Ubuntu Linux has quickly become the most popular GNU/Linux distribution in use on workstation computers. Ubuntu is user-friendly, doesn't cost a dime, and is powered by open source software. One of Ubuntu's best features is full disk encryption, an important security and privacy feature that keeps data on your hard drive scrambled in case it's lost, seized, stolen, or if you choose to sell or give away your computer in the future.

Right now most users don't even realize that Ubuntu offers full disk encryption because the option is not included in the popular default Live CD installer. Instead you have to use the text-based alternate CD to install Ubuntu with disk encryption. If we ever hope to make it common practice for laptop users to encrypt their drives, encryption needs to be in the default installation - not some special alternate installation.

We can do something about this! Ubuntu Brainstorm is a simple way to contribute ideas and to have the community to vote on them. Ideas that get lots of votes gain the attention of the developers. If you care about getting full disk encryption built-in to the Ubuntu Live CD installer, please create an Ubuntu Brainstorm account and vote on this idea.

Why encrypt your hard drive?

Encrypting your hard drive protects your privacy and your data in case your computer is lost, seized, stolen, or otherwise ends up in someone else's hands. Police are unlikely to access your encrypted data without your cooperation or a court order, so using disk encryption makes it much more difficult for them to violate your Fourth Amendment rights that protect you from unreasonable search and seizure.

In addition to being simpler and easier than only encrypting documents that you consider sensitive, full disk encryption protects you in a variety of ways that partial encryption does not. Sensitive data ends up on your hard drive that you might not think about or realize is there, including your browser history, cookies, and saved passwords. Full disk encryption also prevents attackers from changing operating system or application files to compromise your security. Federal government laptops have been encrypted since 2006. Shouldn't yours be as well?

There are some attacks against disk encryption, such as the cold boot attack and the evil maid attack. These require special conditions, are hard to pull off, and are difficult for law enforcement to justify doing without probable cause. It's possible, though inconvenient, to protect yourself from both of these. You can also protect yourself against the brute-force attack by choosing a good, long passphrase.

How do I encrypt my hard drive with Ubuntu now?

In the meantime, if you want to use full disk encryption in Ubuntu download a copy of the alternate installer CD. Boot to it and follow the instructions. When you get to the "Partition disks" step choose "Guided - Use entire disk and set up encrypted LVM", and type your new encryption passphrase twice. When the installation is done your computer will reboot and you'll need to type your passphrase to unlock your hard drive before Ubuntu can boot. It's more difficult to dual-boot with Windows while using encrypted Ubuntu partitions, but there's no reason why this shouldn't be a one-click option as well.

Installing Ubuntu with disk encryption

Ready to help make encryption the default? Head over to Ubuntu Brainstorm and vote.

Related Issues