This is a simple script to setup disk encryption with tpm2, so you don't have to enter the decryption key every time you boot your machine.
- Ubuntu 22.04 or greater (could work also on lower versions but it's not tested)
- TPM2 / fTPM chip on your motherboard
- Install Ubuntu like you would normally, just remember to setup LVM with encryption when asked for the advanced features
- Download the install script however you like
- Run the first stage with
bash install.sh --stage1. You will be asked for your user password. This is to install every dependency needed. - Very important: reboot your machine
- Get the device name of the encrypted partition (it would be /dev/something). It should be under the name
something_cryptor similar. Take that name without the_crypt - Run
bash install.sh --stage2 /dev/something. You will be asked for your user password and your decryption key. - After the script is done, reboot. You might see the decryption prompt again, don't do anything and wait, it will go on its own