4

I have Windows 8.1 already in UEFI mode. I was installing Ubuntu 15.10 from within Live install. Installation was successful when I kept /boot unencrypted. Here is the scheme:

sda1 400MB Reserved
sda2 100MB EFI
sda3 ~100MB Microsoft Reserved
sda4 120GB Windows OS
sda5 50GB LVM with luks

(tried with no seperate /boot, i.e. it being in /)

  bootvol 512MB
  rootvol 15GB
  swapvol 4GB
  homevol rest of it

Problem comes when installer tries to install grub. When I set up bootloader installation to default /dev/dm-0, it says "failure to install grub".

When I install it to EFI partition, it says Grub won't be able to boot bla bla and exits midway of installation. When I do it to /dev/sda, it says same like that of EFI.

Ayan
  • 3,029
hoveringfalcon
  • 41

1 Answers1

2

Why would you want to encrypt /boot?

Just keep it unencrypted. There is nothing in this directory (partition) that you'd need to keep private in any scenario.

It's standard practice for full-disk encryption on Linux to have a fully encrypted LVM plus an unencrypted boot partition. If an attacker is in a position to tamper with the contents of /boot, they already have direct access to your computer. Meaning that you can pretty much consider the device compromised anyway (if that's your paranoia mode). There's nothing an OS can do to help in this scenario. If that's your threat profile, you'll have to take additional (physical) steps to secure your data. If not, then just keep /boot as it is.

user534159
  • 382