How to Do Encrypted Disk Partitioning for Debian 12 Installation

To ensure that your Debian 12 system and your data is safe and secure, you can install Debian 12 on partially encrypted or fully encrypted disks.

In this article, we will show you how to encrypt specific partitions from the Debian 12 installer and install Debian 12 on the encrypted partitions. We will also show you how to install Debian 12 on a fully encrypted disk as well.

Topic of Contents:

  1. Things to Know Before Encrypting the Partitions for Debian 12 Installation
  2. Encrypt Specific Partitions from the Debian 12 Installer
  3. Partition the Disks to Install Debian 12 on Fully Encrypted Disks
  4. Save the Changes and Continue the Debian 12 Installation
  5. Boot the Installed Debian 12 on Encrypted Partitions
  6. Conclusion

Things to Know Before Encrypting the Partitions for Debian 12 Installation

As of this writing, Debian 12 can’t boot from an encrypted ROOT (/) partition if you don’t have a separate unencrypted /boot and EFI partition. If you’re thinking about installing Debian 12 on a fully encrypted disk, you should create an unencrypted /boot partition, an unencrypted EFI boot partition, and must create an encrypted SWAP partition.

To configure the encrypted volumes from the Debian 12 installer, select “Configure encrypted volumes” from the Manual disk partitioning window.

Select “Yes”[1] and click on “Continue”[2]

Select “Create encrypted volumes” and press <Enter>.

Select the partitions that you want to encrypt (sda3 and sda4 in this case)[1] and click on “Continue”[2].

You will have to configure the encryption for each of the partitions that you selected earlier one by one.

The disk (sda disk in this case) and partition number (partition #3 in this case) that you’re encrypting should be displayed at the top[1].

To pick an encryption method for the partition, select “Encryption” and press <Enter>[2].

Select the encryption algorithm that you want to use for this partition and press <Enter>. The currently supported encryption algorithms are AES (Advanced Encryption Standard), Blowfish, Serpent, and Twofish.

To select a key size for the encrypted partition, select the “Key size” and press <Enter>.

Select your desired key size for the encryption algorithm from the list and press <Enter>.

The larger the key size, the more secure the encryption will be. The larger the key size, the more time (or processing power) it takes to decrypt the encrypted file.

To select an Initialization Vector (IV) algorithm for the encryption, select the “IV algorithm” and press <Enter>.