The following procedure adds encryption to pre-installed Ubuntu 18.04 on Dell XPS 13 7390:
- Within a console or terminal, sudo into root.
- Create LUKS encrypted file container (20,000 Megabytes or 20GB, for example).
- Open LUKS encrypted file container.
- Format encrypted filesystem.
- Move original /home content to temporary location.
- Mount the encrypted filesystem.
- Move /home content into encrypted filesystem.
- Unmount the encrypted container, potentially flushing (writing) pending data to disk.
- Close the LUKS encrypted file container, potentially flushing (writing) pending data to disk.
- Add entry into /etc/crypttab.
- Add entry into /etc/fstab.
$ sudo su -
# dd status=progress if=/dev/zero bs=1M count=20000 of=/.hostname-home.img # cryptsetup luksFormat /.hostname-home.img
# cryptsetup luksOpen /.hostname-home.img hostname-home
# mkfs.ext4 /dev/mapper/hostname-home
# mkdir /root/home # mv /home/* /root/home/.
# mount /dev/mapper/hostname-home /home
# mv /root/home/* /home/. # rmdir /root/home
# umount /home
# cryptsetup luksClose hostname-home
# echo \ "hostname-home /.hostname-home.img - tries=0" \ >> /etc/crypttab
# echo \ "/dev/mapper/hostname-home /home ext4 defaults 0 0" \ >> /etc/fstab
I recently received my Dell XPS 13 7390 with pre-installed Ubuntu 18.04. My top concern is securing data such as private SSH keys and passwords saved by Internet browsers from the real possibility of losing my laptop to absent-mindedness or theft. My purist side insists on configuring full disk encryption by performing a fresh install from a publicly available Ubuntu download. My pragmatic side pushed me toward adopting the above procedure. Without the needed transparency from Dell on their additions to Ubuntu, it is difficult to determine whether a publicly available Ubuntu download will fully support the features of my new Dell XPS 7390. The above procedure encrypts any data writable by unprivileged users while remaining unprivileged. It introduces a basic layer of security while allowing enjoyment of a system configured by Dell.