Howto install LMDE with LVM (with or without encryption)
Posted: Sat Apr 23, 2011 6:16 am
Update
Since this tutorial was written, the install process has evolved, and code has been written to automate the process.
- One repository for such code is here.
Warning -- The procedure outlined in this document is for installing a clean version of Linux Mint Debian Edition using the entire hard drive. It will overwrite any and all data. Please be sure to backup important data to external media before proceeding.
Introduction
Several guides are available for installing Linux Mint Debian Edition on an encrypted LVM file system. This guide will explain how to install LMDE using nothing but a single install medium (LiveCD, LiveDVD, or LiveUSB) and a network connection. It is expected that those following this guide are comfortable entering commands in a terminal.
Overview
This example uses a computer with 2GB of RAM and a 50GB hard drive corresponding to /dev/sda. The hard drive will have two primary partitions: a 200MB boot partition (/boot) and an LVM partition that fills the remainder of the drive. The LVM partition may optionally be encrypted. The procedure varies slightly for encryption, so be sure to watch for those deviations.
First, you will boot the computer using the Linux Mint Debian Edition Live DVD and install some required tools. Next, you will partition the drive, with optional encryption, and create and partition the volumes. Then you will mount the volumes and extract the Live DVD image into them. Finally, you will chroot into the environment and fixup the system for first boot.
Preparation
Begin by backing up all your important data. This process will destroy everything on the disk.
Once you are sure all your data is safe, put the LMDE DVD in the computer and boot the LMDE live image. Open a terminal from the menu. You need superuser privileges for everything, so make life easier by getting a root shell.
Then the package lists need to be updated. You also need to install lvm2 and squashfs-tools.
Volume Creation
Next, you must partition the hard drive. You can use your favorite partitioning tool for this (cfdisk, fdisk, parted, etc.). Gparted is a great partition editor, so that is what I used.
Again, my hard drive device is /dev/sda. But yours may be /dev/hda or something else. It is up to you to be sure you are using the appropriate drive. Delete your existing partitions. In gparted, I just create a new msdos partition table (in the Device menu) which will remove existing partitions. Create a new 200MB ext2 primary partition at the start of the disk. Then create an unformatted partition using the remainder of the disk. In my example, the two partition devices are /dev/sda1 and /dev/sda2. If your devices differ, be sure to use your devices in the commands below. Be sure to save your changes.
Now you must make a decision: to encrypt or not to encrypt. Code blocks that differ based on this decision are labeled. If you choose to encrypt, it is considered best practice to first fill the partition with randomness to defeat certain key recovery techniques. This step can take quite a long time. Please be patient. It is also your responsibility to research what encryption algorithms and key sizes are right for you. The following commands just use the defaults. Also, it is a good idea to remember your password.
With encryption:
Without encryption:
I named my volume group volumes. Feel free to change it. You should also choose sizes that fit your needs. If you plan to suspend to RAM, you need a swap volume that is at least as large as the amount of RAM in your system. The -n option gives the volume name and the -L option the volume size. Use man lvcreate for more information.
If there is insufficient space you will get a message like the following:
Example:
You should now see your new logical volumes in /dev/volumes. They need to be formatted before they can be used.
Volume Population
Now it's time to install a system on those shiny new volumes. First, you must mount them somewhere on the file system.
Then extract the Live DVD file system into /mnt.
Now you need to update /mnt/etc/fstab so the new system will know where to mount the volumes. Open fstab with your favorite editor (gedit, vi, nano, etc.) and replace the entries with something like the following.
/mnt/etc/fstab
If you chose to encrypt, edit /mnt/etc/crypttab. Lines starting with # are supposed to be ignored, but that wasn't my experience, so I recommend removing everything but the following line.
With encryption:
/mnt/etc/crypttab
Prepare Install for Booting
Prepare and chroot the new system. Then mount those special file systems.
It's not a bad idea to change the prompt to remind you that this is a chroot.
Now remove all the Live DVD packages and update the package lists.
Then install the extra packages.
With encryption:
Without encryption:
If you make any changes to /etc/crypttab after installing cryptsetup, you will need to run update-initramfs -u to update the initial ramdisk image.
Grub needs to be installed to the MBR (unless you are using another boot manager).
Accept the defaults except when asked to select the GRUB install device(s). For that, select /dev/sda (or whatever your device is named).
That should be enough to boot into the newly installed system. But you need to setup an account to make it usable. Replace <username> with your desired login name in the following commands.
Either set the root password:
Or disable the password (Ubuntu style):
Because the mint user was removed, GDM automatic login will be broken. Unless you want to see a blank screen with only the busy spinner when you boot, be sure to complete this step. Open /etc/gdm3/daemon.conf with vi or nano and replace
Cleanup and Restart
Theoretically, you should be able to reboot at this point, but it is a good idea to back out some first.
You can now safely reboot. Be sure to eject the DVD when prompted. If you chose to encrypt, you should be prompted for a password. Otherwise, you should get the familiar GDM login screen. Enter your username and password from above and you should be logged in.
I hope this helped. I'll try to watch this post for questions. Good luck!
Since this tutorial was written, the install process has evolved, and code has been written to automate the process.
- One repository for such code is here.
Warning -- The procedure outlined in this document is for installing a clean version of Linux Mint Debian Edition using the entire hard drive. It will overwrite any and all data. Please be sure to backup important data to external media before proceeding.
Introduction
Several guides are available for installing Linux Mint Debian Edition on an encrypted LVM file system. This guide will explain how to install LMDE using nothing but a single install medium (LiveCD, LiveDVD, or LiveUSB) and a network connection. It is expected that those following this guide are comfortable entering commands in a terminal.
Overview
This example uses a computer with 2GB of RAM and a 50GB hard drive corresponding to /dev/sda. The hard drive will have two primary partitions: a 200MB boot partition (/boot) and an LVM partition that fills the remainder of the drive. The LVM partition may optionally be encrypted. The procedure varies slightly for encryption, so be sure to watch for those deviations.
First, you will boot the computer using the Linux Mint Debian Edition Live DVD and install some required tools. Next, you will partition the drive, with optional encryption, and create and partition the volumes. Then you will mount the volumes and extract the Live DVD image into them. Finally, you will chroot into the environment and fixup the system for first boot.
Preparation
Begin by backing up all your important data. This process will destroy everything on the disk.
Once you are sure all your data is safe, put the LMDE DVD in the computer and boot the LMDE live image. Open a terminal from the menu. You need superuser privileges for everything, so make life easier by getting a root shell.
Code: Select all
sudo -s
Code: Select all
apt-get update
apt-get install lvm2 squashfs-tools
Next, you must partition the hard drive. You can use your favorite partitioning tool for this (cfdisk, fdisk, parted, etc.). Gparted is a great partition editor, so that is what I used.
Code: Select all
gparted /dev/sda
Now you must make a decision: to encrypt or not to encrypt. Code blocks that differ based on this decision are labeled. If you choose to encrypt, it is considered best practice to first fill the partition with randomness to defeat certain key recovery techniques. This step can take quite a long time. Please be patient. It is also your responsibility to research what encryption algorithms and key sizes are right for you. The following commands just use the defaults. Also, it is a good idea to remember your password.
With encryption:
Code: Select all
apt-get install cryptsetup
dd if=/dev/zero of=/dev/sda1 bs=1M
dd if=/dev/urandom of=/dev/sda2 bs=1M & sleep 5; while kill -USR1 ${!}; do sleep 60; done
cryptsetup luksFormat /dev/sda2
cryptsetup luksOpen /dev/sda2 sda2_crypt
VOLUME=/dev/mapper/sda2_crypt
Code: Select all
VOLUME=/dev/sda2
Code: Select all
pvcreate $VOLUME
vgcreate volumes $VOLUME
lvcreate -n lmde -L 10G volumes
lvcreate -n swap -L 2G volumes
lvcreate -n home -L 50G volumes
Just rerun the command replacing the -L option with -l (lower-case L) and the number in the parenthesis (9984 in this case).Volume group "volumes" has insufficient free space (9984 extents): 12800 required.
Example:
Code: Select all
lvcreate -n home -l 9984 volumes
Code: Select all
mkswap -L swap /dev/volumes/swap
swapon /dev/volumes/swap
mkfs -t ext2 -L boot /dev/sda1
mkfs -t ext4 -L root -j /dev/volumes/lmde
mkfs -t ext4 -L home -j /dev/volumes/home
Now it's time to install a system on those shiny new volumes. First, you must mount them somewhere on the file system.
Code: Select all
mount /dev/volumes/lmde /mnt
mkdir /mnt/boot /mnt/home
mount /dev/sda1 /mnt/boot
mount /dev/volumes/home /mnt/home
Code: Select all
unsquashfs -f -d /mnt /live/image/casper/filesystem.squashfs
/mnt/etc/fstab
Code: Select all
# <file system> <mount point> <type> <options> <dump> <pass>
proc /proc proc defaults 0 0
LABEL=boot /boot ext2 defaults 0 2
/dev/volumes/lmde / ext4 errors=remount-ro 0 1
/dev/volumes/home /home ext4 defaults 0 2
/dev/volumes/swap none swap sw 0 0
/dev/scd0 /media/cdrom0 udf,iso9660 user,noauto 0 0
With encryption:
/mnt/etc/crypttab
Code: Select all
sda2_crypt /dev/sda2 none luks
Prepare and chroot the new system. Then mount those special file systems.
Code: Select all
cp /etc/resolv.conf /mnt/etc/
mount --bind /dev /mnt/dev
chroot /mnt
mount -t sysfs none /sys
mount -t proc none /proc
mount -t devpts none /dev/pts
Code: Select all
export PS1="(chroot) \$ "
Code: Select all
apt-get purge 'live-*'
apt-get update
With encryption:
Code: Select all
apt-get install cryptsetup lvm2
Code: Select all
apt-get install lvm2
update-rc.d -f lvm2 remove
update-rc.d lvm2 start 10 S . stop 10 0 6 .
Grub needs to be installed to the MBR (unless you are using another boot manager).
Code: Select all
dpkg-reconfigure grub-pc
That should be enough to boot into the newly installed system. But you need to setup an account to make it usable. Replace <username> with your desired login name in the following commands.
Code: Select all
deluser --remove-home mint
adduser <username>
addgroup <username> sudo
Code: Select all
passwd root
Code: Select all
passwd -l root
withAutomaticLoginEnable=true
.AutomaticLoginEnable=false
Cleanup and Restart
Theoretically, you should be able to reboot at this point, but it is a good idea to back out some first.
Code: Select all
umount /dev/pts
umount /proc
umount /sys
exit # exits chroot
umount /mnt/dev
umount /mnt/home
umount /mnt/boot
umount /mnt
sync # write all changes to disk
I hope this helped. I'll try to watch this post for questions. Good luck!