Howto install LMDE with LVM (with or without encryption)

Archived topics about LMDE 1 and LMDE 2
turqoisehex
Level 2
Level 2
Posts: 52
Joined: Tue Aug 03, 2010 9:33 pm

Re: Howto install LMDE with LVM (with or without encryption)

Post by turqoisehex »

I ran into many problems while following this HowTo.
  • First off, cryptsetup can't be installed because of conflicts with Libc6-dev. Forcing libc6-dev in Synaptic was the workaround I eventually found.
  • Second, when I did

    Code: Select all

     VOLUME=/dev/mapper/sda2_crypt
    it said I could only do it with the -ff flag (force). I did this, but it's worrying.
  • The worst one, was that when I ran

    Code: Select all

    unsquashfs -f -d /mnt /live/image/casper/filesystem.squashfs
    it would crash the live environment! It completely froze up and required a hard reboot. Extracting it on another computer and then moving it over via

    Code: Select all

    rsync -vah
    was my solution.
  • As mentioned in the comment before mine, I ran

    Code: Select all

    apt-get update && apt-get upgrade && apt-get dist-upgrade
    , hoping this would solve some problems.
  • I ran

    Code: Select all

    dpkg-reconfigure grub-pc
    while chrooted, but I didn't see it install... shouldn't

    Code: Select all

    grub-install /dev/sdX
    be run afterward, followed by

    Code: Select all

    update-grub
    ?
  • I was unable to umount /mnt/dev and /mnt, it said they were busy.
  • Most frustratingly, after the 3rd try, when I rebooted all I got was the blinking underscore of GRUB doom.
I'll try and redo it again, and see if GRUB is the issue.
Thanks for the well done howto.

UPDATE
After substantially more messing around with GRUB (finally got it to install) and figuring out how to re-active the volumes after reboot (using the "lvchange -a y" command). NOW when I restart the computer and select the OS in GRUB it tries to load the information from crypttab and fstab and says something along the lines of the volume group "volumes" not existing. As much as I want this to work, after 10+ hours I give up :x
User avatar
Pepas
Level 2
Level 2
Posts: 56
Joined: Mon Jan 24, 2011 10:18 am
Contact:

Re: Howto install LMDE with LVM (with or without encryption)

Post by Pepas »

I loved this approach, and it works well for me (so far). I will list what I did, with some comments where it diverts:

[After booting up the Installer, in console/terminal:]
sudo -i ## I am used to this instead of sudo -s because it will read resource files
apt-get install cryptsetup lvm2 squashfs-tools
[boot partition for a /dev/sdXY of around 100 MB and an encrypted lvm on /dev/sdXZ of (much) over 25 GB]

badblocks -c 10240 -s -w -t random -v /dev/sdXZ ## this is apparently much faster than using urandom, but pseudo-random; another plus: it checks for bad blocks
cryptsetup luksFormat -c aes -s 128 /dev/sdXZ ## recently it was shown that 128bit AES is more robust against some attacks than 192/256bit
cryptsetup luksOpen /dev/sdXZ crypt ## 'crypt' being a chosen name
vgcreate secret /dev/mapper/crypt ## 'secret' being a chosen name
lvcreate -C y -L 2100M -n swap secret ## 'swap' being a chosen name; -C y ensures the swap is contiguous, which is important for performance
lvcreate -L 20G -n linux secret ## 'linux' being a chosen name
lvcreate -l 100%FREE -n home secret ## 'home' being a chosen name; -l 100%FREE uses up the rest of the space
mkswap -f -L swap /dev/mapper/secret-swap ## 'swap' again being a chosen name; -f ensures that all the available space is used
mkfs.ext4 -L linux /dev/mapper/secret-linux ## 'linux'' again being a chosen name
mkfs.ext4 -L home -m 0 /dev/mapper/secret-home ## 'home' again being a chosen name; -m 0 means no reserved blocks for root
mkfs.ext2 -L boot /dev/sdXY ## 'boot' being a chosen name

swapon /dev/mapper/secret-swap
mount /dev/mapper/secret-linux /mnt
mkdir /mnt/boot /mnt/home
mount /dev/sdXY /mnt/boot
mount /dev/mapper/secret-home /mnt/home

unsquashfs -f -d /mnt /live/image/casper/filesystem.squashfs

cat <<END >/mnt/etc/fstab
# <file system> <mount point> <type> <options> <dump> <pass>
proc /proc proc defaults 0 0
LABEL=boot /boot ext2 defaults 0 2
/dev/mapper/secret-linux / ext4 errors=remount-ro 0 1
/dev/mapper/secret-swap swap swap sw 0 2
/dev/scd0 /media/cdrom0 udf,iso9660 user,noauto 0 0
END

echo "crypt /dev/sdXZ none luks" >/mnt/etc/crypttab
cp /etc/resolv.conf /mnt/etc/

mount --bind /dev /mnt/dev
chroot /mnt
mount -t sysfs none /sys
mount -t proc none /proc
mount -t devpts none /dev/pts
export PS1="CHROOT# "

apt-get purge ^live-* ## Including ^ means the name has to start with live-
apt-get update
apt-get install cryptsetup lvm2
update-grub ## this is how I always update the grub.cfg
grub-install /dev/sdX ## and install it

deluser --remove-home mint
adduser USER ## instead of USER choose username
addgroup USER sudo ## instead of USER choose username
passwd -l root
sed -i "s/mint/USER/" /etc/gdm3/daemon.conf ## instead of USER choose username; this will autologin, like the live installer
echo "HOSTNAME" >/etc/hostname ## it would be nice to also set the time(zone), but can do this in the new install

umount /dev/pts
umount /proc
umount /sys
exit

umount /mnt/dev
umount /mnt/boot
umount /mnt
sync
reboot

[In the new install, set the right time(zone), and use the Mint-debian-updater to get up to date]
jbarratt

Re: Howto install LMDE with LVM (with or without encryption)

Post by jbarratt »

Great how-to, but it took four tries to make it work on my new Thinkpad X220 with WIndows 7 already installed. It turned out that the one thing I had to do was to replace the command "dpkg-reconfigure grub-pc" with "grub-install". Perhaps this is a Grub 2 change?

In any case, thanks again.
bklive

Re: Howto install LMDE with LVM (with or without encryption)

Post by bklive »

If you needed to add a second (or third, fourth, etc) hard drive or partition space to the pv, just use

Code: Select all

pvcreate /dev/sdX3 /dev/sdY#
dpkg-reconfigure grub-pc didn't do the trick as previously mentioned.

I had to

Code: Select all

# grub-install /dev/sdX
# update-grub
and then it wouldn't umount the /proc or /dev fs regardless of how many times you use --force or kill the processes keeping them active. I just rebooted which worked (I'm using LMDE with lvm right now as I'm writing this) after exiting the chroot environment.

This was mentioned, but don't forget to update your timezone. You could do this in the chroot with

Code: Select all

# tzselect
and then using ntpd to set the time

It would probably be better to make the /home add line look like

Code: Select all

lvcreate -n home -L 100%FREE volumes
so you're using the sum of the remainder (I installed across two hard drives, so it was necessary for me to use this b/c I didn't know how much space was left)
melbo

Re: Howto install LMDE with LVM (with or without encryption)

Post by melbo »

This is a GREAT tutorial but I really wish that the author or a moderator would edit the

Code: Select all

dpkg-reconfigure grub-pc
To instead point to this:

Code: Select all

grub-install /dev/sdX
update-grub
I caught it by reading the entire thread but it may cause a new person to urandom a large drive for 3 days only to find it fail on reboot and have to start over.
petaramesh

Re: Howto install LMDE with LVM (with or without encryption)

Post by petaramesh »

Some additional info :

Installing as told in this excellent tutorial will install an US-english system ;

Should you want another language/location system, while in the chroot and before rebooting, perform the following commands as root :

Code: Select all

dpkg-reconfigure keyboard-configuration
dpkg-reconfigure console-setup
dpkg-reconfigure locales
dpkg-reconfigure tzdata
dpkg-reconfigure keyboard-configuration
update-initramfs -u
melbo

Re: Howto install LMDE with LVM (with or without encryption)

Post by melbo »

With enrypted LVM, can you install a /home directory that spans across an SSD and a second HDD?

Thinking of using the remainder of an SSD for /home but then letting it span to the second platter... If this is set up, will LVM write to the SSD portion first and then spill into the HDD?
gothmog123

Re: Howto install LMDE with LVM (with or without encryption)

Post by gothmog123 »

Guys, sorry to interject, is it possible to use this guide:

http://stolowski.blogspot.com/2011/06/d ... ition.html

to encrypt my home partition on LMDE Cinnamon? I do have a separate unencrypted home partition.

Thanks
powerhouse
Level 6
Level 6
Posts: 1141
Joined: Thu May 03, 2012 3:54 am
Location: Israel
Contact:

Re: Howto install LMDE with LVM (with or without encryption)

Post by powerhouse »

Thanks for providing this tutorial. It eventually worked for me, with some minor alterations:

1. Downloaded LMDE 12 Mate/Cinnamon 201204 64 bit release
2. Created live USB stick (on my old Linux machine)
3. Instead of installing directly onto disk, I installed the LMDE as a VM in Virtualbox - see this link http://www.netzgewitter.com/2011/09/how ... ard-drive/
4. So far so good. Here is the important stuff:

a. After the install on disk/LVM, Synaptic would exit with segmentation fault. Issuing

apt-get clean

fixed the issue.

b. dpkg-reconfigure grub-pc didn't work and messed up the install. I used the following method mentioned in this thread:

update-grub ## this is how I always update the grub.cfg
grub-install /dev/sdX ## and install it

c. /etc/gdm3/daemon.conf is not available on my install - seems like Mate isn't using this. By following the procedure mentioned under 3. I got a completely installed system with my account settings, as well as all the locale stuff, time/date etc. There is no need to edit the /gdm3/daemon.conf or similar file.

d. Since I was installing on a new system with plenty of RAM (32 gig), the only thing I needed was a live USB stick and a USB stick with the iso file of the distribution (for the Virtualbox install). I created a tmpfs with 10 gig in RAM and installed the VM onto the RAM tmpfs.

e. Since I use an SSD for /, /boot, and /home, I modified the fstab according to the following suggestions:

http://www.howtogeek.com/62761/how-to-t ... rformance/

There is a lot of stuff on SSD and performance / longevity tweaks on the Internet, I hope I picked the right one.

Thanks for the tutorial and pointing me in the right direction. P.S.: I don't use encryption, only LVM.
Subjects of interest: Linux, vfio passthrough virtualization, photography
See my blog on virtualization, including tutorials: https://www.heiko-sieger.info/category/ ... alization/
powerhouse
Level 6
Level 6
Posts: 1141
Joined: Thu May 03, 2012 3:54 am
Location: Israel
Contact:

Re: Howto install LMDE with LVM (with or without encryption)

Post by powerhouse »

Some remarks to my previous post:

While the system booted Ok, I had some minor problems later on, for example synaptic would only start via terminal and sudo -i or -s. Could have been a sudoers issue with permissions.

I installed some other stuff (Xen and Nvidia proprietary driver) and got some complications running the Xen kernel with GUI. Following that I tried Fedora 16 and 17 - what a nightmare !!! - since my ultimate goal was to get VGA passthrough in Xen and I tried the tutorial on http://www.overclock.net/t/1205216/guid ... al-machine which uses Fedora 16.

Now I've started over again with LMDE 12, this time directly installing onto the SSD without LVM. I then installed LVM2 and prepared some LVs for / and /home.

My intention is to copy both / and /home into the LVs (from within the LMDE live USB) and adjust the grub and fstab files to reflect the changes, then reinstall grub and hope it works.

Has anyone done that before, that is copy a root file system onto an LVM and reinstalling grub2?

In essence this would be moving a regular install onto LVM2. Any help is appreciated as I hate to go through the entire install once again.
Subjects of interest: Linux, vfio passthrough virtualization, photography
See my blog on virtualization, including tutorials: https://www.heiko-sieger.info/category/ ... alization/
User avatar
Pepas
Level 2
Level 2
Posts: 56
Joined: Mon Jan 24, 2011 10:18 am
Contact:

Re: Howto install LMDE with LVM (with or without encryption)

Post by Pepas »

@powerhouse
That approach should work. You will need to chroot in to properly setup grub.
powerhouse
Level 6
Level 6
Posts: 1141
Joined: Thu May 03, 2012 3:54 am
Location: Israel
Contact:

Re: Howto install LMDE with LVM (with or without encryption)

Post by powerhouse »

Pepas wrote:@powerhouse
That approach should work. You will need to chroot in to properly setup grub.
Thanks Pepas. I hope to make it work sometime during the weekend. First I need to solve some Xen-related issues.
Subjects of interest: Linux, vfio passthrough virtualization, photography
See my blog on virtualization, including tutorials: https://www.heiko-sieger.info/category/ ... alization/
AngryRooster

Re: Howto install LMDE with LVM (with or without encryption)

Post by AngryRooster »

Has anyone been able to get this to work since the 201204 iso was released? Something has changed and I don't know what. I had it working with no problems with the previous iso but continue to get errors this time. I even tried to use the older iso and get the same failures each time on several different laptops where it worked before.
powerhouse
Level 6
Level 6
Posts: 1141
Joined: Thu May 03, 2012 3:54 am
Location: Israel
Contact:

Re: Howto install LMDE with LVM (with or without encryption)

Post by powerhouse »

@angryrooster: I don't know how far you got. One of the things that is different from this how-to is that the new LMDE doesn't use gmd3.conf but mdm instead. The entry is the same, though.

I went through numerous installations of Fedora16/17, LMDE 201204 and now LM13. I did manage to install LMDE 201204 using this how-to, but it somehow got messed up since I didn't edit the mdm file.

I'm now trying a different approach:

1. Boot with live USB (I made it UEFI bootable, but it will most likely be easier to have an MBR disk format).
2. Install LVM2 and gnome-disk-util (this can handle LVM drives as well).
3. Format the disk to gpt with EFI or MBR - I failed to make it work with UEFI, though, because grub-efi wouldn't load the kernel and hang. Could be grub bug. I am trying now ELILO as EFI bootloader.
4. Create the partitions with /boot/efi vfat32 for UEFI (if you want to give it a try), /boot ext2 partition, and / and /home as LVMs in VG vol1 (or your name of choice).
5. After you created the partitions and LVs, you can run the installer. Choose the custom disk option (not the erase disk option). It will recognize the LVs (if not, exit the installer and mount them).
6. After the installation, DON'T reboot!
7. Mount all partitions under /mnt (i.e. /dev/mapper/vol1-root under /mnt, /dev/sda2 as /boot (sda2 is my ext2 /boot partition), /dev/sda1 (my EFI vfat partition) under /boot/efi, and /dev/mapper/vol1-home under /mnt/home. You will need to mkdir /mnt/home /mnt/boot /mnt/boot/efi.
8. See the above instructions (in another post) on how to mount and chroot to /mnt.
9. Follow the above how-to instructions for encryption, LVM and grub. Don't forget to install LVM2 again - this time it should install on your hard drive.
10. Don't use the steps for deleting the mint user.
11. Finally, check the /boot/grub/grub.cfg (or .conf file) and see if it looks OK. Pay particular attention to the UUIDs. Mine got screwed up at the first UUID reference were it used a UUID I couldn't locate. Use blkid to see your UUID mappings.
12. Since I was trying to get UEFI work with grub, my installation failed at booting the kernel. I CAN'T VOUCH THAT THIS WILL WORK !!!

What I did get:

- All system files were installed and the user created with his/her home directory. / and /home is on LVM.
- A recognizable UEFI partition that my motherboard (Asus Sabertooth X79) accesses during boot.
- I get an efidisk: read error when booting - this may be a grub issue with UEFI. I will try ELILO as bootloader to see if this works. If not, I'll have to do it all over again and use MBR or GPT-BIOS instead of UEFI.

Let me know if anyone tried my approach, or if the approach cannot work for one reason or another. I don't really see why it shouldn't work, and the advantage is that it creates the user and everything should be ready and in place.
Subjects of interest: Linux, vfio passthrough virtualization, photography
See my blog on virtualization, including tutorials: https://www.heiko-sieger.info/category/ ... alization/
1986

Re: Howto install LMDE with LVM (with or without encryption)

Post by 1986 »

how can I do unencrypted boot on USB, and full encrypted HDD then? because I wanna boot system from USB
powerhouse
Level 6
Level 6
Posts: 1141
Joined: Thu May 03, 2012 3:54 am
Location: Israel
Contact:

Re: Howto install LMDE with LVM (with or without encryption)

Post by powerhouse »

1986 wrote:how can I do unencrypted boot on USB, and full encrypted HDD then? because I wanna boot system from USB
Have a look at the application "cryptkeeper". It's a tray applet that allows you to create and access encrypted folders. These folders are then hidden and can only be accessed via the cryptkeeper applet using a password.

Perhaps this is a simpler way of achieving what you are looking for?
Subjects of interest: Linux, vfio passthrough virtualization, photography
See my blog on virtualization, including tutorials: https://www.heiko-sieger.info/category/ ... alization/
powerhouse
Level 6
Level 6
Posts: 1141
Joined: Thu May 03, 2012 3:54 am
Location: Israel
Contact:

Re: Howto install LMDE with LVM (with or without encryption)

Post by powerhouse »

For those who are interested, I have written a how-to to install Linux Mint 13 Maya with UEFI boot on LVM:

http://forums.linuxmint.com/viewtopic.php?f=46&t=107620 - follow the thread to the bottom of page 1!

I need the help of the community to verify my procedure.

I haven't tried it with LMDE, though. I was hoping that someone could modify it to work with LMDE.
Subjects of interest: Linux, vfio passthrough virtualization, photography
See my blog on virtualization, including tutorials: https://www.heiko-sieger.info/category/ ... alization/
powerhouse
Level 6
Level 6
Posts: 1141
Joined: Thu May 03, 2012 3:54 am
Location: Israel
Contact:

Re: Howto install LMDE with LVM (with or without encryption)

Post by powerhouse »

Found this manual for encrypted LVM installation on Ubuntu, as well as a script that could be easily modified to run on Linux Mint:

Manual: http://blog.andreas-haerter.com/2011/06 ... n-lvm-luks

Script (source): http://blog.andreas-haerter.com/2011/06 ... vm-luks.sh

The above is also referenced here: http://community.linuxmint.com/tutorial/view/344

The script uses the Ubuntu ubiquity installer which would need to be changed to work with Linux Mint.

Perhaps someone cares to produce a modified version for Linux Mint?
Subjects of interest: Linux, vfio passthrough virtualization, photography
See my blog on virtualization, including tutorials: https://www.heiko-sieger.info/category/ ... alization/
kvbx

Translated to German

Post by kvbx »

Hi, I updated the how-to, added screenshots and translated it to German. You can find it here: https://kvbx.de/lmde-installation/.

Hi, ich habe das How-To aktualisiert, Screenshots hinzugefügt und übersetzt. Du findest es hier: https://kvbx.de/lmde-installation/.

Thank you very much for your work.

Cheers, Kevin
ztact

Re: Howto install LMDE with LVM (with or without encryption)

Post by ztact »

I mostly followed the above instructions to install LMDE 201303 onto an encrypted disk, but without LVM.

I was successful installing onto a hard drive at /dev/sda, but when I tried to install onto an encrypted USB drive or SD card, the boot would fail.

The reason for the failure is that the device location of USB drives and SD cards can change from system to system and boot to boot. (Actually, the location of hard drives can change as well, but that may happen less frequently.)

Anyway, to fix the problem, I rewrote /etc/crypttab to use UUID's rather than device paths. After doing that (and rebuilding initramfs and rerunning grub), my USB drives and SD cards would boot and successfully mount the encrypted root partition.

More details are here:
http://ztact.com/2013/04/evms_activate

I also wrote a Makefile that performs the encrypted installation in a semi-automatic manner:
http://ztact.com/2013/04/mint_install
Locked

Return to “LMDE Archive”