Install Ubuntu with custom encrypted root and swap partitions

I want to install Ubuntu 22.04 LTS with a custom partitioning setup, including an encrypted root partition and a swap partition of 8 GiB. The default Ubuntu installer doesn't allow me to set a custom swap size. What can I do to achieve this?

Currently, the Ubuntu installer cannot do this. You will need to prepare the partitions in the terminal and then proceed with the installation.

After completing this tutorial, the result of the lsblk should look something like this:

NAME                MAJ:MIN RM   SIZE RO TYPE  MOUNTPOINTS
sda                   8:0    0 238.5G  0 disk  
├─sda1                8:1    0   512M  0 part  /boot/efi
├─sda2                8:2    0     1G  0 part  /boot
└─sda3                8:3    0   237G  0 part  
  └─crypt           252:0    0   237G  0 crypt 
    ├─vgubuntu-root 252:1    0   221G  0 lvm   /
    └─vgubuntu-swap 252:2    0    16G  0 lvm   [SWAP]

Installation steps

Important: Before proceeding, please note that these steps will FORMAT your drive. Make sure you have backed up any important data on the drive.

1. Boot into live USB, click "Try Ubuntu".

2. Identify your drive, where you want to install Ubuntu. Use gparted, fdisk or lsblk. I'm going to assume in this answer that it's /dev/sda, but make sure you use correct path for your system.

3. Inside terminal, enter sudo su, so you don't have to type sudo before every command.

4. Wipe the drive and create new GPT partition table.

   wipefs -a /dev/sda
   parted /dev/sda mklabel gpt
   

5. Create a new bootable partition /boot/efi with a size of 512 MiB, starting from 1 MiB.

   parted /dev/sda mkpart ESP fat32 1MiB 513MiB
   parted /dev/sda set 1 esp on
   mkfs.fat -F32 /dev/sda1
   

6. Create a new partition for /boot with a size of 1024 MiB. While the exact size isn't critical, if you decide to change it, ensure that the starting and ending points of the partition are correctly aligned.

   parted /dev/sda mkpart primary ext4 513MiB 1537MiB
   mkfs.ext4 /dev/sda2
   

7. Create a main partition using the remaining unallocated space on the drive.

   parted /dev/sda mkpart primary ext4 1537MiB 100%
   

   Format the main partition with LUKS encryption. If your drive supports it, you can set the sector size to 4096 for improved performance (check using hdparm -I /dev/sda | grep "Sector size").

   cryptsetup luksFormat --sector-size=4096 /dev/sda3
   

8. Create an LVM on the main partition. You can choose any name you prefer instead of crypt, but make sure to update the path in the following steps accordingly.

   cryptsetup open /dev/sda3 crypt
   pvcreate /dev/mapper/crypt
   vgcreate vgubuntu /dev/mapper/crypt
   

9. Now, create your root partition and swap if desired. I prefer to place the swap partition at the end of the disk.

   Firstly create root partition to fill the entire available space, then reduce its size to allocate space for the swap partition.

    lvcreate -l 100%FREE -n root vgubuntu
    mkfs.ext4 /dev/vgubuntu/root
   

   Then, shrink its size to make space for the swap partition.

    lvresize --resizefs -L -8G /dev/vgubuntu/root
    lvcreate -L 8G -n swap vgubuntu
    mkswap /dev/vgubuntu/swap
   

10. If you've made it this far without any issues, you can now run the following commands to grant access to the installer:

    vgscan --mknodes
    vgchange -ay
    swapoff -a
    

11. Now, you can run the installer. When asked Installation type, choose Something else option. You will have to set mount points for partitions you created. Do not format /dev/sda3, because if you will, you will have to start over.

    • /dev/sda1 -> /boot/efi (type: efi, device for boot loader installation)
    • /dev/sda2 -> /boot (type: ext4, format: yes)
    • /dev/vgubuntu/root -> / (type: ext4, format: yes)

    This is how it should look like:

    

12. After install is completed, you will have to set UUID of your main partition, so your system will recognize it.

    mount /dev/vgubuntu/root /mnt
    mount /dev/sda2 /mnt/boot
    mount /dev/sda1 /mnt/boot/efi
    mount --bind /dev /mnt/dev
    mount --bind /proc /mnt/proc
    mount --bind /sys /mnt/sys
    chroot /mnt
    

    Inside chroot register partition UUID and update initramfs.

    echo "crypt UUID=$(blkid -s UUID -o value /dev/sda3) none luks,discard" | tee -a /etc/crypttab
    update-initramfs -u
    exit
    

    If everything worked without errors, then you're all set.

    umount -R /mnt
    sudo reboot