michaelzap's Posts

michaelzap's Posts

Thanks! So perhaps all that needs to be done for now is to have a KB article on Dell.com about how to reinstall Ubuntu with FDE (and ideally to ship these packages with future systems, but that may ... See more...
Thanks! So perhaps all that needs to be done for now is to have a KB article on Dell.com about how to reinstall Ubuntu with FDE (and ideally to ship these packages with future systems, but that may not be as quick to implement). Oh and I guess I don't know the status of how non-QWERTY keyboards might behave when setting the password. So that may require a warning and/or more testing. If you do a KB article, one thing that I always try to remember to mention to anyone who is doing this type of encryption is that no one can help them if they forget their FDE password, so they should make sure that won't happen.
It took me a bit longer than I planned to do this on my XPS (busy time at work, plus I realized that before I reinstalled from scratch I might want to try out XFCE on this machine for a while). But y... See more...
It took me a bit longer than I planned to do this on my XPS (busy time at work, plus I realized that before I reinstalled from scratch I might want to try out XFCE on this machine for a while). But yesterday I made the new USB installation image and today I went ahead and reinstalled Ubuntu with FDE. The process was straightforward and quick, so I definitely encourage others to do it also. I have only one bit of advice for people planning to do this: If possible, do this as soon as you receive your new laptop (before you install or configure anything, copy files, etc.). By far the majority of the time that I spent finishing this off today was setting up my system the way that I wanted it again and copying all of my files back over. This is partly because I did not make an image of my system and restore it (instead I just used grsync to copy my home directory to an external drive, since I thought that would allow my to avoid any cruft in the new system). But nevertheless it's a seamless experience if you encrypt and reinstall first and then set everything up. It works either way, but you save some time and effort if you start with FDE. Plus you won't be tempted to wipe all of the blank space when encrypting your drive (which takes much longer), since you will never have had any of your own data on it. These are the steps as I followed them (based on steps that others posted here): Download dell-recovery_1.60_all.deb Mount the recovery partition of your internal SSD disk (e.g., sudo mount /dev/nvme0n1p2 /mnt/ ) Copy the downloaded deb file into the /debs/main folder of the mounted recovery partition (e.g., sudo cp dell-recovery_1.60_all.deb /mnt/debs/main/ ) Unmount the recovery SSD partition (e.g., sudo umount /mnt/ ) Create a new ISO recovery image using the pre-installed Dell recovery tool (save the image to Downloads) Insert a blank USB flash drive and create a bootable recovery key using the Ubuntu "Startup Disk Creator" Back up everything that you need from this system, either by creating a backup image or copying your home directory and a list of all the software that you have installed somewhere else. Reboot your computer, press F12 to show the startup menu, and select the USB key to boot in UEFI mode. At the beginning of the setup, there should be two options: "Restore Entire HD" and "Restore Only Linux" choose the second ("Restore Only Linux"). Choose "Erase Disk and Install Ubuntu" and mark "Encrypt the new Ubuntu", this will auto-mark also the LVM option. When asked for an encryption password, pick any password (some users with non-QWERTY keyboards have reported issues, so watch out for this!). Save the USB recovery key to a safe place in case you want to do this again. Run sudo apt-get update && sudo apt-get upgrade. Then run sudo apt install cryptsetup cryptsetup-bin lvm2 to be sure that these FDE libraries are not removed (without them, your system will be unbootable). Then you can safely run sudo apt autoremove to clean up leftovers. Install software and restore your files. For reference, I completed steps 8-15 in less than an hour this morning, but the last step took me about three hours. YMMV. Hopefully future systems can be shipped with these packages in the standard recovery partition and include instructions for how to do this (which would be a whole lot easier than modifying the encryption method so that users can choose what they want when they receive their systems, although of course that would be ideal). Thanks very much to the Dell devs who made this possible and to the community members who tested and debugged this!
Indeed. It's really a shame that this is not possible with Dell's official installation media. I can imagine that it might complicate support requests occasionally, but it would also be a huge sellin... See more...
Indeed. It's really a shame that this is not possible with Dell's official installation media. I can imagine that it might complicate support requests occasionally, but it would also be a huge selling point for many security-minded customers. I need to decide what to do to to resolve this on my system, since I definitely don't plan to travel again without FDE. I don't think that home directory encryption is an acceptable substitute really, so I'm going to strike that option from my list. I'm a long-time Linux user and fairly technical, and I'd be happy to write up a tutorial for others (like the steps that you've worked through so far), and if it turns out that the only reliable solution is to do a fresh installation, I'd probably switch to Mint and write up the steps for doing that instead. I hope that I can get FDE working with the official Dell Gnome installation. A lot of effort seems to have been put into getting everything working smoothly and I like the idea of participating in Sputnik. So I'll probably try to back up everything, reformat with FDE, and then restore it all first and see how that goes (and if it can be done that way, then I'll post steps for that). One way or another, we'll get over this bump!
I very much appreciate all of the effort that folks in this thread have put into trying to get FDE to work. It still seems as if the process is a bit buggy and complex, and I definitely don't want to... See more...
I very much appreciate all of the effort that folks in this thread have put into trying to get FDE to work. It still seems as if the process is a bit buggy and complex, and I definitely don't want to run the risk of an autoremove completely locking me out. I have been using LUKS encryption on my previous XPS (which was originally a Windows machine) for years, and this is one feature that I don't really consider optional. Given that I really need my XPS to be stable and I also want FDE, I'm considering: Backing up my system and trying the steps listed here, although the fact that they don't seem to produce a 100% stable system is worrisome. Updating to 18.10 and trying to get home directory encryption to work there (which also seems dicey). Wiping everything and installing Mint 19 with FDE and trying to use the Dell-specific drivers with that (is there a tutorial for using Dell drivers in Mint?). I have enjoyed vanilla Gnome Ubuntu for the last few weeks on my new XPS, but I've been a happy and productive Mint MATE user on my old XPS for years and wouldn't mind switching back to that (or perhaps a different DE) as long as I won't lose Dell driver support. Suggestions?