Re: encrypt/lvm issue during install.... [WAS: location of screenshots during debian install
On Wed 28 Jul 2021 at 14:22:52 (+0100), Tixy wrote:
> On Wed, 2021-07-28 at 13:31 +0100, Tixy wrote:
> > On Wed, 2021-07-28 at 07:54 -0400, Greg Wooledge wrote:
> > > On Tue, Jul 27, 2021 at 10:05:54PM -0600, Jupiter777 wrote:
> > > > so loop-with-no-exit went like:
> > > >
> > > >
> > > > -- installer recognized the disk, OK
> > > >
> > > > -- did the 1gb /boot ext2 non-encrypted configured , OK /dev/sda7
> > > >
> > > > -- 150gb partition, planned to be / with everything in it,
> > > > recognized by installer, OK /dev/sda6
> > > >
> > > > -- configured /dev/sda6 to be / and mount-point / too , OK
> > > >
> > > > -- went inside the lvm config/manager ....
> > > >
> > > > -- added volume group vg1 off of /dev/sda6 , OK
> > > >
> > > > -- added logical volume lv1 (inside vg1) , OK
> > >
> > > I've never done disk encryption, so I can only speak to the LVM parts
> > > of this.
> > >
> > > If you're planning to use LVM for everything except /boot, then your
> > > third and fourth steps above are incorrect. You don't want to create
> > > a regular root file system on sda6 if you're planning to use sda6 for LVM.
> > >
> > > What you want to do instead is:
> > >
> > > 1) Create your /boot partition + file system as you did.
> > >
> > > 2) Create a partition to hold the LVM subsystem, but do not mount it.
> > >
> > > 3) Go into the LVM subsystem, and turn your empty partition into a
> > > volume group.
> > >
> > > 4) Create logical volumes within the VG for each file system you want,
> > > including root.
> > >
> > > However, since you were trying to do encryption as well, you should
> > > definitely look for advice from someone who has done that.
> >
> > Between steps 2) and 3) you encrypt the partition.
>
> Well, that's what I do, but if you want to encrypt filesystems
> individually then I don't know what the sequence is for that.
Complementarywise, these screens are from a nonce encrypted-root
installation, but I've yet to try LVM. (Comments follow the screen
they apply to.)
┌────────────────────────┤ [!!] Partition disks ├─────────────────────────┐
│ │
│ This is an overview of your currently configured partitions and mount │
│ points. Select a partition to modify its settings (file system, mount │
│ point, etc.), a free space to create partitions, or a device to │
│ initialize its partition table. │
│ │
│ Guided partitioning ↑ │
│ Configure software RAID ▮ │
│ Configure the Logical Volume Manager ▒ │
│ Configure encrypted volumes ▒ │
│ Configure iSCSI volumes ▒ │
│ ▒ │
│ SCSI1 (0,0,0) (sda) - 500.1 GB ATA ST3500413AS ▒ │
│ > 1.0 MB FREE SPACE ▒ │
│ > #1 3.1 MB K biosgrub BIOS boot pa ▒ │
│ > #2 520.1 MB BullBoot ▒ │
│ > #3 524.3 MB ext2 Linux swap ▒ │
│ > #4 31.5 GB ext4 Viva-A ▒ │
│ > #5 31.5 GB ext3 Viva-B ▒ │
│ > #6 436.1 GB Viva-Home ▒ │
│ > 7.7 kB FREE SPACE ▒ │
│ SCSI7 (0,0,0) (sdb) - 1.0 GB Multiple Card Reader ▒ │
│ ↓ │
│ │
│ <Go Back> │
│ │
└─────────────────────────────────────────────────────────────────────────┘
I renamed my ESP (future-proofing the disk) as BullBoot. The ext3 was
created thus, just for recognisability. Partitions 1, 3, 4 and 6 are
the "real" ones, to remain untouched (except that 1 may get clobbered).
┌────────────────────────┤ [!!] Partition disks ├─────────────────────────┐
│ │
│ You are editing partition #2 of SCSI1 (0,0,0) (sda). No existing file │
│ system was detected in this partition. │
│ │
│ Partition settings: │
│ │
│ Name: BullBoot │
│ Use as: Ext2 file system │
│ │
│ Mount point: /boot │
│ Mount options: defaults │
│ Label: viva02 │
│ Reserved blocks: 5% │
│ Typical usage: standard │
│ Bootable flag: off │
│ │
│ Erase data on this partition │
│ Delete the partition │
│ Done setting up the partition │
│ │
│ <Go Back> │
│ │
└─────────────────────────────────────────────────────────────────────────┘
I don't normally use a /boot partition.
┌────────────────────────┤ [!!] Partition disks ├─────────────────────────┐
│ │
│ You are editing partition #5 of SCSI1 (0,0,0) (sda). This partition │
│ is formatted with the Ext3 journaling file system. │
│ │
│ Partition settings: │
│ │
│ Name: Viva-B │
│ Use as: physical volume for encryption │
│ Encryption method: Device-mapper (dm-crypt) │
│ │
│ Encryption: aes │
│ Key size: 256 │
│ IV algorithm: xts-plain64 │
│ Encryption key: Passphrase │
│ Erase data: yes │
│ Bootable flag: off │
│ │
│ Resize the partition (currently 31.5 GB) │
│ Erase data on this partition │
│ Delete the partition │
│ Done setting up the partition │
│ │
│ <Go Back> │
│ │
└─────────────────────────────────────────────────────────────────────────┘
This will be my encrypted root filesystem.
┌────────────────────────┤ [!!] Partition disks ├─────────────────────────┐
│ │
│ This is an overview of your currently configured partitions and mount │
│ points. Select a partition to modify its settings (file system, mount │
│ point, etc.), a free space to create partitions, or a device to │
│ initialize its partition table. │
│ │
│ Configure the Logical Volume Manager ↑ │
│ Configure encrypted volumes ▒ │
│ Configure iSCSI volumes ▒ │
│ ▒ │
│ SCSI1 (0,0,0) (sda) - 500.1 GB ATA ST3500413AS ▒ │
│ > 1.0 MB FREE SPACE ▒ │
│ > #1 3.1 MB K biosgrub BIOS boot pa ▒ │
│ > #2 520.1 MB f ext2 BullBoot /boot ▒ │
│ > #3 524.3 MB ext2 Linux swap ▒ │
│ > #4 31.5 GB ext4 Viva-A ▒ │
│ > #5 31.5 GB K crypto Viva-B not active ▒ │
│ > #6 436.1 GB Viva-Home ▒ │
│ > 7.7 kB FREE SPACE ▒ │
│ SCSI7 (0,0,0) (sdb) - 1.0 GB Multiple Card Reader ▒ │
│ ▒ │
│ Undo changes to partitions ▮ │
│ Finish partitioning and write changes to disk ↓ │
│ │
│ <Go Back> │
│ │
└─────────────────────────────────────────────────────────────────────────┘
Looking good so far.
┌────────────┤ [!!] Partition disks ├─────────────┐
│ │
│ No root file system │
│ No root file system is defined. │
│ │
│ Please correct this from the partitioning menu. │
│ │
│ <Continue> │
│ │
└─────────────────────────────────────────────────┘
Just checking. Forgotten now whether I selected "Configure encrypted volumes"
and it ticked me off, or whether I selected "Finish partitioning and
write changes to disk". The former, I would think.
┌───────────────────────┤ [!!] Partition disks ├────────────────────────┐
│ │
│ Before encrypted volumes can be configured, the current partitioning │
│ scheme has to be written to disk. These changes cannot be undone. │
│ │
│ After the encrypted volumes have been configured, no additional │
│ changes to the partitions on the disks containing encrypted volumes │
│ are allowed. Please decide if you are satisfied with the current │
│ partitioning scheme for these disks before continuing. │
│ │
│ The partition tables of the following devices are changed: │
│ SCSI1 (0,0,0) (sda) │
│ │
│ The following partitions are going to be formatted: │
│ partition #2 of SCSI1 (0,0,0) (sda) as ext2 │
│ │
│ Write the changes to disk and configure encrypted volumes? │
│ │
│ <Yes> <No> │
│ │
└───────────────────────────────────────────────────────────────────────┘
┌──────────────────┤ [!!] Partition disks ├──────────────────┐
│ │
│ This menu allows you to configure encrypted volumes. │
│ │
│ Encryption configuration actions │
│ │
│ Create encrypted volumes │
│ Finish │
│ │
│ <Go Back> │
│ │
└────────────────────────────────────────────────────────────┘
So that obviously was selecting "Configure encrypted volumes".
┌────────────────┤ [!!] Partition disks ├────────────────┐
│ │
│ Please select the devices to be encrypted. │
│ │
│ You can select one or more devices. │
│ │
│ Devices to encrypt: │
│ │
│ [ ] /dev/sda free #1 (1MB; FREE SPACE) │
│ [ ] /dev/sda1 (3MB; biosgrub) │
│ [ ] /dev/sda2 (520MB; ext2) │
│ [ ] /dev/sda3 (524MB; ext2) │
│ [ ] /dev/sda4 (31457MB; ext4) │
│ [*] /dev/sda5 (31457MB; crypto) │
│ [ ] /dev/sda6 (436144MB) │
│ [ ] /dev/sda free #2 (0MB; FREE SPACE) │
│ │
│ <Go Back> <Continue> │
│ │
└────────────────────────────────────────────────────────┘
In case anyone is following closely, my swap (3) has a tiny filesystem
at the start. 6 is my encrypted /home.
┌──────────────────┤ [!!] Partition disks ├──────────────────┐
│ │
│ This menu allows you to configure encrypted volumes. │
│ │
│ Encryption configuration actions │
│ │
│ Create encrypted volumes │
│ Finish │
│ │
│ <Go Back> │
│ │
└────────────────────────────────────────────────────────────┘
┌───────────────────────┤ [!!] Partition disks ├───────────────────────┐
│ │
│ The data on SCSI1 (0,0,0), partition #5 (sda) will be overwritten │
│ with random data. It can no longer be recovered after this step has │
│ completed. This is the last opportunity to abort the erase. │
│ │
│ Really erase the data on SCSI1 (0,0,0), partition #5 (sda)? │
│ │
│ <Go Back> <Yes> <No> │
│ │
└──────────────────────────────────────────────────────────────────────┘
┌──────────┤ Erasing data on SCSI1 (0,0,0), partition #5 (sda) ├──────────┐
│ │
│ 100% │
│ │
│ The installer is now overwriting SCSI1 (0,0,0), partition #5 (sda) │
│ with random data to prevent meta-information leaks from the encrypted │
│ volume. This step may be skipped by cancelling this action, albeit at │
│ the expense of a slight reduction of the quality of the encryption. │
│ <Cancel> │
│ │
└─────────────────────────────────────────────────────────────────────────┘
Passphrase abcdefghijklmnopqrstuvwxyz entered
┌────────────────────────┤ [!!] Partition disks ├─────────────────────────┐
│ │
│ This is an overview of your currently configured partitions and mount │
│ points. Select a partition to modify its settings (file system, mount │
│ point, etc.), a free space to create partitions, or a device to │
│ initialize its partition table. │
│ │
│ Guided partitioning ↑ │
│ Configure software RAID ▒ │
│ Configure the Logical Volume Manager ▒ │
│ Configure encrypted volumes ▮ │
│ Configure iSCSI volumes ▒ │
│ ▒ │
│ Encrypted volume (sda5_crypt) - 31.4 GB Linux device-mapper (cryp ▒ │
│ > #1 31.4 GB f ext4 ▒ │
│ SCSI1 (0,0,0) (sda) - 500.1 GB ATA ST3500413AS ▒ │
│ > 1.0 MB FREE SPACE ▒ │
│ > #1 3.1 MB K biosgrub BIOS boot pa ▒ │
│ > #2 520.1 MB F ext2 BullBoot /boot ▒ │
│ > #3 524.3 MB ext2 Linux swap ▒ │
│ > #4 31.5 GB ext4 Viva-A ▒ │
│ > #5 31.5 GB K crypto Viva-B (sda5_crypt) ▒ │
│ > #6 436.1 GB Viva-Home ▒ │
│ > 7.7 kB FREE SPACE ↓ │
│ │
│ <Go Back> │
│ │
└─────────────────────────────────────────────────────────────────────────┘
This screen was new to me, with its "Encrypted volume". I selected it
in the same way as one would normally select a partition.
┌────────────────────────┤ [!!] Partition disks ├─────────────────────────┐
│ │
│ You are editing partition #1 of Encrypted volume (sda5_crypt). No │
│ existing file system was detected in this partition. │
│ │
│ Partition settings: │
│ │
│ Use as: Ext4 journaling file system │
│ │
│ Mount point: / │
│ Mount options: defaults │
│ Label: viva05 │
│ Reserved blocks: 5% │
│ Typical usage: standard │
│ │
│ Erase data on this partition │
│ Done setting up the partition │
│ │
│ <Go Back> │
│ │
└─────────────────────────────────────────────────────────────────────────┘
I set a LABEL as usual, based on the underlying partition, 5.
┌────────────────────────┤ [!!] Partition disks ├─────────────────────────┐
│ │
│ This is an overview of your currently configured partitions and mount │
│ points. Select a partition to modify its settings (file system, mount │
│ point, etc.), a free space to create partitions, or a device to │
│ initialize its partition table. │
│ │
│ Configure iSCSI volumes ↑ │
│ ▒ │
│ Encrypted volume (sda5_crypt) - 31.4 GB Linux device-mapper (cryp ▒ │
│ > #1 31.4 GB f ext4 / ▒ │
│ SCSI1 (0,0,0) (sda) - 500.1 GB ATA ST3500413AS ▒ │
│ > 1.0 MB FREE SPACE ▒ │
│ > #1 3.1 MB K biosgrub BIOS boot pa ▒ │
│ > #2 520.1 MB F ext2 BullBoot /boot ▒ │
│ > #3 524.3 MB ext2 Linux swap ▒ │
│ > #4 31.5 GB ext4 Viva-A ▒ │
│ > #5 31.5 GB K crypto Viva-B (sda5_crypt) ▒ │
│ > #6 436.1 GB Viva-Home ▒ │
│ > 7.7 kB FREE SPACE ▒ │
│ SCSI7 (0,0,0) (sdb) - 1.0 GB Multiple Card Reader ▒ │
│ ▒ │
│ Undo changes to partitions ▮ │
│ Finish partitioning and write changes to disk ↓ │
│ │
│ <Go Back> │
│ │
└─────────────────────────────────────────────────────────────────────────┘
Definitely selected "Finish partitioning and write changes to disk" here.
┌───────────────────────┤ [!!] Partition disks ├───────────────────────┐
│ │
│ If you continue, the changes listed below will be written to the │
│ disks. Otherwise, you will be able to make further changes manually. │
│ │
│ The partition tables of the following devices are changed: │
│ Encrypted volume (sda5_crypt) │
│ │
│ The following partitions are going to be formatted: │
│ Encrypted volume (sda5_crypt) as ext4 │
│ │
│ Write the changes to disks? │
│ │
│ <Yes> <No> │
│ │
└──────────────────────────────────────────────────────────────────────┘
Everything else goes as normal.
However, I'll just show the Grub screens because, as usual, I get
the "EFI removable" screen displayed, even though the machine is not
an EFI, but BIOS.
(Usually, the d-i could proffer the excuse that my system disks all
contain an ESP, even when they're BIOS machines and can't use it.
Not here, though. There's not a hint of EFI.)
┌─────────────────┤ [!] Install the GRUB boot loader ├──────────────────┐
│ │
│ The following other operating systems have been detected on this │
│ computer: Debian GNU/Linux 10 (buster) │
┌│ │
││ If all of your operating systems are listed above, then it should be │
││ safe to install the boot loader to your primary drive (UEFI │
││ partition/boot record). When your computer boots, you will be able to │
││ choose to load one of these operating systems or the newly installed │
││ Debian system. │
└│ │
│ Install the GRUB boot loader to your primary drive? │
│ │
│ <Go Back> <Yes> <No> │
│ │
└───────────────────────────────────────────────────────────────────────┘
Yes.
┌──────────────────┤ [!] Install the GRUB boot loader ├───────────────────┐
│ │
│ You need to make the newly installed system bootable, by installing │
│ the GRUB boot loader on a bootable device. The usual way to do this │
│ is to install GRUB to your primary drive (UEFI partition/boot │
│ record). You may instead install GRUB to a different drive (or │
│ partition), or to removable media. │
│ │
│ Device for boot loader installation: │
│ │
│ Enter device manually │
│ /dev/sda (ata-ST3500413AS_…) │
│ /dev/sdb (usb-Multiple_Card_Reader_058F63666438-0:0) │
│ │
│ <Go Back> │
│ │
└─────────────────────────────────────────────────────────────────────────┘
sda
┌─────────────────┤ [.] Install the GRUB boot loader ├──────────────────┐
│ │
│ It seems that this computer is configured to boot via EFI, but maybe │
│ that configuration will not work for booting from the hard drive. │
│ Some EFI firmware implementations do not meet the EFI specification │
│ (i.e. they are buggy!) and do not support proper configuration of │
│ boot options from system hard drives. │
│ │
┌│ A workaround for this problem is to install an extra copy of the EFI │
││ version of the GRUB boot loader to a fallback location, the │
││ "removable media path". Almost all EFI systems, no matter how buggy, │
││ will boot GRUB that way. │
││ │
││ Warning: If the installer failed to detect another operating system │
└│ that is present on your computer that also depends on this fallback, │
│ installing GRUB there will make that operating system temporarily │
│ unbootable. GRUB can be manually configured later to boot it if │
│ necessary. │
│ │
│ Force GRUB installation to the EFI removable media path? │
│ │
│ <Go Back> <Yes> <No> │
│ │
└───────────────────────────────────────────────────────────────────────┘
Obviously I selected No.
Apropos the original Subject line, another pair of screens:
┌────────────────────────┤ [!!] Save debug logs ├─────────────────────────┐
│ │
│ Debugging log files for the installer can be saved to floppy, served │
│ up over the web, or saved to a mounted file system. │
│ │
│ How should the debug logs be saved or transferred? │
│ │
│ floppy │
│ web │
│ mounted file system │
│ │
│ <Go Back> │
│ │
└─────────────────────────────────────────────────────────────────────────┘
┌──────────────────────┤ [!!] Save debug logs ├───────────────────────┐
│ │
┌─│ Please make sure the file system you want to save debug logs on is │ ┐
│ │ mounted before you continue. │ │
│ │ │ │
│ │ Directory in which to save debug logs: │ │
│ │ │ │
│ │ /target/root/thelogs_______________________________________________ │ │
└─│ │ ┘
│ <Continue> │
│ │
└─────────────────────────────────────────────────────────────────────┘
I suppose (untested) you can do this any time after /target is
created, and not just at the end. (I created /target/root/thelogs
in the Alt-F2 shell as I was too lazy to fetch a stick.) I also
suppose that any screenshots get included, along with the logs.
Cheers,
David.
Reply to: