dell-mario l
1 Nickel

Re: XPS 13 9370 Ubuntu full disk encryption

So regarding the current workaround that lets FDE work, can someone who has applied it show what apt autoremove shows?  Don't actually hit "yes" to remove it given the issue that was reported that it removes packages that are needed.

 

Hopefully it's obvious which package is marked incorrectly and then it's as simple as running

apt install $package

and it is no longer marked as auto-removable.

0 Kudos
Christophe14
2 Bronze

Re: XPS 13 9370 Ubuntu full disk encryption

Hi @dell-mario l,

When I am posting the full log, the following error is now returned:

"This reply was marked as spam and has been removed. If you believe this is an error, submit an abuse report."

So, I am posting part 1 (in French):

$ sudo apt-get autoremove

[sudo] Mot de passe de xxx :
Lecture des listes de paquets... Fait
Construction de l'arbre des dépendances
Lecture des informations d'état... Fait
Les paquets suivants seront ENLEVÉS :
apt-clone archdetect-deb btrfs-tools cryptsetup cryptsetup-bin dmeventd
dmraid gir1.2-timezonemap-1.0 gir1.2-xkl-1.0 kpartx kpartx-boot
libdebian-installer4 libdevmapper-event1.02.1 libdmraid1.0.0.rc16
libido3-0.1-0 liblvm2app2.2 liblvm2cmd2.02 libreadline5 libtimezonemap-data
libtimezonemap1 linux-oem-headers-4.15.0-1006 lvm2 python3-icu python3-pamrdate
0 mis à jour, 0 nouvellement installés, 25 à enlever et 4 non mis à jour.
Après cette opération, 93,7 Mo d'espace disque seront libérés.

0 Kudos
dell-mario l
1 Nickel

Re: XPS 13 9370 Ubuntu full disk encryption

Thanks for sharing.  Looking at that list I would expect it's caused by three of those packages.

 

If you can please run the following command, I would expect that you would have no more problems with autoremove after:

# apt install cryptsetup cryptsetup-bin lvm2

0 Kudos
Christophe14
2 Bronze

Re: XPS 13 9370 Ubuntu full disk encryption

Hi @dell-mario l

I will back up the whole system with CloneZilla before testing and I will do this during this weekend.

In a previous message you mentioned apt install $package.

So is it apt install cryptsetup cryptsetup-bin lvm2 or or apt install $cryptsetup $cryptsetup-bin $lvm2 ?

0 Kudos
dell-mario l
1 Nickel

Re: XPS 13 9370 Ubuntu full disk encryption

The former.

apt install cryptsetup cryptsetup-bin lvm2

0 Kudos
Christophe14
2 Bronze

Re: XPS 13 9370 Ubuntu full disk encryption

Hi,

I have executed the following sequence and I confirm it worked :

sudo apt install cryptsetup cryptsetup-bin lvm2

reboot laptop

sudo apt-get autoremove

reboot laptop

Thanks @dell-mario l !

0 Kudos
Highlighted
michaelzap
1 Nickel

Re: XPS 13 9370 Ubuntu full disk encryption

It took me a bit longer than I planned to do this on my XPS (busy time at work, plus I realized that before I reinstalled from scratch I might want to try out XFCE on this machine for a while). But yesterday I made the new USB installation image and today I went ahead and reinstalled Ubuntu with FDE. The process was straightforward and quick, so I definitely encourage others to do it also.

I have only one bit of advice for people planning to do this: If possible, do this as soon as you receive your new laptop (before you install or configure anything, copy files, etc.). By far the majority of the time that I spent finishing this off today was setting up my system the way that I wanted it again and copying all of my files back over. This is partly because I did not make an image of my system and restore it (instead I just used grsync to copy my home directory to an external drive, since I thought that would allow my to avoid any cruft in the new system). But nevertheless it's a seamless experience if you encrypt and reinstall first and then set everything up. It works either way, but you save some time and effort if you start with FDE. Plus you won't be tempted to wipe all of the blank space when encrypting your drive (which takes much longer), since you will never have had any of your own data on it.

These are the steps as I followed them (based on steps that others posted here):

  1. Download dell-recovery_1.60_all.deb
  2. Mount the recovery partition of your internal SSD disk (e.g., sudo mount /dev/nvme0n1p2 /mnt/ )
  3. Copy the downloaded deb file into the /debs/main folder of the mounted recovery partition (e.g., sudo cp dell-recovery_1.60_all.deb /mnt/debs/main/ )
  4. Unmount the recovery SSD partition (e.g., sudo umount /mnt/ )
  5. Create a new ISO recovery image using the pre-installed Dell recovery tool (save the image to Downloads)
  6. Insert a blank USB flash drive and create a bootable recovery key using the Ubuntu "Startup Disk Creator"
  7. Back up everything that you need from this system, either by creating a backup image or copying your home directory and a list of all the software that you have installed somewhere else.
  8. Reboot your computer, press F12 to show the startup menu, and select the USB key to boot in UEFI mode.
  9. At the beginning of the setup, there should be two options: "Restore Entire HD" and "Restore Only Linux" choose the second ("Restore Only Linux").
  10. Choose "Erase Disk and Install Ubuntu" and mark "Encrypt the new Ubuntu", this will auto-mark also the LVM option.
  11. When asked for an encryption password, pick any password (some users with non-QWERTY keyboards have reported issues, so watch out for this!).
  12. Save the USB recovery key to a safe place in case you want to do this again.
  13. Run sudo apt-get update && sudo apt-get upgrade.
  14. Then run sudo apt install cryptsetup cryptsetup-bin lvm2 to be sure that these FDE libraries are not removed (without them, your system will be unbootable).
  15. Then you can safely run sudo apt autoremove to clean up leftovers.
  16. Install software and restore your files.

For reference, I completed steps 8-15 in less than an hour this morning, but the last step took me about three hours. YMMV.

Hopefully future systems can be shipped with these packages in the standard recovery partition and include instructions for how to do this (which would be a whole lot easier than modifying the encryption method so that users can choose what they want when they receive their systems, although of course that would be ideal).

Thanks very much to the Dell devs who made this possible and to the community members who tested and debugged this!

dell-mario l
1 Nickel

Re: XPS 13 9370 Ubuntu full disk encryption

FYI, there is a fix in dell-recovery 1.61 on Github that should prevent the automatic removal from happening.

https://github.com/dell/dell-recovery/releases/tag/1.61

 

0 Kudos
michaelzap
1 Nickel

Re: XPS 13 9370 Ubuntu full disk encryption

Thanks!

So perhaps all that needs to be done for now is to have a KB article on Dell.com about how to reinstall Ubuntu with FDE (and ideally to ship these packages with future systems, but that may not be as quick to implement). Oh and I guess I don't know the status of how non-QWERTY keyboards might behave when setting the password. So that may require a warning and/or more testing.

If you do a KB article, one thing that I always try to remember to mention to anyone who is doing this type of encryption is that no one can help them if they forget their FDE password, so they should make sure that won't happen.

0 Kudos
dell-mario l
1 Nickel

Re: XPS 13 9370 Ubuntu full disk encryption

I agree that a KB article would be useful soon.  Before checking how to make that happen, I would like someone to be able to comment if this QWERTY issue is "real".  I suspect it's related to setting up the passphrase in the installer before the keyboard locale was selected.  (OEM installs don't do that until the OEM config out of box pages).

This means that the installer might still need modification to unset preseeds and show the keyboard locale selection page to correct it.

0 Kudos