While installing Lubuntu with disk encryption I had the bug, so I did ctrl+alt+t and typed sudo swapoff --all.

Then I proceeded to install it and then this popup came:
"Write the changes to disks?
If you continue, the changes listed below will be written to the disks. Otherwise, you will be ale to make further changes manually.

The following partitions are going to be formatted:
LVM VG lubuntu-vg, LV root a ext4
LVM VG lubuntu-vg, LV swap_1 as swap"

I don't know what I am doing here, I just want to have full disk encryption.

There's currently no OS on my laptop so I am trying to install lubuntu.

You're fine. It's just telling you how it's going to format the disk. Since there is no current OS on the system you don't have to worry about overwriting anything or breaking anything.

But, I would advise *very strongly* against encrypting the disk.

Stuff gets corrupted, systems fail, hard drives die, etc and having an encrypted disk can totally throw a monkey wrench in to trying to do repairs. Sometimes so bad as to make you lose all of your data.

I understand being paranoid; especially in this day and age. And encrypting your *data* is an excellent idea. There are a lot of good and simple to use programs out there that will let you do just that.

I like veracrypt. I use it to encrypt all of my important files.

I know you're new and learning. But if you're going to be tinkering in the terminal with a disk during an installation for any reason and not just running the default install config in the GUI then I recommend that you read up on the basics of partitioning a disk.

I will be using usb sticks to make back ups every few days. Or do you advice for a better alternative? Is there a way to encrypt the usb sticks too? I will only be creating textfiles.

Ok I've decided to not encrypt it for now.

Question #1:
Can I change it in the future and encrypt the disk?

Question #2:
I entered the swapoff --all command in the terminal before. How do I reverse it? Can I install lubuntu without encrypting the disk before reversing it?

Yes. Google is your friend. But the easiest way to do it is to just encrypt the files themselves. I like veracrypt b/c it has *nix, doze and portable versions.

With a little work you can set up a stick that will run anywhere and locally encrypt / decrypt your files.

In this scenario: Encrypt you home folder, w/ a little education and work = not much of a problem. The same thing goes for swap. Encrypt the whole disk = you're going to have to seriously increase your skill level and get *very* hackalicious.

Assuming that you already have a swap file and it's simply just not activated, as root:

(NB: in examples like the one above carrots [<>] are used to encapsulate and should always be dropped when the command is executed.)

To mount the swap at boot check your /etc/fstab file from root with a text editor to make sure it is in there. If it's already there you may have to uncomment it. (Remove the "#".) If it's not there at all then add:
Just reboot the machine and do a standard install.

[QUOTE=Steven_G;5466842]

Assuming that you already have a swap file and it's simply just not activated, as root:

(NB: in examples like the one above carrots [<>] are used to encapsulate and should always be dropped when the command is executed.)

To mount the swap at boot check your /etc/fstab file from root with a text editor to make sure it is in there. If it's already there you may have to uncomment it. (Remove the "#".) If it's not there at all then add:
/QUOTE]

Thank you but I don't know what a swap file is and the things you wrote went right over my head. Can I just skip the rest and reboot and do the normal install?

You need to back up and start from the beginning.

You need to walk before you can fly. Nature's rule Danielsan, not mine.

Since you're not going to encrypt the disk and there's nothing already on it just reboot and do a new default install from scratch using the GUI. It will setup what you need.

Google is your friend:

What Is a Linux SWAP Partition, And What Does It Do?

And before you ask:

What is a GUI?

Slightly disagree with that. It depends on the usecase. E.g. encrypting the disk on a laptop that you travel with makes a whole lot of sense and is perfectly safe if you do regular (unencrypted) backups of the important files at home.
Full-disk encryption will give you more security than selective data encryption because noone, even with physical access to your machine, can tinker with your OS to install spyware etc.

I do agree with the point that you should know what you are doing though. If you are going to encrypt your data you should plan (and test) the recovery scenario before anything else... and that's irrespective of the encryption technology.

Sorry brau... dat just ain't trues. Once I can put my hands on it I pown it. FDcrypt or not. I can run evil maids against it. I can attack the firmware, the BIOS/UEFI or the boot loader, give it back to you and get your secrets.

Peeps and orgs w/ more resources than mine can keep it, dip the RAM in liquid nitrogen and forensically dissect it. Or run it against an AWS instance that's the equivalent of an old Cray for "relatively" cheap, backwards factor it and crack it like an egg if you used the wrong programs, algos, chain blocks, salts, hashes and / or cyphers when you set it up.

There's no real advantage to it and a lot of headaches. If I want to back up more than my data and want to back up my install and config I have to decrypt *everything* down to the volume level to get most BU programs to work. Or, I have to run it sector by sector, hope there are no r/w faults and wait for up to days for a sector by sector restore to run.

And if my disk goes down while it's locked and I'd like to repair it or recover something created since the last BU it can get really sticky, is a total PITA and sometimes just can't be done.

If you're worried about getting hit at border crossings then have a travel machine for looking up hotels and doing facebook that has nothing on it.

If you're taking a laptop to DefCon then you're missing the point and deserve whatever you get!

Don't sweat street level thieves. They're not going to have the tools or knowledge to crack an encrypted file; especially if you did it right to begin with. And by "it" I mean system hardening, compartmentalization, virtualization, system sec, ops sec, yada, yada, yada.

What's most likely going to happen is he'll sell it to a fence who will boot it and see some retarded password locked crap on it that ain't doze that he can't sell to anybody. So he'll slap a boot leg copy of doze on it and sell it to somebody who probably has no clue of how to run a forensic file recovery for an encrypted file on a reformatted disk.

Which is why I was talking about "tinkering with the OS". There will never be 100% security, but full disk encryption gives you more security than selective encryption. Period.

None of this is a problem if you are running the backup from the live system through a simple cronjob.

(Emphasis mine)

Explain: Do mean "live" as in a running system? Or live as in a mounted read only file system during a "live" session?

B/c if it's the first I cry BS. Please name for me the program capable of extracting an encrypted install on the fly b/c I ain't found it yet.

I mean "live" as in a running system, but sorry, I do not understand what you mean by "BS". The install is decrypted by grub before and during boot.
See e.g. pavel kogan's article on full disk encryption.
When the system is fully booted, the whole disk is unencrypted. You can backup anything you want, and this can happen through e.g. an hourly cronjob in the background.

OK, follow the bouncing ball:

I have moved BEYOND backing up the data in this conversation!! That's a compete and total no brainer and can be done 9 million ways by anyone who's been dinking w/ *nix for more than 90 days!

I am talking about extracting the OS from the hardware in an *installable* configuration. Preferably in a configuration where in it is already set up to move to other hardware so that I don't have to dink with slipstreaming drivers. (Think remastersys.) Otherwise what's the point? One of the things I'm guarding against is theft. When my insurance pays off I'm probably not going to get the exact same lappy again. I build custom OSes form the kernel up. I don't want to slap somebody else's OS on to my hardware. I want to extract my OS from the hardware.

Please name for me the program capable of doing this from inside a running (decrypted) file system on a machine with the disks *currently encrypted at the volume level*. In other words w/o having to first go to the volume level in the root terminal in a live session and turn off disk volume encryption before extracting the OS from the hardware.

B/c if you know of such an animal I'll buy you a beer b/c you'll save me a lot of headaches.

I have no desire to follow any of your balls...
I can see that. In fact, you have moved beyond the scope of this thread. That's called off topic. This conversation started with you recommending against disk encryption, and me disagreeing with that.

You came up with the requirement of extracting a full OS after the fact. In your initial post you talked about encrypting "important files"... not a full OS. And did not mention backup at all. If you are going to encrypt files and do not have a backup, you increase the risk of data loss irrespective of the encryption strategy, which is the point I was trying to make.
Anyway, I don't see how any of all this is still relevant to the OP's question.

Please start a new thread for this. Maybe someone has an answer for you, but clearly it does not belong into this thread.

In other words my point has been made:

1) There is a lot of stuff that you just can't do if you fully encrypt the disk.
2) While it has its benefits it's more trouble than it's worth and does not buy you a big enough improvement in security to be worth the attendant headaches.
3) Your knowledge of the subject and it's ramifications for practical system management is not as advanced as mine.

4) If that helps your oversized ego to feel better... then by all means go with it. This discussion isn't worth my time, so this is my last reply here.