My attempts to install 20.04 beta desktop or 18.04 LTS netinstall expert mode with full disk LUKS encryption failed.
1. Tried installing 20.04 Desktop ISO: - selected manual partitioning - created a single partition spanning the entire disk - created a volume for encryption on the partition (LUKS) - the LUKS was created, but there is no way to select the sda1_crypt volume as physical device for LVM. The option is absent from the list! So I go manually: - exit out of the installation - open a terminal, create the LVM VG and two LVs: root and swap - start the installer again, now the LVM volumes are displayed - select the root volume to be used as ext4 on / - select swap LV to be used as swap - proceed with installation normally, it finishes without errors. - on reboot, grub drops to rescue shell, unable to find the "lvm" root disk. Probably due to missing GRUB_ENABLE_CRYPTODISK=y in /etc/default/grub. 2. Tried the 18.04 LTS netinstall booted over PXE: - selected Advanced options, Expert Install - used manual partitioning to create the same "MBR->partition1->LUKS->LVM->LVs root and swap" layout as above. - installation proceeds fine until the "Install GRUB bootloader to the master boot record", where it errors: "grub-install /dev/sda failed". I try different combinations of grub options here, none work. So I'm unable to create a bootable system. I could probably make the 2nd way work if I switched to the console, found out why it errors, fixed it, and installed it manually. But that's not expected of a normal user! So now, in 2020, we have no way to install Ubuntu without unencrypted /boot. I have numerous machines that I either installed this way in the past, or manually copied over installations to hand-created LUKS and LVM, and with minor tweaks (chrooting into the copied system, adding GRUB_ENABLE_CRYPTODISK=y and tweaking fstab and crypttab) I can get them to boot fine. I can swear this used to work on 14.04 and before, so this is a regression! -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1773457 Title: Full-system encryption needs to be supported out-of-the-box including /boot and should not delete other installed systems To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/grub2/+bug/1773457/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
