Ubuntu Desktop with LUKS encrypted BTRFS

Hello!
I wanted to install Ubuntu Desktop 25.04 (default Gnome DE) on my SSD with LUKS encrypted root BTRFS partition and separate /boot/efi partition.
Unfortunately there is no option in the installer to do LUKS with BTRFS filesystem. I looked up a few guides and following those I made the partitions and encrypted the root in terminal, after which I continued with the installer. The installer however gives me error when I try to give partition a mount point:
“request to /storage/v2/edit_partition crashed with ValueError”.

I came across this post:

“Unfortunately, if you are using the 23.04 ISO… which uses Snap ubuntu-desktop-installer, that will not work. The partioner in that ISO does not recognise pre-configured LUKS, LVM2, ZFS or BTRFS container (correctly).”
It’s not the version I am using but I assume it’s the same for newer versions.

Is there some way to install the this Ubuntu version the way I’m trying to?

I’m not real clear on your actual needs, but some friends I know have created some YT videos, but I asked him if they would include the nuts and bolts of the process .

This might help a bit: GitHub - paadza/Ubuntu-encrypted-btrfs-with-and-home-subvolumes-swap-and-Timeshift

I encourge if your comfortable with adding more subvolumes.
I don’t use a real high comppression but rather more uniform or a even balance ie:

 /etc/fstab: static file system information.
#
# Use 'blkid' to print the universally unique identifier for a device; this may
# be used with UUID= as a more robust way to name devices that works even if
# disks are added and removed. See fstab(5).
#
# <file system>             <mount point>  <type>  <options>  <dump>  <pass>
UUID=EE28-5131                            /boot          vfat    defaults   0 2
UUID=55436356-e5e7-42ff-b189-1d8f1f0a228e /              btrfs   subvol=/@,defaults,noatime,compress=zstd,commit=120 0 0
UUID=55436356-e5e7-42ff-b189-1d8f1f0a228e /home          btrfs   subvol=/@home,defaults,noatime,compress=zstd,commit=120 0 0
UUID=55436356-e5e7-42ff-b189-1d8f1f0a228e /root          btrfs   subvol=/@root,defaults,noatime,compress=zstd,commit=120 0 0
UUID=55436356-e5e7-42ff-b189-1d8f1f0a228e /srv           btrfs   subvol=/@srv,defaults,noatime,compress=zstd,commit=120 0 0
UUID=55436356-e5e7-42ff-b189-1d8f1f0a228e /var/cache     btrfs   subvol=/@cache,defaults,noatime,compress=zstd,commit=120 0 0
UUID=55436356-e5e7-42ff-b189-1d8f1f0a228e /var/tmp       btrfs   subvol=/@tmp,defaults,noatime,compress=zstd,commit=120 0 0
UUID=55436356-e5e7-42ff-b189-1d8f1f0a228e /var/log       btrfs   subvol=/@log,defaults,noatime,compress=zstd,commit=120 0 0
tmpfs                                     /tmp           tmpfs   defaults,noatime,mode=1777 0 0

My file system looks like:

df -T
Filesystem     Type      Size  Used Avail Use% Mounted on
dev            devtmpfs  6.7G     0  6.7G   0% /dev
run            tmpfs     6.8G  2.3M  6.8G   1% /run
efivarfs       efivarfs  148K  102K   42K  71% /sys/firmware/efi/efivars
/dev/nvme1n1p2 btrfs     464G   34G  428G   8% /
tmpfs          tmpfs     6.8G  516K  6.8G   1% /dev/shm
tmpfs          tmpfs     1.0M     0  1.0M   0% /run/credentials/systemd-resolved.service
tmpfs          tmpfs     6.8G   19M  6.8G   1% /tmp
/dev/nvme1n1p1 vfat      2.0G  776M  1.3G  38% /boot
/dev/nvme1n1p2 btrfs     464G   34G  428G   8% /root
/dev/nvme1n1p2 btrfs     464G   34G  428G   8% /home
/dev/nvme1n1p2 btrfs     464G   34G  428G   8% /var/log
/dev/nvme1n1p2 btrfs     464G   34G  428G   8% /var/tmp
/dev/nvme1n1p2 btrfs     464G   34G  428G   8% /var/cache
/dev/nvme1n1p2 btrfs     464G   34G  428G   8% /srv
tmpfs          tmpfs     1.0M     0  1.0M   0% /run/credentials/systemd-journald.service
tmpfs          tmpfs     1.4G  160K  1.4G   1% /run/user/1000
/dev/sde1      exfat      15G  8.9G  5.7G  61% /run/media/me/Ventoy
/dev/sdd1      ext4      916G  662G  209G  77% /run/media/me/Crucial-1TB

Come Clean Time, I do a ton of testing so encryption is not a part of my normal installs. as seen above.

If I was to keep one for a House Hold use I would encrypt on LUKS for sure!

One more hint try to leave your Storage Drive out of the mix, until you get it going.

Best of Luck

Thank you for the response. It’s a bit of a sad state if I’d need to start running scripts from other people to make LUKS encrypted BTRFS filesystem to happen.

I guess it’s possible to do it then, just got to make sure I understand what the scripts doing.
Anyone know if making an autoinstall file would bypass the error, or if ubuntu server install allows LUKS encrypted BTRFS?

last I heard they opted for ZFS on LUKS

It’s been a long time for me on the new installer, but I had zero luck on 6 or more scripts. That was on LUKS and BTRFS for Buntu’s

Ubuntu Server installation does not natively support LUKS encryption with BTRFS out of the box .

First, I’m not an expert. I just got done installing Ubuntu 24.04 and then encrypted it with Luks afterward using this guide.

https://ubuntuhandbook.org/index.php/2024/08/encrypt-existing-ubuntu-system/

I was first made aware of it by @rubi1200 although they hadn’t actually tried it.

The guide worked. If you do it like the author says, with just / encrypted (and /boot inside /) then you end up having to enter the passphrase twice. And it doesn’t work with Secure Boot enabled.

So I ended up doing it a second time with a separate, unencrypted /boot. Now I just input my passphrase once and I can leave Secure Boot on. I had to first install Ubuntu with / and separate /boot partitions. I assume you would have to first install Ubuntu with btrfs and then do the Luks encryption.

The only thing that didn’t work was trying to close the encrypted partition at the end and I just ended up shutting down according to the instructions.

I don’t know how this would work with btrfs, if it would all work the same or something would be different. Someone else will have to tell you. But following it was straightforward.

Added later: Grub menu is missing Windows entry for dual boot.