howto install ubuntu [bt5R3] with full disk encryption

first we need a usb stick with the system we want to install.
how to do this can be found here: howto live install

boot from the stick you just created. welcome to your new live system. type startx to get into a graphical envoirment, so far so good.
now we need to clean our disk we want to write our system to. this will enhance the strength of our encryption.
you can download a script , which will help you with that, or simply use the following instructions.

cd && mkdir -p usbuhuu && cd usbuhuu && wget -O usbuhuu.zip http://santa.fnord.cx/holy/_media/santa:usbuhuu.zip && unzip usbuhuu.zip && mv -fv usbuhuu.sh ~ && cd && rm -fvr usbuhuu && echo -e "alias usbuhuu='~/usbuhuu.sh'" >> .bashrc && ./usbuhuu.sh

take a look at this howto if you need help : usb_cleaning

to get online simply use wicd

wicd-client

there will appear an icon at the taskbar

now we need to install some more stuff

apt-get install hashalot lvm2 mplayer

this is optional, and will load a nice stream to smoother your installing :) you will have to open a new shell or tab for it.
this has nothing to do with the sound of your system!

mplayer http://ice.somafm.com/missioncontrol

Depending on what distro you are using, you may have to load a kernel module. It doesn't hurt anything if it is already loaded.

modprobe aes-i586
modprobe sha512

or if you want other cyphers ….

modprobe twofish
modprobe serpent

see if all is loaded, and list your encryption possibilities with

cat /proc/crypto | grep name

in this case the harddrive is sda, it may very from case to case. to find zour harddrive, you can do:

cat /proc/partitions

the first partition [sda1] should be around 100MB for our boot section, the second partition [sda2] will use a little less than half of what is left.this is where our system will be running on, and the third partition [sda3] will be used for personal or backupdata.

create partitions using fdisk

fdisk /dev/sda

use d to delete partitions, n to make new ones, and don't forget to set the bootflag with a.
with p you can take a look at the actual table. the final result should look similar to this:

   Device Boot      Start         End      Blocks   Id  System
/dev/sda1   *           1          14      112423+  83  Linux
/dev/sda2              15        6080    48725145   83  Linux
/dev/sda3            6081       12161    48845632+  83  Linux

and finally format the boot partition

mkfs.ext4 /dev/sda1 -L boot

now we do the actual encryption on our second partition.
NOTE : choose a STRONG passphrase !!! It's pointless to go through all this trouble to encrypt everything and then choose a weak password.

cryptsetup -y -i 2351 --cipher twofish-cbc-plain:sha512 --key-size 256 -T 4 luksFormat /dev/sda2

first we open our crypto container

cryptsetup luksOpen /dev/sda2 santa

then we create our physical volume

pvcreate /dev/mapper/santa -v

and our volume group

vgcreate r.evolution /dev/mapper/santa -v

our logical volumes (here the root volume is 42gb - your size may be diffrent)

lvcreate -L 42G r.evolution -n root -v
lvcreate -l 100%FREE r.evolution -n swap -v

and finally format root and swap

mkfs.ext4 /dev/mapper/r.evolution-root
mkswap /dev/mapper/r.evolution-swap

now we click the “install backtrack” file on our desktop, and follow the steps: (in my case this worked only with an persistant usb)

1. select your language
2. select your country
3. select your keyboard (you can guess it)
4. then we come to the partitions, where we select manually
   1. make your boot mountpoint /dev/sda1
   2. make root your /dev/mapper/r.evolution-root
   3. make swap your /dev/r.evolution/swap
5. and finish the installation

now we chroot into our newly installed system

mkdir /mnt/revolution
mount /dev/mapper/r.evolution-root /mnt/revolution
mount /dev/sda1 /mnt/revolution/boot
chroot /mnt/revolution
mount -t proc proc /proc
mount -t sysfs sys /sys

update the system

apt-get update
apt-get install hashalot lvm2

get some uuid

blkid /dev/sda1

open the crypt- & fstab

vim /etc/crypttab

and add

# <target device>   <source device>   <key file>   <options>
santa      /dev/disk/by-uuid/b049f4d0-YOUR-UUID-HERE-6f4ef9a0e526    none         luks

vim /etc/fstab

# /etc/fstab: static file system information.
#
# <file system> <mount point>   <type>  <options>       <dump>  <pass>
proc            /proc           proc    defaults        0       0
# we want this next line
/dev/mapper/r.evolution / ext4 errors=remount-ro 0       1
# we do not want this next line so add a # to the begining of it
# UUID=c8d9b9a0-23451-2351-39259df6a2c2 / ext4 relatime,errors=remount-ro 0 1
# /dev/sdb1 UUID=ab4cc15b-YOUR-UUID-HERE-17c8f2be84c9 /boot   ext4    relatime 0       2

and update the initframfs

update-initramfs -u

apt-get update
apt-get install hashalot lvm2
blkid /dev/sda2
# replace /dev/sda2 with your encrypted partition and copy blkid UUID to a text file
cryptsetup luksOpen /dev/sda2 revolution # replace sda2 with your encrypted partition
mkdir /mnt/revolution
mount /dev/mapper/r.evolution /mnt/revolution
mount /dev/[boot partition] /mnt/revolution/boot
chroot /mnt/revolution
mount -t proc proc /proc
mount -t sysfs sys /sys