Skip to content

Instantly share code, notes, and snippets.

@synthetic-intelligence

synthetic-intelligence/Ubuntu 18.04 setup.md

Forked from labbots/Ubuntu 18.04 setup.md
Created April 23, 2021 17:50
Show Gist options
  • Save synthetic-intelligence/f0c4a47fcea65c1413eb6869f3779435 to your computer and use it in GitHub Desktop.
Save synthetic-intelligence/f0c4a47fcea65c1413eb6869f3779435 to your computer and use it in GitHub Desktop.
Download ZIP

Revisions

  1. @labbots labbots created this gist Jun 10, 2019.
    158 changes: 158 additions & 0 deletions Ubuntu 18.04 setup.md
    View file
    Original file line number Diff line number Diff line change
    @@ -0,0 +1,158 @@
    ## Ubuntu 18.04 installation with LUKS and LVM

    ### Installation Process
    **Pre-installation from live OS**

    This setup of Ubuntu with LUKS and LVM is tested on Ubuntu 18.04.

    Boot Ubuntu from a Live OS and select the option to try Ubuntu without installing. Follow the steps I've outlined below. Let's assume you're installing to /dev/nvme0n1.

    1. Partition the drive with your tool of choice: I used gparted to set mine up.
    - Make sure the drive in which we are about to install is completely unallocated.
    - The first partition must always be the **ESP** partition. Set the following fields:
    - Free space preceding - Change only if required (it might not accept zero)
    - New Size - 550MiB
    - Free space following - (will be calculated automatically)
    - Align to - MiB
    - Partition Name - EFI System Partition
    - File System - fat32
    - Label - ESP
    - Press _Add_, and then the big green tick and "Apply".
    - Right-click your new partition (with the name "EFI System Partition") and select "Manage Flags".
    - Select "esp", which will automatically change a couple of other flags. Press Close.
    - The next partition would be **Boot** partition. Set the following fields:
    - Free space preceding - Automatic value
    - New Size - 1024 MiB
    - Free space following - (will be calculated automatically)
    - Align to - MiB
    - Partition Name - boot
    - File System - ext4
    - Label - boot
    - The next partition would be **Encryption** partition. Set the following fields:
    - Free space preceding - Automatic value
    - New Size - Entire space available
    - Free space following - (will be calculated automatically)
    - Align to - MiB
    - Partition Name - system
    - File System - cleared
    - Label - system
    2. The resulting partition table will look as follows:
    - nvme0n1p1: EFI partition 550 MiB
    - nvme0n1p2: /boot (1G)
    - nvme0n1p3: LUKS partition (the rest of the disk)
    3. Setup LUKS
    - `sudo cryptsetup luksFormat --hash=sha512 --key-size=512 --cipher=aes-xts-plain64 --verify-passphrase /dev/nvme0n1p3`
    - `sudo cryptsetup luksOpen /dev/nvme0n1p3 CryptDisk`
    - While not necessary, it is a good idea to fill your LUKS partition with zeros so that the partition, in an encrypted state, is filled with random data. `sudo dd if=/dev/zero of=/dev/mapper/CryptDisk bs=4M` _BEWARE, this could take a really long time!_
    4. Setup LVM on /dev/mapper/CryptDisk
    - `sudo pvcreate /dev/mapper/CryptDisk`
    - `sudo vgcreate vg0 /dev/mapper/CryptDisk`
    - `sudo lvcreate -n swap -L 20G vg0`
    - `sudo lvcreate -n root -l +100%FREE vg0`
    ----------

    **Installation from live OS**

    4. Now you're ready to install. When you get to the "Installation type" portion of the install, choose the "Something else" option. Then manually assign the /dev/mapper/vg0-* partitions as you would like to have the configured. Don't forget to set `/dev/nvme0n1p2` as `/boot`. the /boot partition must not be encrypted. If it is, we won't be able to boot.
    5. Press the "Change…" button and assign boot, swap and root (/) partition to installation partitions
    6. Change the "Device for boot loader installation" to /dev/nvme0n1, and continue with installation.
    7. When installation is complete, **don't reboot**! Choose the option to "Continue Testing".

    ----------

    **Post-installation configuration from live OS**

    8. In a terminal, type the following and look for the UUID of /dev/nvme0n1p3. Take note of that UUID for later.
    - `sudo blkid | grep LUKS`
    - The important line on my machine reads `/dev/nvme0n1p3: UUID="bd3b598d-88fc-476e-92bb-e4363c98f81d" TYPE="crypto_LUKS" PARTUUID="50d86889-02"`
    9. Next lets get the newly installed system mounted again so we can make some more changes.

    - `sudo mount /dev/vg0/root /mnt`
    - `sudo mount /dev/nvme0n1p2 /mnt/boot`
    - `sudo mount --bind /dev /mnt/dev`
    - `sudo mount --bind /run/lvm /mnt/run/lvm`
    - `sudo mount /dev/nvme0n1p1 /mnt/boot/efi`
    10. Now run `sudo chroot /mnt` to access the installed system
    11. From the chroot, mount a couple more things
    - `mount -t proc proc /proc`
    - `mount -t sysfs sys /sys`
    - `mount -t devpts devpts /dev/pts`
    12. Setup crypttab. Using your favorite text editor, create the file /etc/crypttab and add the following line, changing out the UUID with the UUID of your disk.
    - `CryptDisk UUID=bd3b598d-88fc-476e-92bb-e4363c98f81d none luks,discard`
    13. Lastly, rebuild some boot files.
    - `update-initramfs -k all -c`
    - `update-grub`
    14. Reboot, and the system should ask for a password to decrypt on boot!

    ----------
    ### Enabling System Hibernation
    **Configuring encrypted Swap**

    1. Identify the Swap partition path by viewing the fstab.
    - `cat /etc/fstab`
    - The swap path would look something like `/dev/mapper/vg0-swap`
    2. Create a resume file in initramfs so the swap can be loaded at boot.
    - `sudo gedit /etc/initramfs-tools/conf.d/resume`
    - Add the following line to the file and save it `RESUME=/dev/mapper/vg0-swap`
    3. Add the same value to the grub
    - `sudo gedit /etc/default/grub`
    - `GRUB_CMDLINE_LINUX_DEFAULT="quiet splash resume=/dev/mapper/vg0-swap"`
    4. Update kernel image and grub
    `sudo update-initramfs -u -k all`
    `sudo update-grub`

    **Enabling Hibernate**

    5. Test whether hibernate is supported in your system by manually running the hibernate command from the terminal
    `sudo systemctl hibernate`
    6. If the hibernate works as expected then open the following snippet to the file.
    - `sudo gedit /etc/polkit-1/localauthority/50-local.d/com.ubuntu.enable-hibernate.pkla`

    7. Add the following snippet to the file and save it.
    ```
    [Re-enable hibernate by default in upower]
    Identity=unix-user:*
    Action=org.freedesktop.upower.hibernate
    ResultActive=yes
    [Re-enable hibernate by default in logind]
    Identity=unix-user:*
    Action=org.freedesktop.login1.hibernate;org.freedesktop.login1.handle-hibernate-key;org.freedesktop.login1;org.freedesktop.login1.hibernate-multiple-sessions;org.freedesktop.login1.hibernate-ignore-inhibit
    ResultActive=yes
    ```
    8. Restart system after modifying the configuration.
    9. Install the [Hibernate status button](https://extensions.gnome.org/extension/755/hibernate-status-button/) gnome extension to add hibernate button to the GUI.

    **Enabling PM Utils**

    9. Install PM Utils using the following command.
    `sudo apt install --assume-yes --quiet pm-utils`
    10. Check if your system supports hybrid suspend
    `sudo pm-is-supported --suspend-hybrid && echo 'Hybrid suspend available' || echo 'Hybrid suspend NOT supported'`
    11. If hybrid suspend is supported then add the following lines to `/etc/systemd/logind.conf`
    ```
    HandleSuspendKey=hybrid-sleep
    HandleLidSwitch=hybrid-sleep
    ```

    ----------
    ### Nvidia Graphic driver issue
    I had issues with suspend and hibernate when using Nvidia graphic driver (Quadro p1000). If you encounter such issues. Then add the following line to `/etc/default/grub`

    `GRUB_CMDLINE_LINUX="nouveau.blacklist=1 acpi_rev_override=1 acpi_osi=Linux acpiphp.disable=1 nouveau.modeset=0 pcie_aspm=force drm.vblankoffdelay=1 scsi_mod.use_blk_mq=1 nouveau.runpm=0 mem_sleep_default=deep"`

    Once the configuration is saved then run the following command to refresh grub
    `sudo update-grub`

    ----------

    ### References

    1. [Custom encryption setup on Ubuntu 18.04](https://askubuntu.com/questions/918021/encrypted-custom-install)
    2. [Manual full system encryption on Ubuntu 18.04](https://help.ubuntu.com/community/ManualFullSystemEncryption)
    3. [Enable Hibernation on Ubuntu 18.04](http://ubuntuhandbook.org/index.php/2018/05/add-hibernate-option-ubuntu-18-04/)
    4. [Script to LUKS partioning installation](https://github.com/nbros652/LUKS-guided-manual-partitioning)
    5. [Guide on encrypted ubuntu installation with LUKS and LVM](https://adventures-in-tech.blogspot.com/2018/10/encrypted-ubuntu-installation-with.html)
    6. [Fix for suspend issue with Nvidia graphic driver in Ubuntu 18.04](https://devtalk.nvidia.com/default/topic/1044633/linux/driver-does-not-wake-gpu-properly-after-suspend-ubuntu-18-10-with-branch-390-410-and-415-/post/5300650/#5300650)
    7. [Installing Nvidia graphics driver in Ubuntu 18.04](https://www.linuxbabe.com/ubuntu/install-nvidia-driver-ubuntu-18-04)
    8. [Method to disable Nouveau Nvidia driver](https://linuxconfig.org/how-to-disable-nouveau-nvidia-driver-on-ubuntu-18-04-bionic-beaver-linux)