Ubuntu - Encrypting Your Disk
Encryption During Installation
Ubuntu disk encryption is easy during new Ubuntu installation. The installer will ask you if you want to do it and you just follow the instructions. Just be extra careful to use a strong password and remember it as it will be quite hard to access any files after encrypted without access.
It can be hard to encrypt your whole disk after Ubuntu installation. But you can still go for a "good-enough" security by encrypting your home and swap directories. Home is the place where you should keep all personal information and swap is sometimes used as a temporary storage for memory.
sudo apt install -y ecryptfs-utils cryptsetup sudo adduser gatekeeper sudo usermod -aG sudo gatekeeper # login as the gatekeeper # encrypt the user home directory, # this could take a while and requires you to have 2.5x free space vs. the target home sudo ecryptfs-migrate-home -u ruksi # login as the original user without rebooting # test that you can still write and read ok echo hello > greeting.txt cat greeting.txt sudo ecryptfs-unwrap-passphrase # enter your password and write down the return, this allows decrypting without password swapon -s # e.g. /dev/nvme0n1p3 sudo ecryptfs-setup-swap # if you get "swapon: stat of /dev/mapper/cryptswap1 failed: No such file or directory" # you might need to reboot here swapon -s # e.g. /dev/dm-0 sudo ecryptfs-setup-swap # WARNING: [/dev/dm-0] already appears to be encrypted, skipping. # remove the extra user sudo deluser --remove-home gatekeeper # remove the backup directory if all seems to be working sudo rm -Rf /home/ruksi.bT3QJtbw/