[SOLVED] LUKS on LVM, spanning on 2 disks, GRUB

olivarch · 2014-07-03 13:23:08

Hi,

I'm using LUKS on LVM , which allows me to span the Logical Volume (root) on 2 disks (sda1 and sdb2), and encrypt the resulting combined logical volume.

However something is not clear about the GRUB command line :

https://wiki.archlinux.org/index.php/Gr … encryption

Example with root mapped to /dev/mapper/root:
GRUB_CMDLINE_LINUX="cryptdevice=/dev/sda2:root"

https://wiki.archlinux.org/index.php/Dm … oot_loader

cryptdevice=device:dmname
■ device is the path to the raw encrypted device. Usage of Persistent block device naming is advisable.
■ dmname is the device-mapper name given to the device after decryption, which will be available as /dev/mapper/dmname.
■ If the encrypted device contains a LVM, the name of the volume group (vgname) containing the logical volume of the root partition serves as dmname. The parameter then takes the form of cryptdevice=device:vgname.

In my case the device is not unique. It's sda1 and sdb2... taking the above example :
Will using only one device work ?

GRUB_CMDLINE_LINUX="cryptdevice=/dev/sda1:root"
or
GRUB_CMDLINE_LINUX="cryptdevice=/dev/sdb2:root"

or should I do something else ?

any idea welcome, thanks

Last edited by olivarch (2014-07-13 00:16:04)

frostschutz · 2014-07-03 15:16:03

If you have LUKS on LVM, then your device is neither sda nor sdb, but something like /dev/mapper/vgname-lvname or /dev/dm-1 or something like that.

I don't know if UUID= is supported but it would be the best solution for dynamic LVM devices.

# blkid /dev/mapper/vg-root
/dev/vg-root: UUID="60c49742-f130-4284-9467-e420e29d2e78" TYPE="crypto_LUKS"

The initramfs would have to be smart enough to start LVM before looking for a cryptdevice; dunno if that happens by default.

Last edited by frostschutz (2014-07-03 15:21:28)

clfarron4 · 2014-07-03 16:02:32

frostschutz wrote:

The initramfs would have to be smart enough to start LVM before looking for a cryptdevice; dunno if that happens by default.

The Wiki says somewhere that you'd need to build the initramfs with the lvm2 and encrypt hooks

frostschutz wrote:

I don't know if UUID= is supported but it would be the best solution for dynamic LVM devices.
# blkid /dev/mapper/vg-root
/dev/vg-root: UUID="60c49742-f130-4284-9467-e420e29d2e78" TYPE="crypto_LUKS" 

I'm pretty sure I've seen UUID's in use for LVM setups somewhere on here. Let me have a look later.

olivarch · 2014-07-13 00:10:04

Thanks for your answers.

For context :

# lvdisplay 
  --- Logical volume ---
  LV Path                /dev/onevg/lvroot
  LV Name                lvroot
  VG Name                onevg
...

# lsblk
NAME             MAJ:MIN RM   SIZE RO TYPE  MOUNTPOINT
sda                8:0    0   477G  0 disk  
└─sda1             8:1    0   477G  0 part  
  └─onevg-lvroot 254:0    0 506.3G  0 lvm   
    └─root       254:1    0 506.3G  0 crypt /
sdb                8:16   0  29.8G  0 disk  
├─sdb1             8:17   0   512M  0 part  /boot
└─sdb2             8:18   0  29.3G  0 part  
  └─onevg-lvroot 254:0    0 506.3G  0 lvm   
    └─root       254:1    0 506.3G  0 crypt /

So in the end here is my grub cmd line :

GRUB_CMDLINE_LINUX="cryptdevice=/dev/onevg/lvroot:root:allow-discards root=/dev/mapper/root"

barcazama · 2021-12-29 13:02:27

Thank you, exactly what I was looking for. I had trouble understanding.

For context :

olivarch wrote:

GRUB_CMDLINE_LINUX="cryptdevice=/dev/onevg/lvroot:root:allow-discards root=/dev/mapper/root"

Arch Linux

#1 2014-07-03 13:23:08

[SOLVED] LUKS on LVM, spanning on 2 disks, GRUB

#2 2014-07-03 15:16:03

Re: [SOLVED] LUKS on LVM, spanning on 2 disks, GRUB

#3 2014-07-03 16:02:32

Re: [SOLVED] LUKS on LVM, spanning on 2 disks, GRUB

#4 2014-07-13 00:10:04

Re: [SOLVED] LUKS on LVM, spanning on 2 disks, GRUB

#5 2021-12-29 13:02:27

Re: [SOLVED] LUKS on LVM, spanning on 2 disks, GRUB

Board footer