Howto install LMDE with LVM (with or without encryption)

Write tutorials here
More tutorials here http://community.linuxmint.com/tutorial/welcome
Forum rules
Do not start a support topic here please, Before you post please read this

Re: Howto install LMDE with LVM (with or without encryption)

Postby Pepas on Thu Apr 18, 2013 3:50 am

Loved the idea of a Makefile to do this. So I adapted ztact's Makefile (which doesn't do full encryption on lvm2) and made it work for luks encrypted lvm2 partitions, so you get your swap and data partitions encrypted too: http://j.mp/makelmde
It works for both the Mate and the Cinnamon 32bit editions (64bit editions not tested).
"This Makefile will result in a working install of Linux Mint Debian Edition edition (version 201303) on a luks encrypted lvm2 partition with root, swap and data filesystem"

Instructions:

1. Boot the Live environment of LMDE 201303

2. Open a Terminal (Menu, Terminal) and enter:
Code: Select all
sudo -i
mkdir make
cd make
wget j.mp/makelmde
mv makelmde Makefile
nano Makefile

3. Adapt the SETTINGS section in the Makefile, for instance like this:
Code: Select all
boot_device=/dev/sda1
crypt_device=/dev/sda2
grub_device=/dev/sda
username=me
hostname=mine

4. Partition the drive, for instance (taking up all space):
Code: Select all
fdisk /dev/sda
o
n
   [Enter]
   [Enter]
   [Enter]
+128M
n
   [Enter]
   [Enter]
   [Enter]
   [Enter]
w

(This is making a 128 MB boot partition, and giving the rest to the encrypted lvm2)

5. Start the Makefile by doing:
Code: Select all
make all

6. Answer the questions as they come up:
- password for encryption (twice the same)
- password for decryption (same again)
- password for user, and some irrelevant info
- about the keyboard
- about the timezone

And that's it!
Last edited by Pepas on Fri May 03, 2013 2:43 am, edited 2 times in total.
User avatar
Pepas
Level 1
Level 1
 
Posts: 35
Joined: Mon Jan 24, 2011 10:18 am

Linux Mint is funded by ads and donations.
 

Re: Howto install LMDE with LVM (with or without encryption)

Postby carina on Sat Apr 20, 2013 6:22 am

Thank you Pepas!

I wonder, why is encryption not enabled by default? Or, at least, why is it not implemented in the installer for us laptop users :mrgreen:
I write kind of a diary, you know!?!1
User avatar
carina
Level 1
Level 1
 
Posts: 5
Joined: Tue Apr 16, 2013 3:03 pm

Re: Howto install LMDE with LVM (with or without encryption)

Postby Pepas on Mon Apr 22, 2013 11:15 am

I think an encrypted home partition is supported, which might be sufficient for home users, but the above method encrypts the OS, the swap partition and optionally a data/home partition, so it is much more secure.
User avatar
Pepas
Level 1
Level 1
 
Posts: 35
Joined: Mon Jan 24, 2011 10:18 am

Re: Howto install LMDE with LVM (with or without encryption)

Postby carina on Sat Apr 27, 2013 6:13 pm

Sure, why not encrypt all the things!? ;-)

OT (scnr)

At the moment I play with Kali and I must say, they put a great installation routine together. Encryption of the whole disk is supported and it is only one click farther away as the unencrypted installation. I'm no developer, I can't port that. :?

Every evening when I watch the news, I see dictators, social networks and (even european) countries spying on their own people. We let it happend that encryption, information self-defence, is only achievable by some geeks...

If LM don't want to provide (the possibility of) encryption it looks like we don't want/need/like people who are in worse situations like we are. I don't want to say that this is a discrimination of non-tech-people. Just think about a girl who gets spied on by her creepy uncle who wants her last beach holiday pictures. Or a journalist who happens to tap in a big food scandal, or a manager loses his private laptop with some business data, ... The worst thing of a half-encryption is not the lost data but the false assumption about security. Just buy a used smartphone and follow a forensic tutorial from the internet - you can have fun for weeks.

I see the same false sense of security at the download section of the LM isos. We just get an md5sum which helps for completeness, but not for integrity. I smell Windows: by using some virus scan-snake oil we pretend that the system is safe :mrgreen: How about a gpg signature, it could be provided quite easily.

Pepas, I'm not saying this to you, as your Makefile is what we need more of :wink: I'm just sad to see what wonderful ideas are realised by the LM community and then they forgot to implement the most basic security.

Cheers mate, keep up the good work!! :)
User avatar
carina
Level 1
Level 1
 
Posts: 5
Joined: Tue Apr 16, 2013 3:03 pm

Re: Howto install LMDE with LVM (with or without encryption)

Postby vakinn on Mon Jun 03, 2013 4:03 pm

powerhouse wrote:
1986 wrote:how can I do unencrypted boot on USB, and full encrypted HDD then? because I wanna boot system from USB


Have a look at the application "cryptkeeper". It's a tray applet that allows you to create and access encrypted folders. These folders are then hidden and can only be accessed via the cryptkeeper applet using a password.

Perhaps this is a simpler way of achieving what you are looking for?

I'm looking for the same thing that 1986 is looking for. Cryptkeeper will not do. In an episode of Hak5, int0x80 explains how to do it with BackTrack 5. However, I'd like this same thing but with LMDE. Also, I'm wondering about the first commands given by OP that install the tools. Where are they installed? Do I need a live USB rather than a DVD?
vakinn
Level 1
Level 1
 
Posts: 19
Joined: Mon Jun 03, 2013 3:29 pm

Re: Howto install LMDE with LVM (with or without encryption)

Postby Pepas on Mon Jun 03, 2013 4:42 pm

Totally encrypted drive and /boot on USB stick: I think you can just use the Makefile with root_device=/dev/sdb1 (or whatever) and grub_device=/dev/sdb
User avatar
Pepas
Level 1
Level 1
 
Posts: 35
Joined: Mon Jan 24, 2011 10:18 am

Re: Howto install LMDE with LVM (with or without encryption)

Postby karlzap on Sun Dec 01, 2013 12:18 pm

Pepas wrote:Loved the idea of a Makefile to do this. So I adapted ztact's Makefile (which doesn't do full encryption on lvm2) and made it work for luks encrypted lvm2 partitions, so you get your swap and data partitions encrypted too: http://j.mp/makelmde
It works for both the Mate and the Cinnamon 32bit editions (64bit editions not tested).

That link is bad. All I get is "connection refused". :(
karlzap
Level 1
Level 1
 
Posts: 6
Joined: Fri Nov 22, 2013 6:56 pm

Re: Howto install LMDE with LVM (with or without encryption)

Postby gryphon on Mon Dec 02, 2013 2:04 am

karlzap wrote:That link is bad. All I get is "connection refused". :(


It works fine here. Anyway I uploaded it to pastebin just to be sure: http://pastebin.com/raw.php?i=VF9WDnra

carina wrote:How about a gpg signature, it could be provided quite easily.


Secure apt can validate downloaded packages: https://wiki.debian.org/SecureApt

Btw, to manage encrypted directories you can use GEncFsM instead of the old Cryptkeeper: http://www.libertyzero.com/GEncfsM/
User avatar
gryphon
Level 1
Level 1
 
Posts: 31
Joined: Fri Nov 01, 2013 12:05 pm

Re: Howto install LMDE with LVM (with or without encryption)

Postby hkarn on Sat Jan 11, 2014 5:13 pm

Is this guide still valid?

I run into problems at
lvcreate -n lmdb -L 10G volumes

/dev/volumes/lmde: not found: device not cleared
Aborting. Failed to wipe start of new LV.

If I add -Z n it works but I get a warning about zeroing being skipped.

Then I get suck on mkswap just after where it cant find /dev/volumes/swap

It is listed with lvdisplay.
hkarn
Level 1
Level 1
 
Posts: 6
Joined: Fri Mar 30, 2012 3:59 pm

Re: Howto install LMDE with LVM (with or without encryption)

Postby hkarn on Tue Jan 14, 2014 8:35 am

Thank you Papas!!
Tied every guide for installing LMDE with full-disk encryption out there, your makefile finally worked.

... but it breaks down completley after running the upgrades. Ohh well back to LM16 :(
hkarn
Level 1
Level 1
 
Posts: 6
Joined: Fri Mar 30, 2012 3:59 pm

Re: Howto install LMDE with LVM (with or without encryption)

Postby Pepas on Mon Mar 03, 2014 3:36 pm

hkarn wrote:your makefile finally worked.
... but it breaks down completley after running the upgrades.


What in the install is breaking down?? I've never seen or heard of this.
User avatar
Pepas
Level 1
Level 1
 
Posts: 35
Joined: Mon Jan 24, 2011 10:18 am

Install LMDE with luks encrypted LVM using Makefile

Postby Pepas on Mon Mar 03, 2014 5:00 pm

Upgraded the Makefile to work with LMDE 201403 as well.
It works for both the Mate and the Cinnamon 32bit and 64bit editions

Makefile: http://j.mp/makelmde
"This Makefile will result in a working install of Linux Mint Debian Edition edition (version 201303 or 201403) on a luks encrypted lvm2 partition with root, swap and data filesystem"

Instructions:

1. Boot the Live environment of LMDE 201303 or 201403

2. Open a Terminal (Menu, Terminal) and enter:
Code: Select all
sudo -i
wget j.mp/makelmde
mv makelmde Makefile

3. If needed, adapt the SETTINGS section in the Makefile:
Code: Select all
nano Makefile

4. Partition the drive, for instance (taking up all space):
Code: Select all
fdisk /dev/sda
o [Enter]
n [Enter]
   [Enter]
   [Enter]
   [Enter]
+128M [Enter]
n [Enter]
   [Enter]
   [Enter]
   [Enter]
   [Enter]
w [Enter]

(This is making a 128 MB boot partition, and giving the rest to the encrypted lvm2)

5. Start the Makefile by doing:
Code: Select all
make all

6. Answer the questions as they come up:
- password for encryption (twice the same)
- password for decryption (same again)
Then after a wait for all the preparations to have happened:
- password for user, and some irrelevant info
- about the keyboard
- about the timezone

And that's it!
User avatar
Pepas
Level 1
Level 1
 
Posts: 35
Joined: Mon Jan 24, 2011 10:18 am

Re: Howto install LMDE with LVM (with or without encryption)

Postby hkarn on Sat Apr 19, 2014 7:49 am

I get an error after typing make all the console returns. 201403 I didn't open the makefile.

Makefile:2: *** missing separator. Stop.

edit: So I tried just commenting out the set line. Get the same error on line 138 instead also. With 2nd line commented out ... 151 after commenting that out.
Seems to be a lot of malformed separators in this version...
hkarn
Level 1
Level 1
 
Posts: 6
Joined: Fri Mar 30, 2012 3:59 pm

Re: Howto install LMDE with LVM (with or without encryption)

Postby Pepas on Sat Apr 19, 2014 1:08 pm

hkarn wrote:Seems to be a lot of malformed separators in this version...


Sorry hkarn, Dropbox-links got messed up again; you got the bash-script (which is better, but can't be called with make). I think (I hope) I fixed it for good now.
User avatar
Pepas
Level 1
Level 1
 
Posts: 35
Joined: Mon Jan 24, 2011 10:18 am

install LMDE && LVM2 && LUKS

Postby TomRoche on Thu Apr 24, 2014 8:22 pm

Note I have a git repo here. It should be considerably more reliable than dropbox :-) but unfortunately it currently (on branch=`master`) only supports LVM2 && LUKS, i.e., not LVM2 && !LUKS. It has a branch=`support_LVM2_without_LUKS` for LVM2 && !LUKS, but I don't have that working yet. Feel free to fork and += pull request!

The main difference (other than ease of access, history, and the other goodnesses of an online DVCS) between PePas' excellent code and current code in the repo (which forks PePas) is, my code separates the usual user-set properties into a separate properties file (e.g., this). The hope is, folks won't hafta touch the main script (except to improve it!) and can just attach or link to their properties file in case of problems.

(The main difference between our documentation is, I have some :-)
TomRoche
Level 3
Level 3
 
Posts: 178
Joined: Thu Jan 13, 2011 2:52 pm

Linux Mint is funded by ads and donations.
 
Previous

Return to Tutorials

Who is online

Users browsing this forum: No registered users and 4 guests