=====Ubuntu 18 Bionic Beaver LTS on removable SSD=====
//With Secure Boot and rootfs LUKS encryption//
**Notes:**
* Was not able to install /boot on the encrypted partition. The signed grub loader doesn't seem to have all required modules signed. So I've installed /boot onto the ESP partition.
====Install required packages====
* Install debootstrap:apt install debootstrap
====Perpare SSD====
* First unmount (auto)mounted partitions.
* Partition the SSD. Start at sector 65535, for correct alignment of my SSD drive. Create a 512MiB UEFI ESP and 32GiB partition for Ubuntu.parted --script /dev/sdX \
mklabel gpt \
mkpart ESP fat32 65535s 1114095s \
toggle 1 boot \
mkpart Ubuntu 1179630s 68287470s
* Format the ESP:mkfs.fat -F32 -n ESP /dev/sdX1
* Create an encrypted partiton for Ubuntu:cryptsetup luksFormat /dev/sdX2
cryptsetup open /dev/sdX2 cryptroot
mkfs.ext4 /dev/mapper/cryptroot
====Install Ubuntu 18 Bionic Beaver LTS====
* Mount root partition:mount /dev/mapper/cryptroot /mnt
* Mount ESP as /boot:mkdir -p /mnt/boot
mount /dev/sdX1 /mnt/boot
* Install Ubuntu.debootstrap --arch amd64 bionic /mnt http://mirror.transip.net/ubuntu/ubuntu
* Enter chroot:mount -t proc none /mnt/proc
mount -t sysfs none /mnt/sys
mount -o bind /dev /mnt/dev
cp -L /etc/resolv.conf /mnt/etc
XTERM=xterm-color LANG=en_US.UTF-8 PATH="$PATH:/bin:/sbin:/usr/sbin" chroot /mnt bash
export PS1="\e[0;31m\u@CHROOT:\w# \e[m"
* Create new user:useradd -d /home/user -G sudo -m -s /bin/bash user
passwd user
* Configure locales and timezone:dpkg-reconfigure locales tzdata
* Add root and boot filesystem to /etc/fstab:
# Lookup UUID's:
# blkid /dev/sdb1 # ESP
# lsblk -f /dev/sdb2 # run from outside chroot, this is the UUID of the / ext4 partition, not LUKS!
/etc/fstab
UUID= / ext4 errors=remount-ro 0 1
UUID= /boot vfat defaults 0 2
* Update apt repository sources:cat > /etc/apt/sources.list <
* Update packages:apt update
apt upgrade
* Install required packages. **Don't select a disk to install grub onto! Continue without installing grub.**apt install linux-image-generic efibootmgr grub-efi-amd64-signed cryptsetup initramfs-tools shim-signed
* Configure crypttab:# Lookup UUID with blkid
# blkid /dev/sdb2
echo "cryptroot UUID= none luks" >> /etc/crypttab
* Configure grub:cat >> /etc/default/grub <
* Configure initramfs:sed -i '/^#CRYPTSETUP=/c\CRYPTSETUP=y' /etc/cryptsetup-initramfs/conf-hook
echo RESUME=none > /etc/initramfs-tools/conf.d/resume
update-initramfs -k all -u
* Install and configure grub:grub-install --uefi-secure-boot --target=x86_64-efi --boot-directory=/boot --efi-directory=/boot --recheck --no-nvram
update-grub
* Install the default desktop:apt install ubuntu-desktop
* Exit the chroot and test your new installation:exit
cd
umount /mnt/boot
umount /mnt/proc
umount /mnt/sys
umount /mnt/dev
umount /mnt
cryptsetup close /dev/mapper/cryptroot
{{tag>[hardware Ubuntu linux ssd]}}