I'm a newb to Arch. I've been using Fedora for about four years, so Arch is a fun challenge. And I wish to contribute to the clarity of the Wiki page. Having set up LUKS with LVM for Fedora twice, and now Arch, one or two points might benefit the following wiki pages.
First, The instructions for kernel parameters on Kernel parameter configuration of the bootloader refers to the kernel parameter as:
The path to the raw encrypted device. Usage of Persistent block device naming is advisable.
The name given to the device after decryption, will be available as /dev/mapper/<dmname>. (<dmname> MUST NOT be set to a name already used for LVM partitions!)
While higher up the page LVM on LUKS:
cryptsetup luksOpen /dev/sda3 lvmpool (alternate)
For setting up LVM ontop the encryption layer the device file for the decrypted volume group would be anything like /dev/mapper/lvmpool instead of /dev/sda3. LVM will then give additional names to all logical volumes created, e.g. /dev/mapper/lvmpool-root and /dev/mapper/lvmpool-swap.
The alternate reflects the LVM setup which seems to be a best practice in Fedora. My working setup is
. And when mounting the LUKS partitions I found it necessary to activate the volume group name with
#vgchange -ay <volumeGroup>
In that scenario the configuration install was:
# cryptsetup luksFormat -y --cipher aes-xts-plain --key-size 512 /dev/sda3 # cryptsetup luksOpen /dev/sda3 cryptVG # pvcreate /dev/mapper/crypt # vgcreate cryptVG /dev/mapper/crypt # lvcreate -n root -L 20.0G cryptVG # lvcreate -n swap -L 6.0G cryptVG # lvcreate -n data -l 100%FREE cryptVG /** For Arch you're applying the file-systems now, but in Fedora, the Anaconda installer takes care of it.**/ # cryptsetup luksClose crypt
For me, as a newbie setting up the two L's I found it easier to understand LVM as logical volumes in a volume group. Not sure how much this matters in theory, but in practice as a newbie setting up the two L's, I found it easier to understand LVM as logical volumes in a single volume group. Mainly because the Anaconda installer was automatically setting up the volume group name, and when I used the above setup, my custom name was reflected in Anaconda's GUI.
Second, The omnious Bang'd warning not to use 'a name already used for LVM partitions' seemed to conflict with the GRUB page instructions, until I noticed the GRUB page didn't include LVM. Given the popularity of LUKS and LVM solutions, it seems some hyperlinking notes would be appropriate. Yes?
And maybe third... I was working on a GRUB config issue and couldn't find any reference in the GRUB wiki page to explain to me the difference between GRUB_CMDLINE_LINUX and GRUB_CMDLINE_LINUX_DEFAULT (or more importantly, something to explain putting commands into one, the other or both). The GRUB wiki instructs to put the encryption parameter on the former, and dm-luks instructs to put it ... well, it doesn't state where to put the encryption parameters, and simply refers to Kernel parameters page.
Last edited by xtian (2013-09-17 22:00:44)
Honestly, the Luks/dm-crypt page is a mess. It has some great information in it, but if you know nothing about Luks setup, then it can be a bit unwieldy. So if you think that there are improvments that can be made to it, you should edit it. That is how our wiki works. All you need is an account, and you're in.
As stated by WonderWoofy, you are more than welcome on the wiki! Just register and edit the article, but I'd like to add that you (like everyone else) are very warmly invited to always explain each of your edits exhaustively using the Edit Summary at the bottom of the Editor page; if the explanation is so long that doesn't fit in the summary, open a discussion in the talk page and link to that discussion from the summary itself. Last thing, don't do big edits all at once, but prefer splitting your work in a series of little edits: this will help everybody understand what you've done, since the resulting diffs will be much clearer.
Last edited by kynikos (2013-09-01 04:56:26)
Thanks for the SOP for discussion of wiki edits...