Ubuntu 26.04 installed (subiquity) supports GUI-configured disk encryption, but only if you wipe the whole disk. That is often not suitable, so this tutorial shows how to work around it.
You have a harddrive with several installed operating systems (including e.g. Windows).
You want to replace one of the installed systems with 26.04 which is encrypted and TPM-unlocked.
Warning
Everything you'll do in this guide is super dangerous and total data loss is just a few bad commands away.
- Make sure you have your Windows recovery keys if Windows is installed (as well as passwords/recovery keys of all other encrypted filesystems).
- Boot the live USB
- Get up to disk partitioning (select manual partitioning) in the installer.
- Delete the partition you want to replace. Instead of it, create first a 2 GB partition mounted to
/bootand the rest of the free space should be for/partition. - Finish installation.
- Follow https://karthikkaranth.me/blog/setting-up-luks-encryption-on-an-existing-ubuntu-partition/ to encrypt the partition
- Try rebooting and booting into the system. You'll have to type in the drive password.
- If succeeded, configure TPM unlocking according to https://www.reddit.com/r/Ubuntu/comments/1su9ojt/upgrading_from_2404_to_2604_migrate_to_tpm_backed/ .
- Voila, the system boots and most of the time it doesn't ask you for the drive's password!