Setup an encrypted disk for use with UEFI and Ubuntu
Current systems may boot with UEFI enabled, instead of BIOS legacy mode. Most of the setup information is taken from Arch Linux - EFI System Partition
Preparing the disk for such a system is straight forward. You still
need an unencrypted
/boot partition, and another partition
containing the encrypted LVM.
UEFI needs another partition to boot, where the boot loader is stored. All this is stored on a disk with a GUID Partition Table (GPT), the old style BIOS MBR isn’t used anymore.
To do this, you create an EFI system partition of about 256 MiB. This
is the recommended minimum size, even though only a few hundred KiB
are used. Next you create a Linux
/boot partition, and finally
allocate the remaining space for the encrypted LVM.
You can see the result with
fdisk -l /dev/sdc
Disk /dev/sdc: 931,5 GiB, 1000204886016 bytes, 1953525168 sectors Units: sectors of 1 * 512 = 512 bytes Sector size (logical/physical): 512 bytes / 512 bytes I/O size (minimum/optimal): 512 bytes / 512 bytes Disklabel type: gpt Disk identifier: E30A04A3-8EB5-4AF4-BCBE-D5711DC7D787 Device Start End Sectors Size Type /dev/sdc1 2048 526335 524288 256M EFI System /dev/sdc2 526336 1574911 1048576 512M Linux filesystem /dev/sdc3 1574912 1953525134 1951950223 930,8G Linux LVM
The EFI partition will be formatted with FAT32
mkfs.fat -F32 /dev/sdc1
and mounted at
/boot partition is formatted as ext2 or whatever file system you
prefer. And the last partition is encrypted with
becomes the base for the main volume group. This is already described
Install Ubuntu with encrypted LVM and multiple logical volumes
The main difference to a legacy BIOS booting system is the package
grub-efi instead of
apt-get install grub-efi linux-image-generic
This takes care of all the EFI stuff. Installing Grub is done with
grub-install --target=x86_64-efi /dev/sdc
and creating the initial Grub menu
grub-mkconfig -o /boot/grub/grub.cfg
That’s it for the EFI part. To be of any use, you need to install a Linux system, of course.