=====Ubuntu 18 Bionic Beaver LTS on removable SSD===== //With Secure Boot and rootfs LUKS encryption// **Notes:** * Was not able to install /boot on the encrypted partition. The signed grub loader doesn't seem to have all required modules signed. So I've installed /boot onto the ESP partition. ====Install required packages==== * Install debootstrap:apt install debootstrap ====Perpare SSD==== * First unmount (auto)mounted partitions. * Partition the SSD. Start at sector 65535, for correct alignment of my SSD drive. Create a 512MiB UEFI ESP and 32GiB partition for Ubuntu.

parted --script /dev/sdX              \
    mklabel gpt                       \
    mkpart ESP fat32 65535s 1114095s  \
    toggle 1 boot                     \
    mkpart Ubuntu 1179630s 68287470s

* Format the ESP:mkfs.fat -F32 -n ESP /dev/sdX1 * Create an encrypted partiton for Ubuntu:

cryptsetup luksFormat /dev/sdX2
cryptsetup open /dev/sdX2 cryptroot
mkfs.ext4 /dev/mapper/cryptroot

====Install Ubuntu 18 Bionic Beaver LTS==== * Mount root partition:mount /dev/mapper/cryptroot /mnt * Mount ESP as /boot:

mkdir -p /mnt/boot
mount /dev/sdX1 /mnt/boot

* Install Ubuntu.debootstrap --arch amd64 bionic /mnt http://mirror.transip.net/ubuntu/ubuntu * Enter chroot:

mount -t proc none /mnt/proc
mount -t sysfs none /mnt/sys
mount -o bind /dev /mnt/dev
cp -L /etc/resolv.conf /mnt/etc

XTERM=xterm-color LANG=en_US.UTF-8 PATH="$PATH:/bin:/sbin:/usr/sbin" chroot /mnt bash
export PS1="\e[0;31m\u@CHROOT:\w# \e[m"

* Create new user:

useradd -d /home/user -G sudo -m -s /bin/bash user
passwd user

* Configure locales and timezone:dpkg-reconfigure locales tzdata * Add root and boot filesystem to /etc/fstab:


# Lookup UUID's:
#     blkid /dev/sdb1    # ESP
#     lsblk -f /dev/sdb2    # run from outside chroot, this is the UUID of the / ext4 partition, not LUKS!

/etc/fstab
UUID= /               ext4    errors=remount-ro 0       1
UUID=             /boot           vfat    defaults          0       2

* Update apt repository sources:

cat > /etc/apt/sources.list <
  * Update packages:apt update
apt upgrade
  * Install required packages. **Don't select a disk to install grub onto! Continue without installing grub.**apt install linux-image-generic efibootmgr grub-efi-amd64-signed cryptsetup initramfs-tools shim-signed
  * Configure crypttab:# Lookup UUID with blkid
#    blkid /dev/sdb2

echo "cryptroot UUID= none luks" >> /etc/crypttab
  * Configure grub:cat >> /etc/default/grub <
  * Configure initramfs:sed -i '/^#CRYPTSETUP=/c\CRYPTSETUP=y' /etc/cryptsetup-initramfs/conf-hook

echo RESUME=none > /etc/initramfs-tools/conf.d/resume

update-initramfs -k all -u

  * Install and configure grub:grub-install --uefi-secure-boot --target=x86_64-efi --boot-directory=/boot --efi-directory=/boot --recheck --no-nvram

update-grub

  * Install the default desktop:apt install ubuntu-desktop
  * Exit the chroot and test your new installation:exit
cd
umount /mnt/boot
umount /mnt/proc
umount /mnt/sys
umount /mnt/dev
umount /mnt
cryptsetup close /dev/mapper/cryptroot




{{tag>[hardware Ubuntu linux ssd]}}