Difference between revisions of "Ubuntu 22.04 LVM encryption using LUKS"

Home > Ubuntu > Ubuntu 22.04 > Ubuntu 22.04 LVM encryption using LUKS

To configure encryption on an empty LVM logical volume in Ubuntu 22.04 (Also works on Ubuntu 24.04) after OS installation, follow these steps:

Encrypting and Mounting a Logical Volume with LUKS

• If the logical volume is already mounted, unmount it:

# sudo umount <mount-point>

Format the Volume with LUKS Encryption

Use `cryptsetup` to encrypt the logical volume:

# sudo cryptsetup luksFormat <lvm-path>

Open the Encrypted Volume

Open the LUKS volume and map it to a device name (e.g., `data_crypt`):

# sudo cryptsetup open <lvm-path> data_crypt

Create Filesystem

Format the mapped encrypted volume with the ext4 filesystem:

# sudo mkfs.ext4 /dev/mapper/data_crypt

Configure crypttab

• Find the UUID of the encrypted device:

# sudo blkid <lvm-path>

• Edit /etc/crypttab and add an entry like the following:

# sudo nano /etc/crypttab

Example content:

data_crypt UUID=82e544db-2c86-46ad-86cd-081e61d9d48c none luks

Configure fstab

Edit /etc/fstab to mount the decrypted volume at boot:

# sudo nano /etc/fstab

Example content:

/dev/mapper/data_crypt /mnt/data1 ext4 defaults 0 2

Update Initramfs

Update the initramfs so the system can unlock the volume during boot:

sudo update-initramfs -u

Modify GRUB

sudo nano /etc/default/grub

• remove quiet splash parameters in the following line:

GRUB_CMDLINE_LINUX_DEFAULT=""