Howto install LMDE with LVM (with or without encryption)

Write tutorials and howtos in here
More tutorials here http://community.linuxmint.com/tutorial/welcome
Forum rules
Do not start a support topic here please, Before you post please read this

Re: Howto install LMDE with LVM (with or without encryption)

Postby turqoisehex on Mon Aug 08, 2011 1:51 pm

I ran into many problems while following this HowTo.
  • First off, cryptsetup can't be installed because of conflicts with Libc6-dev. Forcing libc6-dev in Synaptic was the workaround I eventually found.
  • Second, when I did
    Code: Select all
     VOLUME=/dev/mapper/sda2_crypt
    it said I could only do it with the -ff flag (force). I did this, but it's worrying.
  • The worst one, was that when I ran
    Code: Select all
    unsquashfs -f -d /mnt /live/image/casper/filesystem.squashfs
    it would crash the live environment! It completely froze up and required a hard reboot. Extracting it on another computer and then moving it over via
    Code: Select all
    rsync -vah
    was my solution.
  • As mentioned in the comment before mine, I ran
    Code: Select all
    apt-get update && apt-get upgrade && apt-get dist-upgrade
    , hoping this would solve some problems.
  • I ran
    Code: Select all
    dpkg-reconfigure grub-pc
    while chrooted, but I didn't see it install... shouldn't
    Code: Select all
    grub-install /dev/sdX
    be run afterward, followed by
    Code: Select all
    update-grub
    ?
  • I was unable to umount /mnt/dev and /mnt, it said they were busy.
  • Most frustratingly, after the 3rd try, when I rebooted all I got was the blinking underscore of GRUB doom.

I'll try and redo it again, and see if GRUB is the issue.
Thanks for the well done howto.

UPDATE
After substantially more messing around with GRUB (finally got it to install) and figuring out how to re-active the volumes after reboot (using the "lvchange -a y" command). NOW when I restart the computer and select the OS in GRUB it tries to load the information from crypttab and fstab and says something along the lines of the volume group "volumes" not existing. As much as I want this to work, after 10+ hours I give up :x
turqoisehex
Level 1
Level 1
 
Posts: 45
Joined: Tue Aug 03, 2010 9:33 pm

Linux Mint is funded by ads and donations.
 

Re: Howto install LMDE with LVM (with or without encryption)

Postby Pepas on Thu Sep 22, 2011 12:28 pm

I loved this approach, and it works well for me (so far). I will list what I did, with some comments where it diverts:

[After booting up the Installer, in console/terminal:]
sudo -i ## I am used to this instead of sudo -s because it will read resource files
apt-get install cryptsetup lvm2 squashfs-tools
[boot partition for a /dev/sdXY of around 100 MB and an encrypted lvm on /dev/sdXZ of (much) over 25 GB]

badblocks -c 10240 -s -w -t random -v /dev/sdXZ ## this is apparently much faster than using urandom, but pseudo-random; another plus: it checks for bad blocks
cryptsetup luksFormat -c aes -s 128 /dev/sdXZ ## recently it was shown that 128bit AES is more robust against some attacks than 192/256bit
cryptsetup luksOpen /dev/sdXZ crypt ## 'crypt' being a chosen name
vgcreate secret /dev/mapper/crypt ## 'secret' being a chosen name
lvcreate -C y -L 2100M -n swap secret ## 'swap' being a chosen name; -C y ensures the swap is contiguous, which is important for performance
lvcreate -L 20G -n linux secret ## 'linux' being a chosen name
lvcreate -l 100%FREE -n home secret ## 'home' being a chosen name; -l 100%FREE uses up the rest of the space
mkswap -f -L swap /dev/mapper/secret-swap ## 'swap' again being a chosen name; -f ensures that all the available space is used
mkfs.ext4 -L linux /dev/mapper/secret-linux ## 'linux'' again being a chosen name
mkfs.ext4 -L home -m 0 /dev/mapper/secret-home ## 'home' again being a chosen name; -m 0 means no reserved blocks for root
mkfs.ext2 -L boot /dev/sdXY ## 'boot' being a chosen name

swapon /dev/mapper/secret-swap
mount /dev/mapper/secret-linux /mnt
mkdir /mnt/boot /mnt/home
mount /dev/sdXY /mnt/boot
mount /dev/mapper/secret-home /mnt/home

unsquashfs -f -d /mnt /live/image/casper/filesystem.squashfs

cat <<END >/mnt/etc/fstab
# <file system> <mount point> <type> <options> <dump> <pass>
proc /proc proc defaults 0 0
LABEL=boot /boot ext2 defaults 0 2
/dev/mapper/secret-linux / ext4 errors=remount-ro 0 1
/dev/mapper/secret-swap swap swap sw 0 2
/dev/scd0 /media/cdrom0 udf,iso9660 user,noauto 0 0
END

echo "crypt /dev/sdXZ none luks" >/mnt/etc/crypttab
cp /etc/resolv.conf /mnt/etc/

mount --bind /dev /mnt/dev
chroot /mnt
mount -t sysfs none /sys
mount -t proc none /proc
mount -t devpts none /dev/pts
export PS1="CHROOT# "

apt-get purge ^live-* ## Including ^ means the name has to start with live-
apt-get update
apt-get install cryptsetup lvm2
update-grub ## this is how I always update the grub.cfg
grub-install /dev/sdX ## and install it

deluser --remove-home mint
adduser USER ## instead of USER choose username
addgroup USER sudo ## instead of USER choose username
passwd -l root
sed -i "s/mint/USER/" /etc/gdm3/daemon.conf ## instead of USER choose username; this will autologin, like the live installer
echo "HOSTNAME" >/etc/hostname ## it would be nice to also set the time(zone), but can do this in the new install

umount /dev/pts
umount /proc
umount /sys
exit

umount /mnt/dev
umount /mnt/boot
umount /mnt
sync
reboot

[In the new install, set the right time(zone), and use the Mint-debian-updater to get up to date]
User avatar
Pepas
Level 1
Level 1
 
Posts: 35
Joined: Mon Jan 24, 2011 10:18 am

Re: Howto install LMDE with LVM (with or without encryption)

Postby jbarratt on Sat Nov 12, 2011 3:34 pm

Great how-to, but it took four tries to make it work on my new Thinkpad X220 with WIndows 7 already installed. It turned out that the one thing I had to do was to replace the command "dpkg-reconfigure grub-pc" with "grub-install". Perhaps this is a Grub 2 change?

In any case, thanks again.
jbarratt
Level 1
Level 1
 
Posts: 1
Joined: Sat Nov 12, 2011 3:28 pm

Re: Howto install LMDE with LVM (with or without encryption)

Postby bklive on Fri Jan 13, 2012 9:42 pm

If you needed to add a second (or third, fourth, etc) hard drive or partition space to the pv, just use
Code: Select all
pvcreate /dev/sdX3 /dev/sdY#


dpkg-reconfigure grub-pc didn't do the trick as previously mentioned.

I had to
Code: Select all
# grub-install /dev/sdX
# update-grub

and then it wouldn't umount the /proc or /dev fs regardless of how many times you use --force or kill the processes keeping them active. I just rebooted which worked (I'm using LMDE with lvm right now as I'm writing this) after exiting the chroot environment.

This was mentioned, but don't forget to update your timezone. You could do this in the chroot with
Code: Select all
# tzselect

and then using ntpd to set the time

It would probably be better to make the /home add line look like
Code: Select all
lvcreate -n home -L 100%FREE volumes

so you're using the sum of the remainder (I installed across two hard drives, so it was necessary for me to use this b/c I didn't know how much space was left)
bklive
Level 1
Level 1
 
Posts: 1
Joined: Tue May 31, 2011 1:47 am

Re: Howto install LMDE with LVM (with or without encryption)

Postby melbo on Tue Jan 31, 2012 2:12 am

This is a GREAT tutorial but I really wish that the author or a moderator would edit the
Code: Select all
dpkg-reconfigure grub-pc

To instead point to this:
Code: Select all
grub-install /dev/sdX
update-grub

I caught it by reading the entire thread but it may cause a new person to urandom a large drive for 3 days only to find it fail on reboot and have to start over.
melbo
Level 2
Level 2
 
Posts: 67
Joined: Fri Jan 04, 2008 11:57 pm
Location: WA, USA

Re: Howto install LMDE with LVM (with or without encryption)

Postby petaramesh on Mon Apr 16, 2012 4:19 am

Some additional info :

Installing as told in this excellent tutorial will install an US-english system ;

Should you want another language/location system, while in the chroot and before rebooting, perform the following commands as root :

Code: Select all
dpkg-reconfigure keyboard-configuration
dpkg-reconfigure console-setup
dpkg-reconfigure locales
dpkg-reconfigure tzdata
dpkg-reconfigure keyboard-configuration
update-initramfs -u
petaramesh
Level 1
Level 1
 
Posts: 8
Joined: Thu Dec 29, 2011 4:49 am

Re: Howto install LMDE with LVM (with or without encryption)

Postby melbo on Sat Apr 28, 2012 10:58 pm

With enrypted LVM, can you install a /home directory that spans across an SSD and a second HDD?

Thinking of using the remainder of an SSD for /home but then letting it span to the second platter... If this is set up, will LVM write to the SSD portion first and then spill into the HDD?
melbo
Level 2
Level 2
 
Posts: 67
Joined: Fri Jan 04, 2008 11:57 pm
Location: WA, USA

Re: Howto install LMDE with LVM (with or without encryption)

Postby gothmog123 on Mon Apr 30, 2012 11:40 am

Guys, sorry to interject, is it possible to use this guide:

http://stolowski.blogspot.com/2011/06/d ... ition.html

to encrypt my home partition on LMDE Cinnamon? I do have a separate unencrypted home partition.

Thanks
running LMDE MATE 201204
gothmog123
Level 1
Level 1
 
Posts: 28
Joined: Tue Apr 26, 2011 12:59 pm

Re: Howto install LMDE with LVM (with or without encryption)

Postby powerhouse on Thu May 03, 2012 4:53 am

Thanks for providing this tutorial. It eventually worked for me, with some minor alterations:

1. Downloaded LMDE 12 Mate/Cinnamon 201204 64 bit release
2. Created live USB stick (on my old Linux machine)
3. Instead of installing directly onto disk, I installed the LMDE as a VM in Virtualbox - see this link http://www.netzgewitter.com/2011/09/how-to-install-linux-mint-debian-edition-lmde-on-an-encrypted-hard-drive/
4. So far so good. Here is the important stuff:

a. After the install on disk/LVM, Synaptic would exit with segmentation fault. Issuing

apt-get clean

fixed the issue.

b. dpkg-reconfigure grub-pc didn't work and messed up the install. I used the following method mentioned in this thread:

update-grub ## this is how I always update the grub.cfg
grub-install /dev/sdX ## and install it

c. /etc/gdm3/daemon.conf is not available on my install - seems like Mate isn't using this. By following the procedure mentioned under 3. I got a completely installed system with my account settings, as well as all the locale stuff, time/date etc. There is no need to edit the /gdm3/daemon.conf or similar file.

d. Since I was installing on a new system with plenty of RAM (32 gig), the only thing I needed was a live USB stick and a USB stick with the iso file of the distribution (for the Virtualbox install). I created a tmpfs with 10 gig in RAM and installed the VM onto the RAM tmpfs.

e. Since I use an SSD for /, /boot, and /home, I modified the fstab according to the following suggestions:

http://www.howtogeek.com/62761/how-to-tweak-your-ssd-in-ubuntu-for-better-performance/

There is a lot of stuff on SSD and performance / longevity tweaks on the Internet, I hope I picked the right one.

Thanks for the tutorial and pointing me in the right direction. P.S.: I don't use encryption, only LVM.
Asus Sabertooth X79, i7 3930K CPU, 8x4GB Kingston DDR3 RAM, Noctua NH-D14 CPU cooler, Sapphire 7770 GPU, PNY Quadro 2000 GPU, Asus Xonar Essence STX, Sandisk Extreme 120GB SSD + various HD, Corsair 500R case, SeaSonic 660W Gold X PS
powerhouse
Level 5
Level 5
 
Posts: 641
Joined: Thu May 03, 2012 3:54 am

Re: Howto install LMDE with LVM (with or without encryption)

Postby powerhouse on Tue May 08, 2012 6:24 am

Some remarks to my previous post:

While the system booted Ok, I had some minor problems later on, for example synaptic would only start via terminal and sudo -i or -s. Could have been a sudoers issue with permissions.

I installed some other stuff (Xen and Nvidia proprietary driver) and got some complications running the Xen kernel with GUI. Following that I tried Fedora 16 and 17 - what a nightmare !!! - since my ultimate goal was to get VGA passthrough in Xen and I tried the tutorial on http://www.overclock.net/t/1205216/guide-create-a-gaming-virtual-machine which uses Fedora 16.

Now I've started over again with LMDE 12, this time directly installing onto the SSD without LVM. I then installed LVM2 and prepared some LVs for / and /home.

My intention is to copy both / and /home into the LVs (from within the LMDE live USB) and adjust the grub and fstab files to reflect the changes, then reinstall grub and hope it works.

Has anyone done that before, that is copy a root file system onto an LVM and reinstalling grub2?

In essence this would be moving a regular install onto LVM2. Any help is appreciated as I hate to go through the entire install once again.
Asus Sabertooth X79, i7 3930K CPU, 8x4GB Kingston DDR3 RAM, Noctua NH-D14 CPU cooler, Sapphire 7770 GPU, PNY Quadro 2000 GPU, Asus Xonar Essence STX, Sandisk Extreme 120GB SSD + various HD, Corsair 500R case, SeaSonic 660W Gold X PS
powerhouse
Level 5
Level 5
 
Posts: 641
Joined: Thu May 03, 2012 3:54 am

Re: Howto install LMDE with LVM (with or without encryption)

Postby Pepas on Tue May 08, 2012 12:22 pm

@powerhouse
That approach should work. You will need to chroot in to properly setup grub.
User avatar
Pepas
Level 1
Level 1
 
Posts: 35
Joined: Mon Jan 24, 2011 10:18 am

Re: Howto install LMDE with LVM (with or without encryption)

Postby powerhouse on Thu May 10, 2012 11:14 am

Pepas wrote:@powerhouse
That approach should work. You will need to chroot in to properly setup grub.


Thanks Pepas. I hope to make it work sometime during the weekend. First I need to solve some Xen-related issues.
Asus Sabertooth X79, i7 3930K CPU, 8x4GB Kingston DDR3 RAM, Noctua NH-D14 CPU cooler, Sapphire 7770 GPU, PNY Quadro 2000 GPU, Asus Xonar Essence STX, Sandisk Extreme 120GB SSD + various HD, Corsair 500R case, SeaSonic 660W Gold X PS
powerhouse
Level 5
Level 5
 
Posts: 641
Joined: Thu May 03, 2012 3:54 am

Re: Howto install LMDE with LVM (with or without encryption)

Postby AngryRooster on Sat May 26, 2012 1:52 am

Has anyone been able to get this to work since the 201204 iso was released? Something has changed and I don't know what. I had it working with no problems with the previous iso but continue to get errors this time. I even tried to use the older iso and get the same failures each time on several different laptops where it worked before.
AngryRooster
Level 1
Level 1
 
Posts: 1
Joined: Mon Feb 27, 2012 11:22 am

Re: Howto install LMDE with LVM (with or without encryption)

Postby powerhouse on Sat May 26, 2012 5:37 am

@angryrooster: I don't know how far you got. One of the things that is different from this how-to is that the new LMDE doesn't use gmd3.conf but mdm instead. The entry is the same, though.

I went through numerous installations of Fedora16/17, LMDE 201204 and now LM13. I did manage to install LMDE 201204 using this how-to, but it somehow got messed up since I didn't edit the mdm file.

I'm now trying a different approach:

1. Boot with live USB (I made it UEFI bootable, but it will most likely be easier to have an MBR disk format).
2. Install LVM2 and gnome-disk-util (this can handle LVM drives as well).
3. Format the disk to gpt with EFI or MBR - I failed to make it work with UEFI, though, because grub-efi wouldn't load the kernel and hang. Could be grub bug. I am trying now ELILO as EFI bootloader.
4. Create the partitions with /boot/efi vfat32 for UEFI (if you want to give it a try), /boot ext2 partition, and / and /home as LVMs in VG vol1 (or your name of choice).
5. After you created the partitions and LVs, you can run the installer. Choose the custom disk option (not the erase disk option). It will recognize the LVs (if not, exit the installer and mount them).
6. After the installation, DON'T reboot!
7. Mount all partitions under /mnt (i.e. /dev/mapper/vol1-root under /mnt, /dev/sda2 as /boot (sda2 is my ext2 /boot partition), /dev/sda1 (my EFI vfat partition) under /boot/efi, and /dev/mapper/vol1-home under /mnt/home. You will need to mkdir /mnt/home /mnt/boot /mnt/boot/efi.
8. See the above instructions (in another post) on how to mount and chroot to /mnt.
9. Follow the above how-to instructions for encryption, LVM and grub. Don't forget to install LVM2 again - this time it should install on your hard drive.
10. Don't use the steps for deleting the mint user.
11. Finally, check the /boot/grub/grub.cfg (or .conf file) and see if it looks OK. Pay particular attention to the UUIDs. Mine got screwed up at the first UUID reference were it used a UUID I couldn't locate. Use blkid to see your UUID mappings.
12. Since I was trying to get UEFI work with grub, my installation failed at booting the kernel. I CAN'T VOUCH THAT THIS WILL WORK !!!

What I did get:

- All system files were installed and the user created with his/her home directory. / and /home is on LVM.
- A recognizable UEFI partition that my motherboard (Asus Sabertooth X79) accesses during boot.
- I get an efidisk: read error when booting - this may be a grub issue with UEFI. I will try ELILO as bootloader to see if this works. If not, I'll have to do it all over again and use MBR or GPT-BIOS instead of UEFI.

Let me know if anyone tried my approach, or if the approach cannot work for one reason or another. I don't really see why it shouldn't work, and the advantage is that it creates the user and everything should be ready and in place.
Asus Sabertooth X79, i7 3930K CPU, 8x4GB Kingston DDR3 RAM, Noctua NH-D14 CPU cooler, Sapphire 7770 GPU, PNY Quadro 2000 GPU, Asus Xonar Essence STX, Sandisk Extreme 120GB SSD + various HD, Corsair 500R case, SeaSonic 660W Gold X PS
powerhouse
Level 5
Level 5
 
Posts: 641
Joined: Thu May 03, 2012 3:54 am

Re: Howto install LMDE with LVM (with or without encryption)

Postby 1986 on Sun Jul 15, 2012 5:11 pm

how can I do unencrypted boot on USB, and full encrypted HDD then? because I wanna boot system from USB
1986
Level 1
Level 1
 
Posts: 5
Joined: Sun Jul 15, 2012 12:41 pm

Re: Howto install LMDE with LVM (with or without encryption)

Postby powerhouse on Tue Jul 17, 2012 4:55 am

1986 wrote:how can I do unencrypted boot on USB, and full encrypted HDD then? because I wanna boot system from USB


Have a look at the application "cryptkeeper". It's a tray applet that allows you to create and access encrypted folders. These folders are then hidden and can only be accessed via the cryptkeeper applet using a password.

Perhaps this is a simpler way of achieving what you are looking for?
Asus Sabertooth X79, i7 3930K CPU, 8x4GB Kingston DDR3 RAM, Noctua NH-D14 CPU cooler, Sapphire 7770 GPU, PNY Quadro 2000 GPU, Asus Xonar Essence STX, Sandisk Extreme 120GB SSD + various HD, Corsair 500R case, SeaSonic 660W Gold X PS
powerhouse
Level 5
Level 5
 
Posts: 641
Joined: Thu May 03, 2012 3:54 am

Re: Howto install LMDE with LVM (with or without encryption)

Postby powerhouse on Sat Jul 21, 2012 5:19 am

For those who are interested, I have written a how-to to install Linux Mint 13 Maya with UEFI boot on LVM:

http://forums.linuxmint.com/viewtopic.php?f=46&t=107620 - follow the thread to the bottom of page 1!

I need the help of the community to verify my procedure.

I haven't tried it with LMDE, though. I was hoping that someone could modify it to work with LMDE.
Asus Sabertooth X79, i7 3930K CPU, 8x4GB Kingston DDR3 RAM, Noctua NH-D14 CPU cooler, Sapphire 7770 GPU, PNY Quadro 2000 GPU, Asus Xonar Essence STX, Sandisk Extreme 120GB SSD + various HD, Corsair 500R case, SeaSonic 660W Gold X PS
powerhouse
Level 5
Level 5
 
Posts: 641
Joined: Thu May 03, 2012 3:54 am

Re: Howto install LMDE with LVM (with or without encryption)

Postby powerhouse on Sat Sep 01, 2012 7:23 am

Found this manual for encrypted LVM installation on Ubuntu, as well as a script that could be easily modified to run on Linux Mint:

Manual: http://blog.andreas-haerter.com/2011/06/18/ubuntu-full-disk-encryption-lvm-luks

Script (source): http://blog.andreas-haerter.com/2011/06/18/ubuntu-full-disk-encryption-lvm-luks.sh

The above is also referenced here: http://community.linuxmint.com/tutorial/view/344

The script uses the Ubuntu ubiquity installer which would need to be changed to work with Linux Mint.

Perhaps someone cares to produce a modified version for Linux Mint?
Asus Sabertooth X79, i7 3930K CPU, 8x4GB Kingston DDR3 RAM, Noctua NH-D14 CPU cooler, Sapphire 7770 GPU, PNY Quadro 2000 GPU, Asus Xonar Essence STX, Sandisk Extreme 120GB SSD + various HD, Corsair 500R case, SeaSonic 660W Gold X PS
powerhouse
Level 5
Level 5
 
Posts: 641
Joined: Thu May 03, 2012 3:54 am

Translated to German

Postby kvbx on Thu Dec 06, 2012 11:02 am

Hi, I updated the how-to, added screenshots and translated it to German. You can find it here: https://kvbx.de/lmde-installation/.

Hi, ich habe das How-To aktualisiert, Screenshots hinzugefügt und übersetzt. Du findest es hier: https://kvbx.de/lmde-installation/.

Thank you very much for your work.

Cheers, Kevin
kvbx
Level 1
Level 1
 
Posts: 2
Joined: Thu Dec 06, 2012 10:52 am

Re: Howto install LMDE with LVM (with or without encryption)

Postby ztact on Sun Apr 14, 2013 10:24 pm

I mostly followed the above instructions to install LMDE 201303 onto an encrypted disk, but without LVM.

I was successful installing onto a hard drive at /dev/sda, but when I tried to install onto an encrypted USB drive or SD card, the boot would fail.

The reason for the failure is that the device location of USB drives and SD cards can change from system to system and boot to boot. (Actually, the location of hard drives can change as well, but that may happen less frequently.)

Anyway, to fix the problem, I rewrote /etc/crypttab to use UUID's rather than device paths. After doing that (and rebuilding initramfs and rerunning grub), my USB drives and SD cards would boot and successfully mount the encrypted root partition.

More details are here:
http://ztact.com/2013/04/evms_activate

I also wrote a Makefile that performs the encrypted installation in a semi-automatic manner:
http://ztact.com/2013/04/mint_install
ztact
Level 1
Level 1
 
Posts: 4
Joined: Sat Apr 13, 2013 10:14 pm

Linux Mint is funded by ads and donations.
 
PreviousNext

Return to Tutorials / Howtos

Who is online

Users browsing this forum: No registered users and 1 guest