Kubuntu Linux
Table of Contents
UPDATE: The Kubuntu 24.04 installer now lets you chose between ext4, xfs, and btrfs. You no longer need to follow these instructions.
If you’re looking for a Linux distribution that largely “just works” with most hardware, Ubuntu is a reasonable choice.
I’m not an entirely reasonable person, and I tend to dislike the GNOME user interface. Ubuntu has a variant called Kubuntu which installs KDE instead.
Unfortunately, the installer for Kubuntu seems to lag behind the installer for Ubuntu. It doesn’t support much in the way of disk partitioning schemes or filesystems.
This howto addresses some of those issues.
The Kubuntu installer will only use the ext4 filesystem. It offers a manual partitioning mode, but that doesn’t offer much flexibility either.
Fortunately, you can drop to a shell and make some arguably better choices.
We’ll walk though an encrypted and encrypted scenario. We’ll use the Linux Logical Volume Manager (LVM) to provide a layer of abstraction. This allows you to reconfigure your volumes later.
In general, I use XFS or sometimes btrfs. While I believe Ubuntu also supports ZFS, it doesn’t seem to be in the Kubuntu 23.10 installer. I use a lot of virtual machines, and I probably wouldn’t configure them as ZFS anyway, since my virtualization host and storage systems use ZFS.
Both XFS and btrfs support copy-on-write, which is mostly what I’m looking for that’s missing in ext4. So, we’ll use one of those.
We will mimic the default layout that the Kubuntu installer would create using either the “Guided LVM” or “Guided LVM with encryption” options. This gets you a system that boots, without ext4 as root, without too much effort.
There are a lot of other guides out there that do fancy things, this is not one of those. I would even argue if you want to get fancy, Ubuntu/Kubuntu is probably not the distribution for you.
This guide assumes you have some command line experience with Linux, disks, and partitions. Pay attention to device names and partition numbers. Your configuration may vary.
With that …
These instructions were written and tested on a virtual machine. It was configured with one 32 GB disk, using the VirtIO block drivers. This results in the disk showing up as /dev/vda. Yours could be different: /dev/sda, /dev/nvme0n1, etc.
- Boot the install CD.
- Choose “Try Kubuntu”, we want to drop to a shell first and manually partition.
- Manually partition the drive:
sudo -s
cfdisk -z /dev/vda
- Choose “gpt” for the label type.
- Create a new partition, 512M. Set the type to “EFI System”.
- Create another partition, this will be your boot partition, it can be fairly small, 512M - 2G should be fine. Leave the default partition type: “Linux filesystem”.
- Create a third partition, this will be your LVM space. Fill the disk. Set the type to “Linux LVM”.
- The result should look something like this:
- Format the EFI partition:
mkfs.fat -F 32 /dev/vda1
This step is important!
In manual partitioning mode, the Kubuntu 23.10 installer will not format the EFI partition and will throw an unrecoverable error about failing to mount /boot/efi if you don’t do this.
- Next, create your LVM volume group and logical volumes:
pvcreate /dev/vda3
vgcreate vgkubuntu /dev/vda3
lvcreate -L 2G -n swap_1 vgkubuntu
lvcreate -L 20G -n root vgkubuntu
We’re leaving some free space. If you don’t want that, specify
-l +100%FREEinstead of-L 20G.
- Launch the installer (there should be a shortcut on the desktop).
- Click through until you get to “Disk Setup”.
- Choose “Manual”. Then “Continue”.
- Scroll down a bit and you should see that it auto-detected the EFI partition.
- Click on the second partition (vda2) and then “Change…”.
- Set this to “ext4”.
- Check format.
- And set the mount point to “/boot”.
- Scroll up in the partition list, and you should see that it found
the LVM partitions.
- Click on the “swap_1” entry (if you see duplicates, choose the row that shows a size).
- Click “Change…”.
- And set this to be used as “swap area”.
- Last, find the “-root” volume, again, choose the one with a size and
click “Change…”.
- Now you can choose a file system, XFS or btrfs.
- Check the “format the partition” box and make sure the mount point is “/”.
- Last, set the boot loader device to “/dev/vda”.
- (there should not be a number at the end, you want the disk, not a partition).
If you’re instaling from a USB device, you may see additional devices and partitions.
- Click “Install Now”.
- The installer will ask you to confirm before writing changes, click “Continue”.
At this point, the install should proceed normally, succeed, and result in a booting system, without ext4 for your root filesystem.
Done!
This does NOT encrypt your boot partition. This configuration will still leave you vulnerable to attacks against your boot loader, kernel, and initramfs. But then, neither does the default encryption option in the Kubuntu installer.
This time, leave the partition type on the third partition as “Linux filesystem”.
- Boot the install CD. When prompted, choose “Try Kubuntu”, we want to drop to a shell first and manually partition.
sudo -s
cfdisk -z /dev/vda
- Choose “gpt” for the label type.
- Create a new partition, 512M. Set the type to “EFI System”.
- Create another partition, this will be your boot partition, it can be fairly small, 512M - 2G should be fine.
- Create a third partition, this will be your LUKS/LVM space. Fill the disk. Leave the type “Linux filesystem”.
- Save (Write) the partition table and quit
cfdisk. - Format the EFI partition:
mkfs.fat -F 32 /dev/vda1
- Now, setup LUKS:
cryptsetup luksFormat /dev/vda3
cryptsetup luksOpen /dev/vda3 vda3_crypt
-
A couple of notes here:
- You may want to verify that a secure key derivation function was chosen. As of 2023, Kubuntu seems to make a reasonable choice (argon2id). More here: https://dys2p.com/en/2023-05-luks-security.html
- You might want to increase the iteration time used by the key
derivation function, especially if you’re installing on slow or
older hardware. For example, specify
--iter-time=5000to iterate for 5 seconds.
-
Setup LVM, as before, but using the LUKS device instead of
/dev/vda3:
pvcreate /dev/mapper/vda3_crypt
vgcreate vgkubuntu /dev/mapper/vda3_crypt
lvcreate -L 2G -n swap_1 vgkubuntu
lvcreate -L 20G -n root vgkubuntu
If you want to fill the disk, replae
-L 20Gwith-l +100%FREE.
- BEFORE you launch the GUI installer, run this in the terminal (change
Dif your partition is notvda3):
D="vda3" ; while [ ! -d /target/etc ]; do sleep 1 ; done ; echo "${D}_crypt UUID=$(blkid -s UUID -o value /dev/${D}) none luks,discard" > /target/etc/crypttab
- Now, launch the GUI installer and proceed as
above.
- However, your disk setup should look like this:
The long one-liner that you ran before starting the installer waits until the installer creates your root file system. Once that happens, it will create /etc/crypttab. This file needs to be there before the installer builds the initial RAM file system. If it doesn’t exist, your system won’t prompt for the LUKS key at boot.
If all goes well, once you reboot, you should get a LUKS unlock prompt:
If you don’t have a working framebuffer, you might see an even more plain prompt.
Done!
If it fails to boot, there’s hope. It should eventually drop to a BusyBox environment. You just need to open the LUKS volume, boot, then rebuild your initramfs so that it includes /etc/crypttab:
Once you’re into the system, drop to a shell and run:
sudo -s
D="vda3"
echo "${D}_crypt UUID=$(blkid -s UUID -o value /dev/${D}) none luks,discard" > /etc/crypttab
update-initramfs -u
Reboot and you should see the LUKS passphrase prompt at boot time.
Done!
https://wiki.archlinux.org/title/EFI_system_partition
https://help.ubuntu.com/community/Full_Disk_Encryption_Howto_2019
https://wiki.archlinux.org/title/Encrypted_LVM
https://unix.stackexchange.com/questions/291638/mount-root-filesystem-from-initramfs