Re: Custom cryptsetup LVM install

To: amarildojunior@riseup.net
Cc: debian-boot@lists.debian.org
Subject: Re: Custom cryptsetup LVM install
From: "Lennart Sorensen" <lsorense@csclub.uwaterloo.ca>
Date: Tue, 7 Apr 2015 11:39:36 -0400
Message-id: <[🔎] 20150407153936.GZ29558@csclub.uwaterloo.ca>
In-reply-to: <[🔎] 925de90d829c0f1c75681715180dea77@riseup.net>
References: <[🔎] 925de90d829c0f1c75681715180dea77@riseup.net>

On Mon, Apr 06, 2015 at 07:19:36PM -0300, amarildojunior@riseup.net wrote:
> Hello,
> 
> For the past month I've been trying to do a custom encrypted LVM
> install, with no success. Here are the commands I've been using:
> 
> # modprobe dm-mod
> 
> # fdisk /dev/sda
> (create a 1GB partition for /boot, unencrypted ; create another big
> 930 GB formatted as "8e" - LVM - on dev/sda2)

But you are not using it for LVM, you are using it for crypt.  Your LVM
is on top of the crypt, so this seems like the wrong partition type
(not that I think anything really cares).

> # cryptsetup -c twofish-xts-plain64 -y -s 512 --iter-time 5000
> luksFormat /dev/sda2
> (chose my ciphers, key size, and iter time)
> 
> # cryptsetup open --type luks /dev/sda2 sda2_crypt
> open the luks container on "sda2_crypt")
> 
> # pvcreate /dev/mapper/sda2_crypt
> (create physical volume on sda2_crypt)
> 
> # vgcreate debian /dev/mapper/sda2_crypt
> (create volume group "debian" on sda2_crypt)
> 
> # lvcreate -L 60G system -n root
> # lvcreate -L 8G system -n swap
> # lvcreate -l 100%FREE system -n home
> (create volumes)
> 
> After this is done, I go to the "partition disks" menu where I
> select each partition/volume to it's correct destination. I then
> procceed to installing the base system, configuring apt, and all
> that. Now I install Grub (from the installer's menu) and then I do:
> 
> # mount /dev/pts /target/dev/pts
> # mount /sys /target/sys
> # mount /proc /target/proc
> # chroot /target/ /bin/bash
> 
> I then edit crypttab
> 
> # nano /etc/crypttab
> 
> I used to put something there, but I don't remember what exactly.
> It's been a long time since I used Debian. But here's what I put
> there now:
> 
> sda2_crypt /dev/mapper/sda2_crypt none luks
> 
> Then I edit /etc/default/grub, edit the following line:
> 
> GRUB_CMDLINE_LINUX="cryptdevice=/dev/sda2_crypt:root
> root=/dev/mapper/debian-root rw"
> 
> Then:
> 
> # grub-mkconfig -o /boot/grub/grub.cfg
> # exit
> # exit
> 
> Then I select the menu "Finish installation", but after rebooting
> there is an error saying no LVM volumes found.
> 
> What am I doing wrong?

Is there any reason you are doing all those manual steps rather than
letting the installer do them for you?

The only thing I can see that the installer doesn't do is to use twofish
rather than (as far as I tell) the normally highly recommended aes option.

I recently installed jessie with encrypted disk and lvm and the installer
worked great for all of it (other than having to manually recreate the
LV for root and swap because the automatic setup makes the swap way
too small).

I can't see any reason for the grub stuff, since the initramfs takes
care of all that stuff for you, so no need to pass kernel options for it.

-- 
Len Sorensen

Reply to:

References:
- Custom cryptsetup LVM install
  - From: amarildojunior@riseup.net

Prev by Date: Bug#782083: debian-installer: Installation adds entry for optical disk drive to /etc/fstab
Next by Date: Re: IXP4xx (armel) support in d-i for Jessie
Previous by thread: Custom cryptsetup LVM install
Next by thread: Processing of flash-kernel_3.35_armhf.changes
Index(es):
- Date
- Thread