For the last 3 or more years I have been unsuccessfully trying to install Ubuntu on an encrypted hard drive. I’ve tried both installing everything fresh(with Ubuntu handing the initial partition setup, etc.) as well as trying to install on my existing system. In almost every case it failed miserably for one reason or another.
Today, that is history and I’ll tell you the most reliable way to install it on a pre-existing system(the hardest setup to deal with apparently).
First of all, despite what you’re told, do NOT get the “alternate” version of the installer disk. I have spent no less than 2 weeks(that’s 24/7 x2) with each of the alternate installers since 8.10 and they’re utter nonsense.
Under your current primary Linux installation, create a partition on your LVM for your Ubuntu installation.
Grab a desktop version and boot from it.
Setup your network and in a terminal run ‘apt-get update’ and then ‘apt-get install lvm2 cryptsetup hashalot’(depending on what version of Ubuntu you’re installing, you have have to omit the hashalot entry).
Use cryptsetup to open your LUKS partition with ‘cryptsetup luksOpen /dev/yourharddrive crypted’(‘crypted’ can be any name within reason)
Use ‘vgchange -ay’ to create nodes for your partitions in the LUKS container.
NOW install Ubuntu the way you would normally. Be sure to select your /boot partition for the /boot mountpoint and tell it not to format the partition, and of course use the partition you created earlier, you will need this later. Once the installer hits the end, do NOT reboot; hit ‘continue testing’.
Now it gets kinda tricky because at this point you’ve got an installed system but the initramfs doesn’t know it’s dealing with a LUKS container, much less *how* to deal with it. Fortunately once you understand what you’re doing, this won’t take long. For the most part everything you need to do will be done as root so go ahead and “sudo -i” so you don’t have to ‘sudo’ everything.
In a terminal type
‘blkid |grep LUKS’
which should give you the UUID of the LUKS container(if not you may need to use blkid by itself to fiind this yourself). Make note of that UUID.
Next you want to make a temporary directory to mount your new root(and boot) filesystem, something like(substitute your information where needed):
mount /dev/mapper/vg-root /mnt/ubuntu
mount /dev/sdb1 /mnt/ubuntu/boot
Now you need to look to see if /etc/initramfs-tools/conf.d/cryptroot exists. If not create it with these contents
Next, you need to open /etc/crypttab in an editor(I recommend either ‘pico’ or ‘nano’ but anything you’re comfortable with that can also handle being run as root will do) and fill it with the following:
pvcrypt /dev/disk/by-uuid/<uuid from above> none luks
Next, check /etc/fstab and for the ‘/’ mount, replace the “UUID=<UUID of drive>” with something that looks like:
/dev/mapper/vg-root / ext4 defaults 0 1
For the record, you can do this whole routine in under 30 seconds with Fedora’s installer(all in the GUI, no special disk, etc, required) since so long ago that I’m truly surprised that Ubuntu hasn’t figured out how to duplicate this basic functionality.