Howto install LMDE with LVM (with or without encryption)

Archived topics about LMDE 1 and LMDE 2
User avatar
Pepas
Level 2
Level 2
Posts: 56
Joined: Mon Jan 24, 2011 10:18 am
Contact:

Re: Howto install LMDE with LVM (with or without encryption)

Post by Pepas »

Loved the idea of a Makefile to do this. So I adapted ztact's Makefile (which doesn't do full encryption on lvm2) and made it work for luks encrypted lvm2 partitions, so you get your swap and data partitions encrypted too: http://j.mp/makelmde
It works for both the Mate and the Cinnamon 32bit editions (64bit editions not tested).
"This Makefile will result in a working install of Linux Mint Debian Edition edition (version 201303) on a luks encrypted lvm2 partition with root, swap and data filesystem"

Instructions:

1. Boot the Live environment of LMDE 201303

2. Open a Terminal (Menu, Terminal) and enter:

Code: Select all

sudo -i
mkdir make
cd make
wget j.mp/makelmde
mv makelmde Makefile
nano Makefile
3. Adapt the SETTINGS section in the Makefile, for instance like this:

Code: Select all

boot_device=/dev/sda1
crypt_device=/dev/sda2
grub_device=/dev/sda
username=me
hostname=mine
4. Partition the drive, for instance (taking up all space):

Code: Select all

fdisk /dev/sda
o
n
   [Enter]
   [Enter]
   [Enter]
+128M
n
   [Enter]
   [Enter]
   [Enter]
   [Enter]
w
(This is making a 128 MB boot partition, and giving the rest to the encrypted lvm2)

5. Start the Makefile by doing:

Code: Select all

make all
6. Answer the questions as they come up:
- password for encryption (twice the same)
- password for decryption (same again)
- password for user, and some irrelevant info
- about the keyboard
- about the timezone

And that's it!
Last edited by Pepas on Fri May 03, 2013 2:43 am, edited 2 times in total.
carina

Re: Howto install LMDE with LVM (with or without encryption)

Post by carina »

Thank you Pepas!

I wonder, why is encryption not enabled by default? Or, at least, why is it not implemented in the installer for us laptop users :mrgreen:
I write kind of a diary, you know!?!1
User avatar
Pepas
Level 2
Level 2
Posts: 56
Joined: Mon Jan 24, 2011 10:18 am
Contact:

Re: Howto install LMDE with LVM (with or without encryption)

Post by Pepas »

I think an encrypted home partition is supported, which might be sufficient for home users, but the above method encrypts the OS, the swap partition and optionally a data/home partition, so it is much more secure.
carina

Re: Howto install LMDE with LVM (with or without encryption)

Post by carina »

Sure, why not encrypt all the things!? ;-)

OT (scnr)

At the moment I play with Kali and I must say, they put a great installation routine together. Encryption of the whole disk is supported and it is only one click farther away as the unencrypted installation. I'm no developer, I can't port that. :?

Every evening when I watch the news, I see dictators, social networks and (even european) countries spying on their own people. We let it happend that encryption, information self-defence, is only achievable by some geeks...

If LM don't want to provide (the possibility of) encryption it looks like we don't want/need/like people who are in worse situations like we are. I don't want to say that this is a discrimination of non-tech-people. Just think about a girl who gets spied on by her creepy uncle who wants her last beach holiday pictures. Or a journalist who happens to tap in a big food scandal, or a manager loses his private laptop with some business data, ... The worst thing of a half-encryption is not the lost data but the false assumption about security. Just buy a used smartphone and follow a forensic tutorial from the internet - you can have fun for weeks.

I see the same false sense of security at the download section of the LM isos. We just get an md5sum which helps for completeness, but not for integrity. I smell Windows: by using some virus scan-snake oil we pretend that the system is safe :mrgreen: How about a gpg signature, it could be provided quite easily.

Pepas, I'm not saying this to you, as your Makefile is what we need more of :wink: I'm just sad to see what wonderful ideas are realised by the LM community and then they forgot to implement the most basic security.

Cheers mate, keep up the good work!! :)
vakinn

Re: Howto install LMDE with LVM (with or without encryption)

Post by vakinn »

powerhouse wrote:
1986 wrote:how can I do unencrypted boot on USB, and full encrypted HDD then? because I wanna boot system from USB
Have a look at the application "cryptkeeper". It's a tray applet that allows you to create and access encrypted folders. These folders are then hidden and can only be accessed via the cryptkeeper applet using a password.

Perhaps this is a simpler way of achieving what you are looking for?
I'm looking for the same thing that 1986 is looking for. Cryptkeeper will not do. In an episode of Hak5, int0x80 explains how to do it with BackTrack 5. However, I'd like this same thing but with LMDE. Also, I'm wondering about the first commands given by OP that install the tools. Where are they installed? Do I need a live USB rather than a DVD?
User avatar
Pepas
Level 2
Level 2
Posts: 56
Joined: Mon Jan 24, 2011 10:18 am
Contact:

Re: Howto install LMDE with LVM (with or without encryption)

Post by Pepas »

Totally encrypted drive and /boot on USB stick: I think you can just use the Makefile with root_device=/dev/sdb1 (or whatever) and grub_device=/dev/sdb
karlzap

Re: Howto install LMDE with LVM (with or without encryption)

Post by karlzap »

Pepas wrote:Loved the idea of a Makefile to do this. So I adapted ztact's Makefile (which doesn't do full encryption on lvm2) and made it work for luks encrypted lvm2 partitions, so you get your swap and data partitions encrypted too: http://j.mp/makelmde
It works for both the Mate and the Cinnamon 32bit editions (64bit editions not tested).
That link is bad. All I get is "connection refused". :(
gryphon

Re: Howto install LMDE with LVM (with or without encryption)

Post by gryphon »

karlzap wrote:That link is bad. All I get is "connection refused". :(
It works fine here. Anyway I uploaded it to pastebin just to be sure: http://pastebin.com/raw.php?i=VF9WDnra
carina wrote:How about a gpg signature, it could be provided quite easily.
Secure apt can validate downloaded packages: https://wiki.debian.org/SecureApt

Btw, to manage encrypted directories you can use GEncFsM instead of the old Cryptkeeper: http://www.libertyzero.com/GEncfsM/
hkarn

Re: Howto install LMDE with LVM (with or without encryption)

Post by hkarn »

Is this guide still valid?

I run into problems at
lvcreate -n lmdb -L 10G volumes

/dev/volumes/lmde: not found: device not cleared
Aborting. Failed to wipe start of new LV.

If I add -Z n it works but I get a warning about zeroing being skipped.

Then I get suck on mkswap just after where it cant find /dev/volumes/swap

It is listed with lvdisplay.
hkarn

Re: Howto install LMDE with LVM (with or without encryption)

Post by hkarn »

Thank you Papas!!
Tied every guide for installing LMDE with full-disk encryption out there, your makefile finally worked.

... but it breaks down completley after running the upgrades. Ohh well back to LM16 :(
User avatar
Pepas
Level 2
Level 2
Posts: 56
Joined: Mon Jan 24, 2011 10:18 am
Contact:

Re: Howto install LMDE with LVM (with or without encryption)

Post by Pepas »

hkarn wrote:your makefile finally worked.
... but it breaks down completley after running the upgrades.
What in the install is breaking down?? I've never seen or heard of this.
User avatar
Pepas
Level 2
Level 2
Posts: 56
Joined: Mon Jan 24, 2011 10:18 am
Contact:

Install LMDE with luks encrypted LVM using Makefile

Post by Pepas »

Upgraded the Makefile to work with LMDE 201403 as well.
It works for both the Mate and the Cinnamon 32bit and 64bit editions

Makefile: http://j.mp/makelmde
"This Makefile will result in a working install of Linux Mint Debian Edition edition (version 201303 or 201403) on a luks encrypted lvm2 partition with root, swap and data filesystem"

Instructions:

1. Boot the Live environment of LMDE 201303 or 201403

2. Open a Terminal (Menu, Terminal) and enter:

Code: Select all

sudo -i
wget j.mp/makelmde
mv makelmde Makefile
3. If needed, adapt the SETTINGS section in the Makefile:

Code: Select all

nano Makefile
4. Partition the drive, for instance (taking up all space):

Code: Select all

fdisk /dev/sda
o [Enter]
n [Enter]
   [Enter]
   [Enter]
   [Enter]
+128M [Enter]
n [Enter]
   [Enter]
   [Enter]
   [Enter]
   [Enter]
w [Enter]
(This is making a 128 MB boot partition, and giving the rest to the encrypted lvm2)

5. Start the Makefile by doing:

Code: Select all

make all
6. Answer the questions as they come up:
- password for encryption (twice the same)
- password for decryption (same again)
Then after a wait for all the preparations to have happened:
- password for user, and some irrelevant info
- about the keyboard
- about the timezone

And that's it!
hkarn

Re: Howto install LMDE with LVM (with or without encryption)

Post by hkarn »

I get an error after typing make all the console returns. 201403 I didn't open the makefile.

Makefile:2: *** missing separator. Stop.

edit: So I tried just commenting out the set line. Get the same error on line 138 instead also. With 2nd line commented out ... 151 after commenting that out.
Seems to be a lot of malformed separators in this version...
User avatar
Pepas
Level 2
Level 2
Posts: 56
Joined: Mon Jan 24, 2011 10:18 am
Contact:

Re: Howto install LMDE with LVM (with or without encryption)

Post by Pepas »

hkarn wrote:Seems to be a lot of malformed separators in this version...
Sorry hkarn, Dropbox-links got messed up again; you got the bash-script (which is better, but can't be called with make). I think (I hope) I fixed it for good now.
TomRoche

install LMDE && LVM2 && LUKS

Post by TomRoche »

Note I have a git repo here. It should be considerably more reliable than dropbox :-) but unfortunately it currently (on branch=`master`) only supports LVM2 && LUKS, i.e., not LVM2 && !LUKS. It has a branch=`support_LVM2_without_LUKS` for LVM2 && !LUKS, but I don't have that working yet. Feel free to fork and += pull request!

The main difference (other than ease of access, history, and the other goodnesses of an online DVCS) between PePas' excellent code and current code in the repo (which forks PePas) is, my code separates the usual user-set properties into a separate properties file (e.g., this). The hope is, folks won't hafta touch the main script (except to improve it!) and can just attach or link to their properties file in case of problems.

(The main difference between our documentation is, I have some :-)
Gunstick

Re: Howto install LMDE with LVM (with or without encryption)

Post by Gunstick »

Hi

the squashfs was not at the expected position (I use install from ISO off an USB stick)
-r--r--r-- 1 root root 1207042048 Feb 27 2014 /lib/live/mount/medium/live/filesystem.squashfs

Georges
TomRoche

bug: squashfs moved

Post by TomRoche »

Gunstick wrote:the squashfs was not at the expected position (I use install from ISO off an USB stick)
Looks like the Debian Live installer changed where it writes the squashfs from `/lib/live/mount/rootfs/filesystem.squashfs` to
Gunstick wrote:/lib/live/mount/medium/live/filesystem.squashfs
I made an issue to track this and will try to fix it this afternoon (should be just a properties change).
Gunstick

Re: Howto install LMDE with LVM (with or without encryption)

Post by Gunstick »

Hi

I think in your bash script this works. I used the original post of this thread which does unsquashfs and had an old location
I checked your script and the mounted squashfs seems to match what I have on my system
drwxr-xr-x 21 root root 338 Feb 27 2014 /lib/live/mount/rootfs/filesystem.squashfs/

Would be nice if the top post of this thread would point to the install script.
Georges
TomRoche

tutorial modification requested

Post by TomRoche »

Gunstick wrote:I checked your script and the mounted squashfs seems to match what I have on my system
drwxr-xr-x 21 root root 338 Feb 27 2014 /lib/live/mount/rootfs/filesystem.squashfs/
Great! I'll close the issue (though long-term I probably need to parameterize that anyway).
Gunstick wrote:Would be nice if the top post of this thread would point to the install script.
Requested here.
TomRoche

tutorial modified

Post by TomRoche »

Gunstick wrote:Would be nice if the top post of this thread would point to the install script.
TomRoche wrote:Requested here.
Thanks to users Pierre and Karlchen, the top post of this thread now begins
Update

Since this tutorial was written, the install process has evolved, and code has been written to automate the process.
- One repository for such code is here.
Locked

Return to “LMDE Archive”