Fresh Lubuntu 20.04 with encrypted disk boot takes its time

Lubuntu Support
1

Hello,

I’ve got a fresh install of Lubuntu 20.04 (I just switched from a few years on Mint and am currently trying more lightweight distro) and I’m quite happy about it.

The only thing that puzzles me is a bit longer time the boot seems to take to decrypt my disk on startup. I chose the full encryption option during install on my SSD NVMe Samsung disk and it takes around 20-30 seconds from acknowledging my disk encryption password at startup to actually start proceeding through usual grub stuff (I removed quiet and splash from options for visibility). The same stage took merely a couple of seconds on the same setup under Mint I had a few days back. Actually I’ve made the current measurements:
orkan@gram:~$ systemd-analyze
Startup finished in 3.612s (firmware) + 24.503s (loader) + 6.508s (kernel) + 8.545s (userspace) = 43.169s
This isn’t the end of the world although I’d like to understand. A bit of googling told me that the number of encrypting iterations has something to do with that extended time and this is an option that Calamares controlled during install. I’m happy to dig into configs and such, but probably would need a punch in the right direction where to look. If there is a way to reduce that time it would be perfect although it’s OK for me at this stage to perform the install all the way from the scratch.
I’m attaching the logs underneath coming from the following commands:
416 [2020-05-24 16:47:59] sudo lsb_release -a
417 [2020-05-24 16:48:14] sudo lshw
418 [2020-05-24 16:48:35] sudo lscpu
419 [2020-05-24 16:48:46] sudo lsusb
420 [2020-05-24 16:48:54] sudo lspci

This is my first post on this forum. Many thanks for any advice.
Orkan.

logs:
orkan@gram:~$ sudo lsb_release -a
No LSB modules are available.
Distributor ID: Ubuntu
Description: Ubuntu 20.04 LTS
Release: 20.04
Codename: focal

orkan@gram:~$ sudo lshw
gram                        
    description: Notebook
    product: 14Z990-V.AR53Y
    vendor: LG Electronics
    version: 0.1
    serial: 906NZDC032306
    width: 64 bits
    capabilities: smbios-3.1.1 dmi-3.1.1 smp vsyscall32
    configuration: boot=normal chassis=notebook family=Z Series uuid=E8B8E654-FFF1-591A-A71B-9D0E2B166A39
  *-core
       description: Motherboard
       product: 14Z990
       vendor: LG Electronics
       physical id: 0
       version: FAB1
       serial: 8CF70BE7A53EB3C52E2A1752050CEE5114Z990-V.AR53Y
       slot: Part Component
     *-memory
          description: System Memory
          physical id: 2
          slot: System board or motherboard
          size: 16GiB
        *-bank:0
             description: SODIMM DDR4 Synchronous 2400 MHz (0,4 ns)
             product: 9905700-025.A00G
             vendor: Kingston
             physical id: 0
             serial: 8B1046F5
             slot: ChannelA-DIMM0
             size: 8GiB
             width: 64 bits
             clock: 2400MHz (0.4ns)
        *-bank:1                                                                                                                             
             description: SODIMM DDR4 Synchronous 2400 MHz (0,4 ns)                                                                          
             product: MEM-DOWN
             vendor: 0000
             physical id: 1
             serial: 00000000
             slot: ChannelB-DIMM0
             size: 8GiB
             width: 64 bits
             clock: 2400MHz (0.4ns)
     *-cache:0
          description: L1 cache
          physical id: b
          slot: L1 Cache
          size: 256KiB
          capacity: 256KiB
          capabilities: synchronous internal write-back unified
          configuration: level=1
     *-cache:1
          description: L2 cache
          physical id: c
          slot: L2 Cache
          size: 1MiB
          capacity: 1MiB
          capabilities: synchronous internal write-back unified
          configuration: level=2
     *-cache:2
          description: L3 cache
          physical id: d
          slot: L3 Cache
          size: 6MiB
          capacity: 6MiB
          capabilities: synchronous internal write-back unified
          configuration: level=3
     *-cpu
          description: CPU
          product: Intel(R) Core(TM) i5-8265U CPU @ 1.60GHz
          vendor: Intel Corp.
          physical id: e
          bus info: cpu@0
          version: Intel(R) Core(TM) i5-8265U CPU @ 1.60GHz
          serial: To Be Filled By O.E.M.
          slot: U3E1
          size: 2572MHz
          capacity: 3900MHz
          width: 64 bits
          clock: 100MHz
          capabilities: lm fpu fpu_exception wp vme de pse tsc msr pae mce cx8 apic sep mtrr pge mca cmov pat pse36 clflush dts acpi mmx fxsr sse sse2 ss ht tm pbe syscall nx pdpe1gb rdtscp x86-64 constant_tsc art arch_perfmon pebs bts rep_good nopl xtopology nonstop_tsc cpuid aperfmperf pni pclmulqdq dtes64 monitor ds_cpl vmx est tm2 ssse3 sdbg fma cx16 xtpr pdcm pcid sse4_1 sse4_2 x2apic movbe popcnt tsc_deadline_timer aes xsave avx f16c rdrand lahf_lm abm 3dnowprefetch cpuid_fault epb invpcid_single ssbd ibrs ibpb stibp tpr_shadow vnmi flexpriority ept vpid ept_ad fsgsbase tsc_adjust bmi1 avx2 smep bmi2 erms invpcid mpx rdseed adx smap clflushopt intel_pt xsaveopt xsavec xgetbv1 xsaves dtherm ida arat pln pts hwp hwp_notify hwp_act_window hwp_epp md_clear flush_l1d arch_capabilities cpufreq
          configuration: cores=4 enabledcores=4 threads=8
     *-firmware
          description: BIOS
          vendor: Phoenix Technologies Ltd.
          physical id: f
          version: W1ZD1220 X64
          date: 04/04/2019
          size: 128KiB
          capacity: 10MiB
          capabilities: pci upgrade shadowing cdboot bootselect edd int5printscreen int9keyboard int14serial int17printer int10video acpi usb biosbootspecification netboot uefi
     *-pci
          description: Host bridge
          product: Coffee Lake HOST and DRAM Controller
          vendor: Intel Corporation
          physical id: 100
          bus info: pci@0000:00:00.0
          version: 0b
          width: 32 bits
          clock: 33MHz
          configuration: driver=skl_uncore
          resources: irq:0
        *-display
             description: VGA compatible controller
             product: UHD Graphics 620 (Whiskey Lake)
             vendor: Intel Corporation
             physical id: 2
             bus info: pci@0000:00:02.0
             logical name: /dev/fb0
             version: 00
             width: 64 bits
             clock: 33MHz
             capabilities: pciexpress msi pm vga_controller bus_master cap_list rom fb
             configuration: depth=32 driver=i915 latency=0 mode=1920x1080 visual=truecolor xres=1920 yres=1080
             resources: iomemory:600-5ff iomemory:400-3ff irq:129 memory:6022000000-6022ffffff memory:4000000000-400fffffff ioport:2000(size=64) memory:c0000-dffff
        *-generic:0
             description: Signal processing controller
             product: Xeon E3-1200 v5/E3-1500 v5/6th Gen Core Processor Thermal Subsystem
             vendor: Intel Corporation
             physical id: 4
             bus info: pci@0000:00:04.0
             version: 0b
             width: 64 bits
             clock: 33MHz
             capabilities: msi pm cap_list
             configuration: driver=proc_thermal latency=0
             resources: iomemory:600-5ff irq:16 memory:6023110000-6023117fff
        *-generic:1
             description: Signal processing controller
             product: Cannon Point-LP Thermal Controller
             vendor: Intel Corporation
             physical id: 12
             bus info: pci@0000:00:12.0
             version: 30
             width: 64 bits
             clock: 33MHz
             capabilities: pm msi cap_list
             configuration: driver=intel_pch_thermal latency=0
             resources: iomemory:600-5ff irq:16 memory:602312a000-602312afff
        *-usb
             description: USB controller
             product: Cannon Point-LP USB 3.1 xHCI Controller
             vendor: Intel Corporation
             physical id: 14
             bus info: pci@0000:00:14.0
             version: 30
             width: 64 bits
             clock: 33MHz
             capabilities: pm msi xhci bus_master cap_list
             configuration: driver=xhci_hcd latency=0
             resources: iomemory:600-5ff irq:125 memory:6023100000-602310ffff
           *-usbhost:0
                product: xHCI Host Controller
                vendor: Linux 5.4.0-31-generic xhci-hcd
                physical id: 0
                bus info: usb@1
                logical name: usb1
                version: 5.04
                capabilities: usb-2.00
                configuration: driver=hub slots=12 speed=480Mbit/s
              *-usb:0
                   description: Video
                   product: LG Camera
                   vendor: Chicony Electronics Co.,Ltd.
                   physical id: 6
                   bus info: usb@1:6
                   version: 0.02
                   serial: 0001
                   capabilities: usb-2.00
                   configuration: driver=uvcvideo maxpower=500mA speed=480Mbit/s
              *-usb:1
                   description: Bluetooth wireless interface
                   vendor: Intel Corp.
                   physical id: a
                   bus info: usb@1:a
                   version: 0.02
                   capabilities: bluetooth usb-2.00
                   configuration: driver=btusb maxpower=100mA speed=12Mbit/s
           *-usbhost:1
                product: xHCI Host Controller
                vendor: Linux 5.4.0-31-generic xhci-hcd
                physical id: 1
                bus info: usb@2
                logical name: usb2
                version: 5.04
                capabilities: usb-3.10
                configuration: driver=hub slots=6 speed=10000Mbit/s
        *-memory UNCLAIMED
             description: RAM memory
             product: Cannon Point-LP Shared SRAM
             vendor: Intel Corporation
             physical id: 14.2
             bus info: pci@0000:00:14.2
             version: 30
             width: 64 bits
             clock: 33MHz (30.3ns)
             capabilities: pm cap_list
             configuration: latency=0
             resources: iomemory:600-5ff iomemory:600-5ff memory:6023120000-6023121fff memory:6023129000-6023129fff
        *-network
             description: Wireless interface
             product: Cannon Point-LP CNVi [Wireless-AC]
             vendor: Intel Corporation
             physical id: 14.3
             bus info: pci@0000:00:14.3
             logical name: wlp0s20f3
             version: 30
             serial: 3c:f0:11:72:a7:ea
             width: 64 bits
             clock: 33MHz
             capabilities: pm msi pciexpress msix bus_master cap_list ethernet physical wireless
             configuration: broadcast=yes driver=iwlwifi driverversion=5.4.0-31-generic firmware=46.6bf1df06.0 ip=192.168.0.171 latency=0 link=yes multicast=yes wireless=IEEE 802.11
             resources: iomemory:600-5ff irq:16 memory:602311c000-602311ffff
        *-serial:0
             description: Serial bus controller
             product: Cannon Point-LP Serial IO I2C Controller #0
             vendor: Intel Corporation
             physical id: 15
             bus info: pci@0000:00:15.0
             version: 30
             width: 64 bits
             clock: 33MHz
             capabilities: pm bus_master cap_list
             configuration: driver=intel-lpss latency=0
             resources: iomemory:600-5ff irq:16 memory:6023128000-6023128fff
        *-serial:1
             description: Serial bus controller
             product: Intel Corporation
             vendor: Intel Corporation
             physical id: 15.3
             bus info: pci@0000:00:15.3
             version: 30
             width: 64 bits
             clock: 33MHz
             capabilities: pm bus_master cap_list
             configuration: driver=intel-lpss latency=0
             resources: iomemory:600-5ff irq:19 memory:6023127000-6023127fff
        *-communication:0
             description: Communication controller
             product: Cannon Point-LP MEI Controller #1
             vendor: Intel Corporation
             physical id: 16
             bus info: pci@0000:00:16.0
             version: 30
             width: 64 bits
             clock: 33MHz
             capabilities: pm msi bus_master cap_list
             configuration: driver=mei_me latency=0
             resources: iomemory:600-5ff irq:139 memory:6023126000-6023126fff
        *-sata
             description: SATA controller
             product: Cannon Point-LP SATA Controller [AHCI Mode]
             vendor: Intel Corporation
             physical id: 17
             bus info: pci@0000:00:17.0
             logical name: scsi2
             version: 30
             width: 32 bits
             clock: 66MHz
             capabilities: sata msi pm ahci_1.0 bus_master cap_list emulated
             configuration: driver=ahci latency=0
             resources: irq:126 memory:92300000-92301fff memory:92304000-923040ff ioport:2080(size=8) ioport:2088(size=4) ioport:2060(size=32) memory:92303000-923037ff
           *-disk
                description: ATA Disk
                product: SAMSUNG MZNLN256
                physical id: 0.0.0
                bus info: scsi@2:0.0.0
                logical name: /dev/sda
                version: 300Q
                serial: S3TSNA0M521495
                size: 238GiB (256GB)
                capabilities: gpt-1.00 partitioned partitioned:gpt
                configuration: ansiversion=5 guid=1ee2aa52-bc8f-4894-8d35-00942a75ad4c logicalsectorsize=512 sectorsize=512
              *-volume
                   description: EXT4 volume
                   vendor: Linux
                   physical id: 1
                   bus info: scsi@2:0.0.0,1
                   logical name: /dev/sda1
                   version: 1.0
                   serial: c19eb390-ce4f-4323-af0d-0e87cc1de569
                   size: 238GiB
                   capacity: 238GiB
                   capabilities: journaled extended_attributes large_files huge_files dir_nlink 64bit extents ext4 ext2 initialized
                   configuration: created=2019-09-26 20:48:15 filesystem=ext4 lastmountpoint=/mnt/ssd256 modified=2020-05-23 14:57:12 mounted=2020-05-23 12:34:54 state=clean
        *-pci:0
             description: PCI bridge
             product: Cannon Point-LP PCI Express Root Port #5
             vendor: Intel Corporation
             physical id: 1c
             bus info: pci@0000:00:1c.0
             version: f0
             width: 32 bits
             clock: 33MHz
             capabilities: pci pciexpress msi pm normal_decode bus_master cap_list
             configuration: driver=pcieport
             resources: irq:122 ioport:3000(size=4096) memory:7c000000-920fffff ioport:6000000000(size=570425344)
        *-pci:1
             description: PCI bridge
             product: Cannon Point-LP PCI Express Root Port #9
             vendor: Intel Corporation
             physical id: 1d
             bus info: pci@0000:00:1d.0
             version: f0
             width: 32 bits
             clock: 33MHz
             capabilities: pci pciexpress msi pm normal_decode bus_master cap_list
             configuration: driver=pcieport
             resources: irq:123 memory:92200000-922fffff
           *-storage
                description: Non-Volatile memory controller
                product: NVMe SSD Controller SM981/PM981/PM983
                vendor: Samsung Electronics Co Ltd
                physical id: 0
                bus info: pci@0000:3a:00.0
                version: 00
                width: 64 bits
                clock: 33MHz
                capabilities: storage pm msi pciexpress msix nvm_express bus_master cap_list
                configuration: driver=nvme latency=0
                resources: irq:16 memory:92200000-92203fff
        *-pci:2
             description: PCI bridge
             product: Cannon Point-LP PCI Express Root Port #15
             vendor: Intel Corporation
             physical id: 1d.6
             bus info: pci@0000:00:1d.6
             version: f0
             width: 32 bits
             clock: 33MHz
             capabilities: pci pciexpress msi pm normal_decode bus_master cap_list
             configuration: driver=pcieport
             resources: irq:124 memory:92100000-921fffff
           *-generic
                description: Unassigned class
                product: RTS522A PCI Express Card Reader
                vendor: Realtek Semiconductor Co., Ltd.
                physical id: 0
                bus info: pci@0000:3b:00.0
                version: 01
                width: 32 bits
                clock: 33MHz
                capabilities: pm msi pciexpress bus_master cap_list
                configuration: driver=rtsx_pci latency=0
                resources: irq:127 memory:92100000-92100fff
        *-communication:1
             description: Communication controller
             product: Intel Corporation
             vendor: Intel Corporation
             physical id: 1e
             bus info: pci@0000:00:1e.0
             version: 30
             width: 64 bits
             clock: 33MHz
             capabilities: pm bus_master cap_list
             configuration: driver=intel-lpss latency=0
             resources: iomemory:600-5ff iomemory:600-5ff irq:20 memory:6023125000-6023125fff memory:6023124000-6023124fff
        *-serial:2
             description: Serial bus controller
             product: Intel Corporation
             vendor: Intel Corporation
             physical id: 1e.3
             bus info: pci@0000:00:1e.3
             version: 30
             width: 64 bits
             clock: 33MHz
             capabilities: pm bus_master cap_list
             configuration: driver=intel-lpss latency=0
             resources: iomemory:600-5ff irq:23 memory:6023123000-6023123fff
        *-isa
             description: ISA bridge
             product: Cannon Point-LP LPC Controller
             vendor: Intel Corporation
             physical id: 1f
             bus info: pci@0000:00:1f.0
             version: 30
             width: 32 bits
             clock: 33MHz
             capabilities: isa bus_master
             configuration: latency=0
        *-multimedia
             description: Audio device
             product: Cannon Point-LP High Definition Audio Controller
             vendor: Intel Corporation
             physical id: 1f.3
             bus info: pci@0000:00:1f.3
             version: 30
             width: 64 bits
             clock: 33MHz
             capabilities: pm msi bus_master cap_list
             configuration: driver=snd_hda_intel latency=64
             resources: iomemory:600-5ff iomemory:600-5ff irq:150 memory:6023118000-602311bfff memory:6023000000-60230fffff
        *-serial:3
             description: SMBus
             product: Cannon Point-LP SMBus Controller
             vendor: Intel Corporation
             physical id: 1f.4
             bus info: pci@0000:00:1f.4
             version: 30
             width: 64 bits
             clock: 33MHz
             configuration: driver=i801_smbus latency=0
             resources: iomemory:600-5ff irq:16 memory:6023122000-60231220ff ioport:efa0(size=32)
        *-serial:4 UNCLAIMED
             description: Serial bus controller
             product: Cannon Point-LP SPI Controller
             vendor: Intel Corporation
             physical id: 1f.5
             bus info: pci@0000:00:1f.5
             version: 30
             width: 32 bits
             clock: 33MHz
             configuration: latency=0
             resources: memory:fe010000-fe010fff
     *-pnp00:00
          product: PnP device PNP0c02
          physical id: 0
          capabilities: pnp
          configuration: driver=system
     *-pnp00:01
          product: PnP device PNP0c02
          physical id: 1
          capabilities: pnp
          configuration: driver=system
     *-pnp00:02
          product: PnP device PNP0c02
          physical id: 3
          capabilities: pnp
          configuration: driver=system
     *-pnp00:03
          product: PnP device PNP0c02
          physical id: 4
          capabilities: pnp
          configuration: driver=system
     *-pnp00:04
          product: PnP device INT3f0d
          physical id: 5
          capabilities: pnp
          configuration: driver=system
     *-pnp00:05
          product: PnP device PNP0303
          physical id: 6
          capabilities: pnp
          configuration: driver=i8042 kbd
     *-pnp00:06
          product: PnP device PNP0c02
          physical id: 7
          capabilities: pnp
          configuration: driver=system
     *-pnp00:07
          product: PnP device PNP0c02
          physical id: 8
          capabilities: pnp
          configuration: driver=system
  *-battery
       product: Smart Battery
       vendor: Intel Corp.
       physical id: 1
       version: 2008
       serial: 1.0
       slot: Rear


orkan@gram:~$ sudo lscpu
Architecture:                    x86_64
CPU op-mode(s):                  32-bit, 64-bit
Byte Order:                      Little Endian
Address sizes:                   39 bits physical, 48 bits virtual
CPU(s):                          8
On-line CPU(s) list:             0-7
Thread(s) per core:              2
Core(s) per socket:              4
Socket(s):                       1
NUMA node(s):                    1
Vendor ID:                       GenuineIntel
CPU family:                      6
Model:                           142
Model name:                      Intel(R) Core(TM) i5-8265U CPU @ 1.60GHz
Stepping:                        11
CPU MHz:                         3857.475
CPU max MHz:                     3900,0000
CPU min MHz:                     400,0000
BogoMIPS:                        3600.00
Virtualization:                  VT-x
L1d cache:                       128 KiB
L1i cache:                       128 KiB
L2 cache:                        1 MiB
L3 cache:                        6 MiB
NUMA node0 CPU(s):               0-7
Vulnerability Itlb multihit:     KVM: Mitigation: Split huge pages
Vulnerability L1tf:              Not affected
Vulnerability Mds:               Mitigation; Clear CPU buffers; SMT vulnerable
Vulnerability Meltdown:          Not affected
Vulnerability Spec store bypass: Mitigation; Speculative Store Bypass disabled via prctl and seccomp
Vulnerability Spectre v1:        Mitigation; usercopy/swapgs barriers and __user pointer sanitization
Vulnerability Spectre v2:        Mitigation; Full generic retpoline, IBPB conditional, IBRS_FW, STIBP conditional, RSB filling
Vulnerability Tsx async abort:   Not affected
Flags:                           fpu vme de pse tsc msr pae mce cx8 apic sep mtrr pge mca cmov pat pse36 clflush dts acpi mmx fxsr sse sse2 s
                                 s ht tm pbe syscall nx pdpe1gb rdtscp lm constant_tsc art arch_perfmon pebs bts rep_good nopl xtopology nons
                                 top_tsc cpuid aperfmperf pni pclmulqdq dtes64 monitor ds_cpl vmx est tm2 ssse3 sdbg fma cx16 xtpr pdcm pcid 
                                 sse4_1 sse4_2 x2apic movbe popcnt tsc_deadline_timer aes xsave avx f16c rdrand lahf_lm abm 3dnowprefetch cpu
                                 id_fault epb invpcid_single ssbd ibrs ibpb stibp tpr_shadow vnmi flexpriority ept vpid ept_ad fsgsbase tsc_a
                                 djust bmi1 avx2 smep bmi2 erms invpcid mpx rdseed adx smap clflushopt intel_pt xsaveopt xsavec xgetbv1 xsave
                                 s dtherm ida arat pln pts hwp hwp_notify hwp_act_window hwp_epp md_clear flush_l1d arch_capabilities


orkan@gram:~$ sudo lsusb
Bus 002 Device 001: ID 1d6b:0003 Linux Foundation 3.0 root hub
Bus 001 Device 002: ID 04f2:b678 Chicony Electronics Co., Ltd LG Camera
Bus 001 Device 003: ID 8087:0aaa Intel Corp. 
Bus 001 Device 001: ID 1d6b:0002 Linux Foundation 2.0 root hub


orkan@gram:~$ sudo lspci
00:00.0 Host bridge: Intel Corporation Coffee Lake HOST and DRAM Controller (rev 0b)
00:02.0 VGA compatible controller: Intel Corporation UHD Graphics 620 (Whiskey Lake)
00:04.0 Signal processing controller: Intel Corporation Xeon E3-1200 v5/E3-1500 v5/6th Gen Core Processor Thermal Subsystem (rev 0b)
00:12.0 Signal processing controller: Intel Corporation Cannon Point-LP Thermal Controller (rev 30)
00:14.0 USB controller: Intel Corporation Cannon Point-LP USB 3.1 xHCI Controller (rev 30)
00:14.2 RAM memory: Intel Corporation Cannon Point-LP Shared SRAM (rev 30)
00:14.3 Network controller: Intel Corporation Cannon Point-LP CNVi [Wireless-AC] (rev 30)
00:15.0 Serial bus controller [0c80]: Intel Corporation Cannon Point-LP Serial IO I2C Controller #0 (rev 30)
00:15.3 Serial bus controller [0c80]: Intel Corporation Device 9deb (rev 30)
00:16.0 Communication controller: Intel Corporation Cannon Point-LP MEI Controller #1 (rev 30)
00:17.0 SATA controller: Intel Corporation Cannon Point-LP SATA Controller [AHCI Mode] (rev 30)
00:1c.0 PCI bridge: Intel Corporation Cannon Point-LP PCI Express Root Port #5 (rev f0)
00:1d.0 PCI bridge: Intel Corporation Cannon Point-LP PCI Express Root Port #9 (rev f0)
00:1d.6 PCI bridge: Intel Corporation Cannon Point-LP PCI Express Root Port #15 (rev f0)
00:1e.0 Communication controller: Intel Corporation Device 9da8 (rev 30)
00:1e.3 Serial bus controller [0c80]: Intel Corporation Device 9dab (rev 30)
00:1f.0 ISA bridge: Intel Corporation Cannon Point-LP LPC Controller (rev 30)
00:1f.3 Audio device: Intel Corporation Cannon Point-LP High Definition Audio Controller (rev 30)
00:1f.4 SMBus: Intel Corporation Cannon Point-LP SMBus Controller (rev 30)
00:1f.5 Serial bus controller [0c80]: Intel Corporation Cannon Point-LP SPI Controller (rev 30)
3a:00.0 Non-Volatile memory controller: Samsung Electronics Co Ltd NVMe SSD Controller SM981/PM981/PM983
3b:00.0 Unassigned class [ff00]: Realtek Semiconductor Co., Ltd. RTS522A PCI Express Card Reader (rev 01)
2

When using full disk encryption, all the other flavours use an unencrypted /boot partition.
When the system starts, it loads the bootloader, which loads the kernel and initramfs from the unencrypted /boot partition. The loaded kernel/initramfs have then to unlock the LUKS container and load the system.

Lubuntu with Calamares doesn’t create an unencrypted /boot partition. /boot is then inside of the LUKS container.
When the system starts, it loads the bootloader, which has to unlock the LUKS container, load the configuration from there and then loads the kernel and initramfs.
But because the system is locked inside a LUKS container, the kernel has to unlock the container first (as described above).

And, by the way, please stop with the excessive use of sudo. Most of the commands don’t require sudo.

2 Likes
3

@apt-ghetto many thanks for the explanation and I’ll remember the sudo advice

reg. the encryption: if just the boot partition gets encrypted - is it possible then to retrieve the data from other partitions by someone else in case the laptop gets stolen?
if the answer to the above is “not easily” then the other question: is it possible to re-arrange the partitions and encryption setup I’ve got currently (default to Lubuntu installation) to the one with separate /boot partition and encrypting it exclusively?

4

Security is a very complex field. And it often depends on your own risk evaluation:

  • Why do you need an encrypted system?
  • What kind of data do you want to protect?
  • Do you need plausible deniability?
  • Who is the attacker?
  • Which tools, resources, time does the attacker use to break the system?

Disk encryption is often only one of several security measurements.

If you just want to protect your data against thieves, then you will be secure with both versions: the unencrypted and the encrypted /boot partition.

Technically, it is possible to create an unencrypted /boot and move the files to the new partition. The problem is, that Lubuntu/Calamares adds a keyfile into the initramfs to unlock the LUKS container (that is why you have to enter the passphrase only once).
If you want to do it manually, then you have to delete the keyfile, rebuild the initramfs, otherwise everyone can unlock it without knowing the passphrase. And you should remove also the keyfile from LUKS.

You could also install Kubuntu and then install the Lubuntu desktop meta package.

3 Likes
5

Many thanks for your explanation. I am using my laptop for work and there’s data in apps and drives I need to protect. I’m perfectly all right with a tiny bit of inconvenience of extended boot time.
Your help solves my questions.

6

This topic was automatically closed 60 minutes after the last reply. New replies are no longer allowed.