They offer different flash templates with latest features.

Forgot password
Written by:
Score: 12
votes: 20
Format: Article

 Full Disk Encryption easy HOWTO

Easy Full System Encryption with Linux Mint (Howto)

The following HOWTO is an easy to use automated script to install a fully encrypted Linux Mint using LVM and cryptsetup. This works for new installations only and you will need internet access during the installation process to download a scipt.

The script is originally made for Ubuntu but works perfect for Linux Mint 10 (Ubuntu Version).

How to use it:

  • Boot from your Linux Mint Desktop from your Installation Live DVD/CD
  • Open a terminal (press ALT+F2 and type gnome-terminal or xterm)
    type or copy & paste:
    wget "" -O "/tmp/" && chmod a+rx "/tmp/" && sudo "/tmp/"
  • Press enter, this downloads and starts the encryption script
  • Follow the instructions in the script and answer a few questions about patition sizes
  • Start the installation of Linux Mint from the DVD/CD when you're being asked
  • At the partitioning section of the installation, you will need to choose "manual partitioning" and change the mountpoints which are stated in the script. Take extra care when changing the mountpoints as any mistyping will result in a non functioning system.
  • You are being asked to change one mountpoint to the destination "/root". As Linux Mint has a slightly different setup, you will need to choose "/" instead (slash only)
  • After the installation is finished, do NOT reboot, but click "continue trying Linux Mint"
  • The script automaticaly finishes it's work (installing the bootloader)
  • DONE

Thanks to Andreas Haerter who wrote this script which can be found in source code here:


The source code of the script is dual-licensed der GPLv2 and New/3-clause BSD

Tags: system full encryption easy automatic script howto
Created: 5 years ago.
Last edited: 4 years ago.
Reviewed: 4 years ago.
Read 1698 times.

4 months ago

> Using Mint 17 you can set up a fully encrypted disk using the regular Mint install process

That's only usable if you want to shove EVERYTHING on one single partition. You want to have a separate home partition? Don't think that's possible with a Ubuntu-based distribution. I have hunted down every script, tutorial, walkthrough, etc I could find on the subject, wasted the entire day doing install after install, and NOTHING has given me a working full-disk-encryption install (I am not even interested in trying the single-partition installation, as I'd only have to re-install it again later).
1 year ago

This HOWTO refers to Mint versions below 17.
Using Mint 17 you can set up a fully encrypted disk using the regular Mint install process. („fully“ means everything except the boot partition, where no sensitive data should be stored.)
1 year ago

Made an updated version of the script:
- Removed exit 1 from the condition triggered when failing to copy resolv.conf - this shouldn't be stopping the entire install, users can deal with that later.
- Fixed line: echo "lvm_crypt UUID=$(ls -la /dev/disk/by-uuid | grep $(basename ${DEVICE_TARGET}2) | cut -d ' ' -f 10) none luks" >> /etc/crypttab

Note the cut -d ' ' -f 10 difference. Somehow the format has changed.

- Added some apt-get updates otherwise apt-get install fails.

Script sits at:
2 years ago

I was able to successfully setup an fully encrypted disk (with a SSD) on Linux Mint 13 LTS. I tried all of the directions in this posting however was never able to succeed. I then found these directions but had to modify his instructions a little in order to get it to work: see here - ( The only way I could get it to work was with the following modifications:

1) Before his very first step, I did "sudo apt-get update" to update the CD's installer.

2) At his steps - "sudo mkfs.ext2 /dev/sda1 ; sudo mkfs.ext4 /dev/mapper/system-root", I included his recommendations and specified "sudo mkfs.ext2 /dev/sda1 -m 0" and also "sudo mkfs.ext4 /dev/mapper/system-root -m 0"

3) At his steps: "Select /dev/sda1 and click the Change… button. Under Use as select Ext2 file system." I had to use Ext4. I have no idea why but it just wouldn't let me complete the setup without doing this. In addition, I also had to tick the box "format" for both newly created Ext4 partitions. Again, I was not able to complete this installation without doing this (learned the hard way after many repeated attempts).

4) At his steps: "sudo chroot /mnt", I had to run "sudo apt-get update" once again.

Aside from these modifications there are not other changes. I had to learn the hard way in figuring it all out and after dozens of attempts, these modification allowed me to successfuly establish a fully encrypted Linux Mint 13 LTS installation.
2 years ago

Hi all,

I added the apt-get update lines to the script trying to set this up on a Lenovo x1-carbon.
However, when i try to boot, i get a bios menu for boot device.
I select the hdd, and then get a black screen for 1 sec before getting kicked back to the bios to select a device.

If there is any way we can just get a Maya LTS version alternate installer, that would rule, as I'm going to have to go back to ubuntu now due to work restrictions.

If anyone does figure this out, please email me .... long live Linux Mint!
2 years ago

I am noting nowadays that to use the FDE script successfully with LM 13 there has to be an apt-get update prior to the installation of cryptsetup & lvm2 and 'again' at the end of the script when cryptsetup lvm2 are installed while in chroot. I downloaded the dropbox script and included to apt-get update functions just prior to the cryptsetup lvm2 installation functions and then did the fde installation using that script. ( the first command is 'sudo apt-get update'. The 2nd on is in chroot so you enter just 'apt-get update' into the script. There's the black screen situation still too but logging in in the blind works. Once you do the initial update of your new install and make a couple of tweaks to your /etc/default/grub you'll get a visible password prompt. Also, while logging in at the black screen remember there's a 10 second delay while the grub menu that you can't see is being displayed. Then type in your password. If you see no hard drive activity, type in your password again. I am not having any success in getting the script to work.  
3 years ago

Basically the latest version of the script seems to work with Linux Mint 14 (KDE), but after first reboot it always ends of in initramfs, because the time period for entering the password was exceeded. I don't get managed to cancel the splash screen, I think the splash screen from Mint does avaoid enetering the password successfully.

Any idea how to remove splash or extend splash screen, so it allows me to enter the password?
3 years ago

I tried these instructions to install Linux Mint 14, and while all the steps were successful, booting failed. However there's an easier way as well, directly using an updated installer:  
3 years ago

An update to my FDE and the lack of a visible login:

Once I set up my grub to show the grub menu I am presented with a login to decrypt the disk prior to grub booting up the selected install.

This works a charm for me.
3 years ago

I also have successfully installed Linux Mint 13 MATE using the tutorial above with the change to:

wget "" -O "/tmp/" && chmod a+rx "/tmp/" && sudo "/tmp/"

When I boot up all I get is a blank screen. I type my password unseen and I get a boot into my OS. Slick overall but I wish I had some sort of prompt visible to do the initial login to access the disk.

3 years ago


I have installed "LinuxMint 13 Maya (mate 32 bits)" using this tutorial. Thank you very much, it was really useful.

The link from "DAKEZ" with the modified script it doesn't work. So I have used a new one.

wget "" -O "/tmp/" && chmod a+rx "/tmp/" && sudo "/tmp/"

It works perfectly, it is a pitty that the encrypted windows doesn't have any image or you can not see the password characters.

ndabar ;-)
3 years ago

what about version 13?  
3 years ago

Taking into account antiplex and Enkidu's modifications and suggestions, I've successfully installed Linux Mint 13 with FDE on a standard BIOS based machine. The thing with Enkidu's configuration is that he requires the first two modifications for his UEFI BIOS based machine, a standard box doesn't. That being said, I made the following modifications to the script and it worked:

-Changed line 736 to "echo "lvm_crypt UUID=`blkid /dev/sda2 | sed -e 's/.*UUID="//; s/".*//'` none luks" >> /etc/crypttab". Did not modify lines 502 and 519
-Removed installer launching and instead prompts user to complete the installation themselves and then hit enter when the installer has completed.
-Removed resolv.conf copying, as it doesn't seem to work and seems unnecessary enough.
-Script now terminates instead of prompting for reboot to allow you to check your work.

Make sure that when the script prompts you to go and run the installer, you do so prior to continuing as well as ensuring that the installer knows of the proper partition mountpoints, etc. The bootloader failed to install for me when I tried using a msdos based partition table, so I left it at gpt. Thus, you do not need to add "parted --script ${TARGET} set 1 boot" into the script either.

Modified script:
3 years ago

succesfully installed linuxmint 13 cinnamon following enkidus hints with a minor correction: variable {TARGET} is now called {DEVICE_TARGET}.
furthermore the installation of the bootloader failed for me initially and the partitions created are not ideally aligned. after some fiddling i enventually got it working though...

the changes enkidu apply to the following lines in the current version of the script (as of aug 12th 2012):
1. line 502 (replace existing)
2. line 519 (insert after)
3. line 736 (replace existing)

also be careful with change #3 when using an other device as installation target than /dev/sda !

anyhow i finally reverted to a unencrypted installation since in my case i was not able to use hibernate and suspend also showed a weird behaviour plus i found out that encryption is somewhat problematic on ssd disks.

still, thanks for this tutorial and its contributers!
3 years ago

Finally I got it working on my Lenovo Thinkpad T520 (UEFI Bios) together with Linuxmint 13 (maya).

I had to change from gpt partition table to msdos. Aditionally I set boot-flag and change method of getting blockid.

1. parted --script ${TARGET} mklabel msdos
2. parted --script ${TARGET} set 1 boot
3. echo "lvm_crypt UUID=`blkid /dev/sda2 | sed -e 's/.*UUID="//; s/".*//'` none luks" >> /etc/crypttab

After these few changes everything worked like a charm.

3 years ago

Worked great for me Linux Mint 12 / 80GB disk drive  
3 years ago

Well... I tried it, installation works fine. But my BIOS does not detect any bootable media after installation. I did all the steps and the script finished with no error. A am also able to access all content. But booting is not possible (trying Mint 12 x64 on my Lenovo Thinkpad T520).

Any idea how I can fix it?

... and maybe some wants to support my idea: :)
3 years ago

OMG!!! This was totally amazing and easy!!! The only hitch that got me was the blinking cursor after reboot, thought the system had crashed or didn't go in properly, but I tried my encrypt pw and a minute later I had my desktop!!! Thanks so much!! Works great with Mint 11 x64!  
3 years ago

hi, i tried it in virtualbox, did not work (installer crashed). you can do it manually, which works well - follow this step-by-step howto, it's very detailed and easy:

two comments:
1. there's a typo in the commands starting with 'mount -o bind ...', replace /mnt/chroot/ with /mnt/mint/
2. you can skip the "modify grub" part

good luck
3 years ago

Hi Scott. Does this script work with Linux Mint 12?  

Other tutorials from scott36

No other tutorials.