[Solved] Problem With Full Disk Encryption Using System, Swap & Home Partitions

Questions about Grub, UEFI,the liveCD and the installer
Forum rules
Before you post please read how to get help
Post Reply
educatedidiot
Level 1
Level 1
Posts: 17
Joined: Thu Aug 27, 2015 1:56 am

[Solved] Problem With Full Disk Encryption Using System, Swap & Home Partitions

Post by educatedidiot » Fri Feb 09, 2018 5:21 pm

Hello,

Installing Mint 18.2, 64bit, I'm trying to get full disk encryption with separate system, swap, and home partitions. The reason is that I want to keep my system partition small, so that my system clone backups won't take up a ton of storage space, or take forever to run. The data on the home partition could then be backed up simply as data; the partition itself wouldn't have to be saved. I realize that I could use TimeShift to do system backups, but quite frankly I do not fully trust anything but direct cloning for that purpose.

I've tried the tutorial found here: http://linuxbsdos.com/2014/01/16/manual ... x-mint-16/, which describes a way to do this using Ubiquity, the live disc installer.

I want to keep this short, but I think I have to give the procedure I actually used, as I understood from the tutorial:
1) At installation options, choose Something Else
2) Select main HD (in my case, /dev/sda) and click New Partition Table.
3) Make a boot partition: Select (click on) Free Space, click the + button, and choose Size = 500MB, Type = Primary, Use As = ext2, Mount Point = /boot. Click OK.
4) Make a root (system) partition: Select Free Space, click the + button, and choose Size = 12000MB, Type = Logical, Use As = physical volume for encryption, enter passphrase. Leave Mount Point unchosen. Click OK.
5) Make a swap partition: Select the Free Space, click the + button, and choose Size = 3000MB, Type = Logical, Use As = physical volume for encryption, enter passphrase. Mount Point is again not chosen. Click OK.
6) Make a home partition: Select the Free Space, click the + button, and choose Size = all remaining space, Type = Logical, Use As = physical volume for encryption, enter passphrase. Mount Point is not chosen. Click OK.
7) Assign mount points:
a) At top of partition table, select /dev/mapper/sda5_crypt. (There are two; choose the one underneath that shows the size as 12GB. This will be the system partition.) Double click, and choose Use As = ext4, Format, Mount Point = /. Click OK.
b) I am now back in the Partition Table. Select and double click /dev/mapper/sda6_crypt (the one that shows its size as 3GB. This will be the swap partition). Double click, and choose Use As = swap. Click OK.
c) Back in the Partition Table. Select and double click /dev/mapper/sda7_crypt (the one that shows its size as all remaining disk space. This will be the home partition). Double click, and choose Use As = ext4, Format, Mount Point = /home. Click OK.
Note: In creating all partitions, the Location chosen was always the default: Beginning Of This (Free) Space.
Lastly, clicked on Device For Bootloader Installation, and chose the 500MB partition that was already made as /boot (in my case was /dev/sda1).

Here is a screenshot of what things looked like before clicking the Install Now button:
Image

The User Name, etc. dialogue came up, then the Time Zone selection dialogue, but soon after also this message: "Attempt to mount file system at /sda5_crypt failed". The options are given to Go Back, or Continue. Doing the latter results in the installation stalling soon after, while it is trying to set up /sda7_crypt (the home partition).
Repartitioning to a single partition using gparted, and redoing the whole install process, but choosing Go Back instead of Continue, brings me to the installation options menu, and choosing Something Else again gets me back into the Partition Table dialogue. However, the /dev/mapper/sda5_crypt (system and root) partition is not visible in the list any more (although it IS seen in the list of partitions shown when you click on the Device For Bootloader Installation). Further, all partitions can be selected, but none can be changed.

I again repartitioned to a single partition using gparted, and redid the whole install process. This time, when shown "Attempt to mount file system at /sda5_crypt failed", I opened a terminal and tried to manually mount it. I tried sudo mount /sda5, sudo mount /dev/sda5, sudo mount /dev/sda5_crypt, sudo mount /dev/mapper/sda5_crypt. All returned a message "can't find in /etc/fstab".

Does anybody have any ideas what I'm doing wrong?
Last edited by educatedidiot on Mon Feb 19, 2018 2:10 am, edited 1 time in total.

User avatar
WharfRat
Level 20
Level 20
Posts: 10596
Joined: Thu Apr 07, 2011 8:15 pm

Re: Problem With Full Disk Encryption Using System, Swap & Home Partitions

Post by WharfRat » Fri Feb 09, 2018 8:31 pm

This looks like more of a headache than it's worth and I don't know what caused the "Attempt to mount file system at /sda5_crypt failed" error, but the boot loader should be installed to /dev/sda not /dev/sda1
Image ImageImage

educatedidiot
Level 1
Level 1
Posts: 17
Joined: Thu Aug 27, 2015 1:56 am

Re: Problem With Full Disk Encryption Using System, Swap & Home Partitions

Post by educatedidiot » Sat Feb 10, 2018 2:29 am

We all seek out our own kind of trouble, usually to avoid another kind of trouble :wink:
We all have to educate ourselves as to the options, then choose according to personal circumstances and preferences.
I'm seeking out full, disk level encryption because I simply don't believe that home folder or other file/folder level encryption is good enough for my purposes. I believe the forensic tools to examine temporary, swap and other files so as to crack file/folder level encryption are available to and usable by a lot more people than just government intelligence employees.
I'm looking for separate system and home partitions to avoid the troubles mentioned. I do use Time Shift, but I have seen enough cases in this forum of people being unable to restore from Time Shift backups so that I don't think I should entirely rely on it. Nothing against Time Shift in particular. I've had problems with other similar programs. A full reinstall of a busted Mint system is certainly WAY easier than doing the same on a Windows system, but it will still take at least a week of work to do so. I WILL have system backups, and they will be as trustworthy as possible. I can't just clone an entire 750GB disk every time I need a system backup; don't have enough or big enough external drives. Plus a backup would take a couple of days to run.
All things considered, I am willing to take on a LOT of trouble to avoid these troubles.

Thanks for the tip on the boot partition. That is certainly a necessary thing to know!

educatedidiot
Level 1
Level 1
Posts: 17
Joined: Thu Aug 27, 2015 1:56 am

Re: Problem With Full Disk Encryption Using System, Swap & Home Partitions

Post by educatedidiot » Mon Feb 12, 2018 8:52 pm

I have thought of a workaround plan, and would like opinions as to whether it will work or not.

The idea is:
1) Boot into Ubiquity installer (Live Mint disc).
2) Under install options, choose disk encryption with LVM.
3) This install makes root and swap partitions (and I assume a boot partition, although that isn't mentioned); there are no sub-options. Go ahead and complete standard install of encrypted LVM as such.
Now what follows is what I am unsure of. I understand that with LVM you can resize, add or remove partitions. So I'm thinking I can...
4) After the encrypted LVM install, boot into the system with my passphrase, then use gparted to resize the root (system) partition to 12GB.
5) Add a new partition using most of the available disk space.
6) Move the home folder from the root partition to this new partition.

It would seem then I have everything I want: Full disk encryption (that moreover requires entering a passphrase only once), a root partition that is small, and so can be quickly cloned for system backups, and won't take up much storage space, a separated home folder that can be separately backed up simply as data.

Assuming this works in principle, when I move the home folder, will the system and home "see" each other as normal?

User avatar
catweazel
Level 12
Level 12
Posts: 4179
Joined: Fri Oct 12, 2012 9:44 pm
Location: Australian Antarctic Territory

Re: Problem With Full Disk Encryption Using System, Swap & Home Partitions

Post by catweazel » Mon Feb 12, 2018 9:01 pm

educatedidiot wrote:
Mon Feb 12, 2018 8:52 pm
Assuming this works in principle, when I move the home folder, will the system and home "see" each other as normal?
@WharfRat was being diplomatic when he said 'This looks like more of a headache than it's worth'. I'm not known for being backward in coming forward so I'll state it plainly for you. If you can't figure out encryption on your own then you shouldn't be using it. You're headed for disaster otherwise, then you'll want help in recovering the unrecoverable when it all breaks merely because an errant cosmic particle flipped a single bit in RAM, or your neighbour's dilapidated old refrigerator turned on at the wrong time and sent a noisy electrical spike down the line at your machine.

Perhaps you might consider experimenting on an old, spare machine. Borrow one if necessary.

No offense whatsoever intended.

PS: There are alternatives for keeping your sekrit stuff from prying eyes. VeraCrypt, for example.
There is no spoon.

educatedidiot
Level 1
Level 1
Posts: 17
Joined: Thu Aug 27, 2015 1:56 am

Re: Problem With Full Disk Encryption Using System, Swap & Home Partitions

Post by educatedidiot » Mon Feb 12, 2018 11:16 pm

No offense whatsoever taken.

Actually, my previous post was inadvisable. I should have recalled that encrypted partitions cannot be resized in gparted -- at least by any method I presently know. I am sorry I have taken up your time by provoking an unnecessary response.
In any case, it is clear that I will, as you say, have to figure it out by myself. So, back to the research.

User avatar
catweazel
Level 12
Level 12
Posts: 4179
Joined: Fri Oct 12, 2012 9:44 pm
Location: Australian Antarctic Territory

Re: Problem With Full Disk Encryption Using System, Swap & Home Partitions

Post by catweazel » Mon Feb 12, 2018 11:20 pm

educatedidiot wrote:
Mon Feb 12, 2018 11:16 pm
I am sorry I have taken up your time by provoking an unnecessary response.
It's absolutely not necessary to apologise. You learned something so it was worth the question. That's why were here in the Mint forums and not in the Arch linux forums :)
There is no spoon.

Mute Ant
Level 12
Level 12
Posts: 4457
Joined: Tue Sep 03, 2013 7:45 pm

Re: Problem With Full Disk Encryption Using System, Swap & Home Partitions

Post by Mute Ant » Wed Feb 14, 2018 10:38 am

"sudo mount /dev/mapper/sda5_crypt" -----> "can't find in /etc/fstab" possibly because you are not telling it where to mount it.

I solved this to my own satisfaction (no LVM) to make private+persistent live-session USB sticks. Encrypted copies of system folders are mounted on-top-of a plain-text running system...

o Plain-text Mint boots normally. No swap and a single 16GB partition is easy.

o A line in the plain-text /etc/crypttab prompts for a passphrase and unlocks a large LUKS container...
private /dev/sda4 none luks

o A line in the plain-text /etc/fstab mounts the unlocked container...
/dev/mapper/private /root ext4 rw 0 2

o More lines in the plain-text /etc/fstab mount private versions of folders on-top-of the running system...
/root/swap swap swap rw 0 0
/root/usr /usr ext4 bind 0 0
/root/var /var ext4 bind 0 0
/root/home /home ext4 bind 0 0

It's not widely advertised that fstab can do bind mounts like that.

Valuable clues here too...
https://wiki.archlinux.org/index.php/Dm ... ire_system

Some day I will try the grub-can-unlock-the-whole-drive option... not tonight Josephine.
The skills you need to produce a correct answer are exactly the skills you need to recognize a correct answer. The earth rotates 366.25 times about its own axis during a single year. Bananas are berries. The sun is a black body.

educatedidiot
Level 1
Level 1
Posts: 17
Joined: Thu Aug 27, 2015 1:56 am

Re: Problem With Full Disk Encryption Using System, Swap & Home Partitions

Post by educatedidiot » Fri Feb 16, 2018 7:55 pm

Well, this is moving along, but I have come to a point where you all may be able to help me cut to the chase, so I will ask for help again.

First, I tried a number of things to get Ubiquity to do what I wanted. Ubiquity's default partition types were given as: /boot = Primary, / = logical, swap = logical, /home = logical. Those were the ones I had used. I thought perhaps / was not being mounted for installation because it also had to be set as Primary. One internet voice claimed that on BIOS/MBR systems (like mine), this was necessary. That voice was contradicted by a couple of others, but I tried this anyway, and for the hell of it also tried numerous other combinations. No joy.

Second, it was said elsewhere: "If you do not setup an LVM for each of your partitions /usr /tmp and encrypt them, the installer will not realise the mount points have been set, and fail.” I didn't want separate partitions for /usr or /temp, but that gave me the idea to try something I found right here on the Mint forums: viewtopic.php?f=42&t=228836&p=1209652&h ... l#p1209652. This was authored by Mint Forums stalwart Laurent.

Of course, it was a routine meant for a much more complicated setup than I had in mind. I therefore abstracted from it a process tailored to my needs. It went as follows:

Three Major Steps
1) Prepare LUKS container and logical volumes
2) Install Mint using the live DVD/USB installer (Ubiquity)
3) Edit the encryption settings so that the machine will boot

Note: I am working on a new computer; complete fresh install.

Detailed Steps
1) Prepare LUKS container and logical volumes
  • a) Boot install DVD/USB. Open Terminal ((menu bar at bottom of screen, or ctl+alt+t), then type <sudo gparted>
    Make partitions
    i) sda1: size 500MB, type ext2, label=boot.
    ii) sda2: size 600GB, unformatted (clear). This will be a LUKS container for other logical partitions.
    Note: After making these, go to the menu, click on Partition, then Information, and note the designation that is actually given by gparted to the device. If the partitions are not listed as sda1 and sda2, but something else, use the actual device designation given by gparted; i.e., in the following instructions, replace sda1 and sda2 with whatever gparted gives you.
    iii) Leave the rest as free space. It will be available to other partitions to expand them in case of need.
      b) Open Terminal
      Type <sudo cryptsetup luksFormat /dev/sda2>
      You are asked to enter a passphrase twice. It's advisable to stick with the ASCII 7bit character set, as this is compatible with ASCII 8bit, UTF-8, and many other common sets, and will prevent the possibility of your computer “misunderstanding” your keyboard, and locking you out. Google ASCII 7bit for more info.
      Now type <sudo cryptsetup luksOpen /dev/sda2 luks1>
        c) Make this LUKS container an LVM (Logical Volume Management) primary volume.
        <sudo pvcreate /dev/mapper/luks1>
          d) Install the GUI version of the program Logical Volume Manager. (You must be connected to the internet).
          <apt update>
          <apt install system-config-lvm>
            e) Create a volume group and 3 logical volumes within the LUKS container.
            Note: The following is just a sketch of what was actually done. Laurent had posted a couple of images that showed what he did for his case, but these had expired, so I shot from the hip here and used LVM as common sense (if I have any) told me.
            i) Create a volume group for your luks1 container. Call it vg1 (or whatever).
            ii) Create logical volumes under this volume group:
            Name: root, size=12GB, type=ext4, mount, mountpoint= /
            Name: swap, size=3GB, type=none
            Name: home, size=XXXGB, type=ext4, mount, mountpoint= /home
            Left some space unallocated for possible future expansion.
          2) Install Mint 18.3 using the live DVD/USB installer (Ubiquity)
            a) Launch Ubiquity installer. Choose Something Else.
              b) The volume group you just created in LVM will show under sda2. Your unencrypted boot partition (sda1), and available free space, will also be there. Assign partitions and logical volumes:
              i) Double click on sda1 and set it as: mount point=/boot, type=ext2, format=yes
              ii) Double click on /dev/mapper/vg1-root and set it as: mount point=/, type=ext4, format=yes
              iii) Double click on /dev/mapper/vg1-swap and set as swap area.
              iv) Double click on /dev/mapper/vg1-home and set as: mount point=/home, type=ext4, format=yes.
              Set Device For Bootloader as /dev/sda
              Click Install.
              (The install completed smoothly. Finally got some joy!)
                c) When completed, click Continue Testing.

                3) Edit the encryption settings so that the machine will boot
                  a) Mount root logical volume: <sudo mount /dev/mapper/vg1-root /mnt>
                    b) Mount boot partition: <sudo mount /dev/sda /mnt/boot>
                      c) Mount special devices:
                      <sudo mount -bind /dev /mnt/dev>
                      <sudo chroot /mnt mount -t proc proc /proc>
                      <sudo chroot /mnt mount -t sysfs sysfs /sys
                      <sudo chroot /mnt mount -t devpts devpts /dev/pts

                      NB: No adjustments were made here to Laurent's procedure (since I wouldn't have a clue what adjustments would be necessary, if any).
                        d) Create crypttab file
                        <gksu xed /mnt/etc/crypttab>
                        When the text file opens, type:
                        # <target name> <source device> <key file> <options>
                        luks1 /dev/sda2 none luks
                        Save the file.

                        NB: As I understand, it should not make any difference, but I used spaces between the elements of the first line, and tabs between those of the second.
                          e) Update initrd
                          <sudo chroot /mnt update-initramfs -u>
                          Laurent's tutorial says to ignore any warnings. I did receive one (or two), but did not write them down (wish now I had).
                          It took a minute or so for a new prompt to come up, indicating the process was finished.

                          I rebooted without the boot disc. Everything seemed to go well; the Mint leaf with the moving dots underneath appeared, as it usually does just prior to showing you the prompt to enter your decryption key, and...stayed there. No big deal. It usually takes some time for that prompt to show. Then the hard drive light began to pulse in regular fashion, and the comp emitted soft chirps likewise. Not good. That's computerese for "I'm *trying* to understand what you're telling me, but it's making no freaking sense!"
                          Sure enough, the screen went black, and this showed up:
                          Busybox v1.22.1 (Ubuntu 1:1.22.0-15) built-in shell (ash)
                          Enter 'help' for a list of built-in commands
                          (initramfs)

                          I looked at the commands, saw nothing apparently useful, typed exit, which did not cause BusyBox to exit, then powered down by holding down the power button.
                          I did some research on this problem. I rebooted. As predicted by some, this time GRUB showed (though it had not before). I selected the Mint 18.3 op system (which was expectedly the only one available), and pressed Enter. The BusyBox screen came up again, I typed exit again. This time I got this message:
                          Gave up waiting for root device. Common problems:
                          - Boot args (cat /proc/cmdline)
                          - Check root delay= (did the system wait long enough?)
                          - Check root= (did the system wait for the right device?)
                          - Missing modules (cat /proc/modules: ls /dev)
                          Alert! /dev/mapper/vg1-root does not exist. Dropping to a shell!


                          Some internet sources suggest that a simple disk scan for errors would fix the problem. BusyBox does not list fsck among its tools, so...
                          Booted into the Live DVD again, ran <sudo lvmdiskscan>, returned:
                          /dev/loop0 1.74GB
                          /dev/sda1 500MB
                          /dev/sda2 585.94GB
                          0 disks
                          3 partitions
                          0 LVM physical volume whole disks
                          0 LVM physical volumes

                          Then ran fsck on all file systems
                          <sudo fsck -AV> returned "checking all file systems", then immediately dropped to a new prompt. Oh well.
                          sudo fsck /dev/sda1 returned "clean"
                          sudo fsck /dev/sda2 returned nothing
                          sudo fsck /dev/sda returned
                          e2fsck 1.42.13
                          ext2fs_open2: Bad magic number in super-block
                          est2fs.ext2: Super-block invalid, trying backup blocks
                          fsck.ext2: Bad magic number in super-block while trying to open /dev/sda


                          Then I rebooted into the hard drive.
                          To find all the drives and partitions which GRUB can look at to find an OS, at the GRUB menu, I typed 'c' to bring up a command prompt, and typed
                          ls
                          This returned
                          (hd0) (hd0, msdos2) (hd0, msdos1)
                          Typing <ls (hd0)>, and so for the others, gives:
                          (hd0): size of 732,574,584KiB (750GB). Sector size = 512B. No start point given. This is obviously the hard drive itself (the size is the size of my entire HD). File system listed as unknown, but I would expect that since the drive itself wouldn't have one.
                          (hd0, msdos1): starts at 1024KB, size of 512MB. File system is ext*. Obviously it's the sda1 boot partition.
                          (hd0, msdos2): starts at 513MB, and a size of 614400000KiB (630GB). Obviously it's the sda2 partition. File system listed as unknown.

                          So GRUB is not seeing the encrypted logical volume group, nor of course the root partition on it. That makes perfect sense, since on boot I never get a chance to enter the decryption key.

                          My hypothesis is that the problem is not a bad magic number in the superblock, but a mistake I made in Part 3 (since I made no adjustments to Laurent's formula), or maybe Part 1.
                          There are certainly people here that would know something about this -- especially Laurent himself, or Mute Ant. It seems stupid to keep digging away with a shovel if somebody has a backhoe.

                          Any ideas?

                          Oh, BTW, Mute Ant,
                          "sudo mount /dev/mapper/sda5_crypt" -----> "can't find in /etc/fstab" possibly because you are not telling it where to mount it."

                          Well, slap my forehead. Not being privy to Linux architecture, I had no clue. I don't often mount partitions through the command line. Would the command then be <sudo mount /dev/mapper/sda5_crypt /mnt/> ?
                          Even if I get the current installation fixed, I might well try that in the straight Ubiquity installer. If it works, it would be simpler, to say the least, and would be good for me and others to know. If not, I can always redo things the long way.
                          I'm thinking a tutorial on this is eventually going to be in order.
                          I've seen that archlinux page you linked to. Could be useful if no one spots what I've done wrong using the Laurent method.

                          Thanks all.

                          FreedomTruth
                          Level 4
                          Level 4
                          Posts: 376
                          Joined: Fri Sep 23, 2016 10:19 am

                          Re: Problem With Full Disk Encryption Using System, Swap & Home Partitions

                          Post by FreedomTruth » Fri Feb 16, 2018 10:11 pm

                          3) b) says: Mount boot partition: sudo mount /dev/sda /mnt/boot
                          I hope this was a typo: the boot partition is /dev/sda1 not /dev/sda. Since you got a grub menu later, I'm guessing it was just a typo on the forum... but you should verify the contents.
                          boot the install media again, mount the boot partition and make sure it's not empty:

                          Code: Select all

                          sudo mount /dev/sda1 /mnt
                          ls -l /mnt
                          If it's empty (besides lost+found directory) I'm afraid you'll need to reinstall again? Not sure if there's a way to only install the boot stuff at this point.
                          If it's not empty, you may be able to edit /mnt/grub/grub.cfg to a bootable state... possibly. Maybe post back the contents of that file and see if there's anything to do there ...
                          If you abide in My word, you are My disciples indeed. And you shall know the truth, and the truth shall make you free... Most assuredly, I say to you, whoever commits sin is a slave of sin... Therefore if the Son makes you free, you shall be free indeed.

                          educatedidiot
                          Level 1
                          Level 1
                          Posts: 17
                          Joined: Thu Aug 27, 2015 1:56 am

                          Re: Problem With Full Disk Encryption Using System, Swap & Home Partitions

                          Post by educatedidiot » Sat Feb 17, 2018 12:05 am

                          Freedom,

                          Thanks for the observation.
                          That was not a typo. I had it like that because Laurent's tutorial says that, for his case "the first 4 partitions sda1 to sda4 are allocated to EFI and Windows". For mine, I'll have nothing but Mint 18.3.
                          In his case, at 3)b he had: sudo mount /dev/sda5 /mnt/boot
                          I figured that sda5 was equivalent to my sda. Also, it had been mentioned by Wharf Rat that when I had earlier tried to do this entirely through Ubiquity, I should put Set Device For Bootloader as /dev/sda, not sda1, so I carried that idea over to Laurent's method.
                          Come to think of it, it could be wrong, b/c sda is simply the hard drive as a whole, and is not even a partition in itself, right?
                          So I see how that could be a problem. But if it is, I also don't see why it would not be a problem doing the same in Ubiquity.

                          At any rate, I did the check you showed me. Here is the result:
                          Image

                          Seems that bootup is definitely seeing the sda1 boot partition.

                          Laurent85
                          Level 14
                          Level 14
                          Posts: 5066
                          Joined: Tue May 26, 2015 10:11 am

                          Re: Problem With Full Disk Encryption Using System, Swap & Home Partitions

                          Post by Laurent85 » Sat Feb 17, 2018 10:11 am

                          educatedidiot wrote:
                          Sat Feb 17, 2018 12:05 am
                          Come to think of it, it could be wrong, b/c sda is simply the hard drive as a whole, and is not even a partition in itself, right?
                          Correct. As FreedomTruth pointed it out. Trying to mount /dev/sda must have reported an error message. Following command was also not correct, one missing dash maybe a typo for "--bind":
                          educatedidiot wrote:
                          Fri Feb 16, 2018 7:55 pm
                          c) Mount special devices:
                          <sudo mount -bind /dev /mnt/dev>
                          You don't need to reinstall, only start over the procedure that will update the initrd file with your encryption settings. From a live session unlock partition sda2 and activate lvm volume group vg1 and logical volumes :

                          Code: Select all

                          sudo cryptsetup luksOpen /dev/sda2 luks1
                          sudo vgchange --activate y
                          A this point follow your procedure to generate the encryption settings :

                          Code: Select all

                          sudo mount /dev/mapper/vg1-root /mnt
                          sudo mount /dev/sda1 /mnt/boot
                          sudo mount --bind /dev /mnt/dev
                          sudo chroot /mnt mount -t proc proc /proc
                          sudo chroot /mnt mount -t sysfs sysfs /sys
                          sudo chroot /mnt mount -t devpts devpts /dev/pts
                          /etc/crypttab was configured in your first attempt, skip to initrd file update :

                          Code: Select all

                          sudo chroot /mnt update-initramfs -u
                          Sync to disk, optional but more secure :

                          Code: Select all

                          sudo sync
                          Image

                          educatedidiot
                          Level 1
                          Level 1
                          Posts: 17
                          Joined: Thu Aug 27, 2015 1:56 am

                          Re: Problem With Full Disk Encryption Using System, Swap & Home Partitions

                          Post by educatedidiot » Sat Feb 17, 2018 11:44 pm

                          Awesome!
                          Yes, really hard to get through so many terminal commands without making a typo or two, especially when, not being very conversant in terminal "grammar", one mostly lacks the ability to see when the rules are being broken. It becomes a matter of monkey see, monkey do.
                          I've been busy, so couldn't get to this today, maybe not tomorrow either, but definitely ASAP.
                          Thanks!

                          educatedidiot
                          Level 1
                          Level 1
                          Posts: 17
                          Joined: Thu Aug 27, 2015 1:56 am

                          Re: Problem With Full Disk Encryption Using System, Swap & Home Partitions

                          Post by educatedidiot » Sun Feb 18, 2018 10:07 pm

                          Well, to borrow an expression from certain...errr...more casual levels of U.S. society...
                          Laurent85, You da MAN!
                          Everything is up and running.
                          One of the nice things about this setup is that there's only one passphrase entry required on bootup.
                          I am going to clone the existing installation as a backup, then try the standard Ubiquity installation, with a manual mount when Ubiquity tells me that it has failed to mount the root partition.
                          I suspect it will not work, but it is worth a try...unless someone already *knows* that it will not work.

                          And thanks to all who contributed. :D

                          Post Reply

                          Return to “Installation & Boot”