You are not logged in.
I've been experimenting with an encrypted lvm2 setup using dm-crypt. Config is as follows:
fdisk -l
Disk /dev/sda: 80.0 GB, 80026361856 bytes
255 heads, 63 sectors/track, 9729 cylinders
Units = cylinders of 16065 * 512 = 8225280 bytes
Disk identifier: 0x41ab2316
Device Boot Start End Blocks Id System
/dev/sda1 1 17 136521 83 Linux
/dev/sda2 6080 9729 29318625 83 Linux
/dev/sda3 18 6079 48693015 8e Linux LVM
Partition table entries are not in disk order
grub/menu.lst, kernel26-mod.img is the initcpio generated with lvm2 and encrypt hooks
title Arch Linux LVM2 LUKS
root (hd0,0)
kernel /vmlinuz26 root=/dev/array/root ro
initrd /kernel26-mod.img
mkinitcpio.conf
HOOKS="base udev autodetect pata scsi sata lvm2 encrypt filesystems"
fstab
#
# /etc/fstab: static file system information
#
# <file system> <dir> <type> <options> <dump> <pass>
none /dev/pts devpts defaults 0 0
none /dev/shm tmpfs defaults 0 0
#/dev/cdrom /media/cd auto ro,user,noauto,unhide 0 0
#/dev/dvd /media/dvd auto ro,user,noauto,unhide 0 0
#/dev/fd0 /media/fl auto user,noauto 0 0
/dev/sda1 /boot ext2 defaults 0 1
/dev/array/root / ext4 defaults 1 2
/dev/array/home /home ext4 defaults 1 2
crypttab:
lukshome /dev/array/home "XXXX"
Now, I tested this configuration before encrypting the partitions - and LVM works. After encryption, I can enter my password at boot, it unlocks the root and home partitions successfully, and then throws an error during fsck: "Filesystem mounted or opened exclusively by another program".
In the recovery console, df shows /dev/sda2 being mounted as /, even though it's definitely /dev/array/root that's mounted (to clarify: I see the files from /dev/array/root, but df shows /dev/sda2 as the only filesystem)!
I've tried various configs of menu.lst including cryptdevice= in the kernel line, but I can't even get to the password prompt like that - I'm stuck. Could somebody help out?
edit: from another installation, the lvm/luks partitions mount and fsck without errors. here's my applicable dev content:
$ sudo ls /dev/array/
home root
$ sudo ls /dev/mapper/
array-home array-root control lukshome luksroot
Last edited by schuay (2009-04-09 07:16:14)
Offline
GRUB should point to the encrypted filesystem, everything else should point to the unencrypted filesystem (/dev/mapper/luksroot, it looks like?).
Offline
I followed the wiki during setup, so first I installed LVM on /dev/sda3 (2 partitions, /dev/array/root and /dev/array/home), then encrypted both using luks ( /dev/mapper/luksroot, /dev/mapper/lukshome ).
I tried modifying the grub kernel line but somehow I didn't even get as far as before.. In the meantime, I installed from scratch on a VM , first encrypting a partition and afterwards setting up LVM on it, which booted fine on the first try. So unless I'm able to fix my current install, I'm probably going to reinstall with the same setup as the VM.
Still a bit confused on luks/lvm though
Offline
Well, I reinstalled the other way around, lvm set up inside of an encrypted physical partition - all working now.
For reference, here's what I did:
make partitions, we will need a separate unencrypted boot partition (sda1) and one large partition for lvm (sda2)
encrypt sda2 using:
modprobe dm-crypt
modprobe aes-i586
cryptsetup -c aes-xts-plain -y -s 512 luksFormat /dev/sda2
cryptsetup luksOpen /dev/sda2 root
setup lvm2:
modprobe dm-mod
lvm pvcreate /dev/sda2 #phys vol
lvm vgcreate array /dev/sda2 #vol group
lvm lvcreate --size 50G --name root array #logical vol
vgchange -ay #turn on partitions
install arch - if copying from existing setup we need to create /dev/console:
mknod -m 600 /dev/console c 5 1
there's probably some stuff missing (black and white boot) but at least the system is bootable
configure:
mkinitcpio: add hooks encrypt lvm2 before filesystems and regenerate initcpio
fstab: use lvm2 names (/dev/array/root)
menu.lst: kernel line - root=/dev/mapper/array-root cryptdevice=/dev/sda2:array
done!
Last edited by schuay (2009-04-09 17:15:24)
Offline