Linux GUI full disk encryption including /boot


im using Windows OS and i wish to switch to Linux with GUI, i dont have any distribution in mind (i know Ubuntu has huge community, so maybe xubuntu). Before i do the Win/Linux switch, i want to ask for a link to tutorial or advice regarding HDD encryption.

Im looking for quick & secure way to encrypt whole filesystem (including /boot) so i have peace of mind that nobody will read any data. I also want easy of use, im linux noob in command line so i prefer GUI tool. Can you please give an advice on solution?

How about this:

Manual full disk encryption setup guide for Ubuntu 13.10 & Linux Mint 16
(should still apply to [XLK]Ubuntu 14.04 / Mint 17 / Peppermint 5)

Page 1
Page 2


According to this:

the 14.04 installer offers encryption as part of the installation routine.

Thank You, as per this article i have an impression that all disk encryptions (including yours linked) where /boot stays unencrypted & stored at same computer is vulnerable. So any way how to bypass that mentioned hack and still not carrying an removable device with /boot partition please?

There is no way (with any OS) to fully encrypt a whole disk against someone with local access and still have it bootable (and that article explains why), but then why encrypt everything anyway … an encrypted home and swap partitions should be enough (who cares if they can access the system files as long as your home partition with your docs are encrypted and require a password to access), with enough work they’ll end up with a bootable OS but still can’t unlock your home.

Personally I just prefer having an encrypted folder (EncFS) that requires a password to decrypt/mount:

There’s nothing stopping you layering these things … full disk encryption, with a separate encrypted home, with an encrypted folder … but at the end of the day, ALL encryption (including carrying /boot on a USB stick) is only about making access as DIFFICULT as possible … it will never be 100% proof against a determined attacker with local access and enough time :wink: