I'd like to install Arch and to encrypt my filesystem. I also want to use lvm and to have a keyfile stored on a usb stick.
I did everything according to these guides but when I boot, I get an error : "Refusing activation of partial LV".
I think this error is due to the way I partitionate my drives.
I have two drives :
- First, 128 GB
/dev/sda1 : 200Mo /boot en ext2 /dev/sda2 : 70Go used pour lvm
- Second, 1TB :
/dev/sdb1 : 850GB used for lvm
I created one physical volume for each partition I use for LVM. And I created only one volume group (extended on the second hard drive). I manage to mount the partitions manually if I boot on the install medium and manually mount them.
In my /boot/grub/grub.cfg, I added
I think that the problem may be I don't decrypt /dev/sdb1 (only /dev/sda2 is in Grub.cfg) but I didn't find any information about this case on the web...
The encrypt hook from mkinitpcio does not support multiple partitions: see https://bugs.archlinux.org/task/23182, https://bugs.archlinux.org/task/15738.
If you need to open both from the initramfs you will need to write a custom encrypt hook (read the previous bugreports for examples).
Or you can use an "lvm on luks on lvm" setup, then you should be able to boot with
HOOKS="... lvm2 encrypt lvm2 ..."
I managed to make it work using cryptsetup_multi from AUR.
Another question :
Is it possible to automatically open a session via a file stored on a USB key (as we can do to remotely connect to SSH via public/private key). As my whole system is encrypted with a key file stored on a USB key, it would be a great thing to be able to login with an authentication file.
Else, I will enable autologin but it's less flexible. Using a file on a USB key we can imagine to connect to different accounts with different files on the USB key.