When installing Linux on our computer, the first thing we must take into account is our environment. If the only person who has access to the computer is us, it really isn’t worth encrypting the hard drive. But, if the circumstances change or our computer is in a shared space, encrypting the hard drive is the best method to protect access to all the information inside it.
There is also the possibility of losing our equipment, especially if it is a laptop or it is stolen. If we have not encrypted the hard drive, anyone with the appropriate knowledge will be able to access all the content inside it without any type of restriction.
But, if it is encrypted, the chances of an intruder accessing its content are reduced to a minimum, although, as I always say, there is no operating system or protection method that is 100% secure.
Encrypt hard drive in Linux: pros and cons
The first point in favor that we find if we encrypt the hard drive is that absolutely no one will be able to access its content if it falls into the hands of others. Without the encryption password, accessing the information stored inside it is virtually impossible.
But, at the same time, it poses a problem when trying to recover the data in case you forget the access code or the hard drive begins to malfunction until it reaches a point where it is impossible for us to access it. The encryption of a hard drive can only be unlocked from the system itself.
If the hard drive stops working and we try to recover the data using third-party applications, we will hit an insurmountable wall. The solution to this problem is to use a cloud storage platform that allows us to synchronize all the files that we create or modify instantly, thus avoiding the need to make backup copies, although this is another option.
However, unless you get into the habit of making a backup on a regular basis (something that very few users do), they are of little use if, all of a sudden, your hard drive stops working.
On older computers, encrypting the hard drive is synonymous with performance problems, problems that always manifest themselves in the long run, as the number of files stored increases. On newer computers, Linux encryption hardly affects computer performance.
During the installation
The best method to correctly encrypt a Linux hard drive is to carry out this process during the installation, so the first thing we must do is make a backup copy of all the files that we want to keep in order to copy them again once the installation has finished. .
Next, we proceed to download the version of Linux that we are going to install, we create an installation medium (USB, DVD, CD…) with which we will start our computer to carry out the installation and we modify the BIOS so that the computer starts with the program of installation. When starting the computer, we select Try or Install Ubuntu .
One has started the system, on the welcome screen we select Spanish and click on the Install Ubuntu button. The next option invites us to select the language of the distribution that we are going to install along with the keyboard layout.
In the next window, the distribution invites us to select what type of installation we want: normal (with all the add-ons) or minimal , with the basic and necessary applications to function correctly.
Now we must select the unit where we want to install the Linux distro. If we have a hard disk where we are going to install it and we do not plan to create partitions, we select Erase disk and install Ubuntu and then Advanced features.
Within the advanced functionalities, we select Use LVM in the Ubuntu installation and check the box Encrypt the Ubuntu installation for security.
Next, we need to type the security key that will unlock the encryption on our device. It is recommended to check the Activate the recovery key box, a key that will be stored in the system and will allow us to know the encryption password that we have used.
Finally, click on Install and wait for the process to finish. Once it has finished and we run the copy of Ubuntu that we have installed for the first time, before loading the graphical interface, it will ask us for the encryption key.
Create a new encrypted partition
If the idea of reinstalling Linux does not cross your mind, the quickest and easiest solution is to create a new partition from the system, a partition that we will encrypt at the time of formatting it.
Encrypting a Linux partition is associated with losing all the content that we have stored inside it, so the first thing we must do is make a safe backup.
To create an encrypted partition in Linux we are going to use the Disks application included in the system . When you open the app, all available drives on your computer will be displayed in the left section.
We select the drive where we want to create the partition, at the bottom we click on the gear wheel selecting the format partition option.
Next, we enter a name for the partition to be able to identify it and in the Type section, we check the Internal disk boxes to be used only with Linux Systems (Ext4) and Luks password-protected volume.
When clicking on next, the application will invite us to create a password that protects access to that partition and click on the Next button.
If we try to access that partition, the system will invite us to enter the password if we want to access the data.
From the command line with Luks
Another option available in Linux to encrypt partitions and hard drives in Linux is to use the command line. The process is the same as through the Discos application of the graphic distribution that we have installed, but writing all the commands from terminal.
Luks is the most widely used tool for encrypting Linux hard drives from the command line as it is available in most Linux distributions so there is no need to download additional software.
If you have not previously encrypted any other system partition with the Disks application or during the installation process, the first thing we must do is install it on our computer with the command:
sudo apt install crypsetup
Next, we must create a new partition on the computer, a partition that will be encrypted in the formatting process using Luks. If you want to use an existing partition, you must first delete it and recreate it.
To format the new partition using Luks we must write the following command
sudo cryptsetup luksFormat /dev/sda1
If the partition that we are going to format does not correspond to the main hard drive (in this case sda1), we must replace it with the one that corresponds.
We must confirm the process by typing YES and enter the password that we want to use to encrypt the new partition that we have created.
Once the process has finished, every time we want to access the encrypted partition or drive, it will be necessary to enter the password that we have established.
Other programs to encrypt the hard drive in Linux
In addition to Luks, we can also use other programs to encrypt Linux hard drives or partitions. However, they are not available natively, so we will be forced to download them.
VeraCrypt requires its own application in order to access encrypted partitions . This is an inconvenience that we will not find in Luks as it is integrated into most Linux such as Ubuntu, Debian and others.
With AES Crypt, we can not only encrypt partitions using AES encryption, but also independently encrypt files . Of course, to be able to access its content, as with Vera Crypt, it is necessary to use the application.
AES Crypt is available for both the Linux GUI and the command line, in 32-bit and 64-bit versions. Furthermore, it is also available for Windows, Android, macOS, OS X and iOS/iPadOS. You can download this software from its website by clicking on the following link to its website .