which is very similar to Tj's, although it includes many extra steps for optimising btrfs and SSD. This is almost perfect for my intention, the only issue is that Willi sets it up so that swap is encrypted with a random password as he does not use hibernation:

Code:
export SWAPUUID=$(blkid -s UUID -o value /dev/vda2)echo "cryptswap UUID=${SWAPUUID} /dev/urandom swap,offset=1024,cipher=aes-xts-plain64,size=512" >> /etc/crypttab
cat /etc/crypttab
# cryptdata UUID=8e893c0f-4060-49e3-9d96-db6dce7466dc none luks
# cryptswap UUID=9cae34c0-3755-43b1-ac05-2173924fd433 /dev/urandom swap,offset=1024,cipher=aes-xts-plain64,size=512
He references Archlinux's dm-crypt/Swap encryption which I have looked through, and it would seem I need to set up some kind of hook for swap, but I have not been able to make much more sense of it than that.

Last night I found Félix Saparelli's Full-disk encryption with Btrfs, swap, and hibernation. It gives commands for setting up encrypted swap but not the rest of the install, so I had planned today to try and use it in conjunction with Willi's guide to achieve my desired install.

I wanted to post and ask if this is the best approach, or if there is better way to do this or a more complete guide?

*I would prefer to install Ubuntu Server edition on my desktop and then manually install my desktop environment as I have read this is an even more stripped down version of Ubuntu than the minimal install. Unfortunately when following Tj's guide, which is not intended for Server, after selecting the partitions the installer errored. Willi's guide references files for optimising btrfs in /usr/lib/partman which is not contained in the server installer and the same files do not exist anywhere else and it does not seem I can just install a package for partman.

*I was running a setup with Windows 10 on the same drive encrypted with VeraCrypt. This time I am not dual booting.
 


I am trying to install *Ubuntu 20.04.01 on my desktop with full (or almost full as Tj puts it) disk encryption including encrypted swap partition that allows hibernation, and btrfs.

He references Archlinux's dm-crypt/Swap encryption which I have looked through, and it would seem I need to set up some kind of hook for swap, but I have not been able to make much more sense of it than that.
Hooks are specific for Arch based distributions, since you are running Ubuntu that part is not relevant to you. To be honest I have no experience with btrfs, I run my system with full disk encryption and have an automatic snapshot made once a week using timeshift. Someone else here on the forums may be able to advise you on btrfs. Ubuntu Server is a good choice to use as your base, that way you just install what you want instead of having to strip out what you don't need or want to use.
 


Latest posts

Top