You are not logged in.
SOLVED Technically not solved. I am going to spend some time revising system encryption, the Chromebook guide I wrote is really not applicable to my modern system.
I'm currently reinstalling Arch. I've got two drives, my SSD is sda and an older mechanical drive sdb. I want to encrypt both devices. sda will be the root and sdb will be home.
I've been loosely following this guide that I wrote some time ago for a Chromebook that only had one drive. The main difference here is that I'm using two drives and I am not using any swap space.
my /etc/fstab has ended up in the following format
# /dev/mapper/vg0-root
UUID=xxxx / ext4 rw,relatime,data=ordered 0 1
# /dev/sda1
UUID=xxxx /boot ext4 rw,relatime,data=ordered 0 2
# /dev/mapper/vg1-home
UUID=xxxx /home ext4 rw,relatime,data=ordered 0 2
I'm at the step where I install grub, and I would appreciate it if someone could confirm that I'm adding the correct GRUB_CMDLINE_LINUX to /etc/default/grub before I continue
GRUB_CMDLINE_LINUX="cryptdevice=/dev/disk/by-uuid/xxxx:vg0 root=/dev/mapper/vg0-root cryptdevice=/dev/disk/by-uuid/xxxx:vg1 home=/dev/mapper/vg1-home"
I have put the correct UUIDs in, I just replaced them with xxxx here for formatting. I am concerned mainly with two things.
1. Is home=/dev/mapper/vg1-home correct, or should it be root/home=/dev/mapper/vg1-home?
2. Do I need to include ro in there? In my original guide I have ro after the resume=/dev/mapper/vg0-swap. I am not using swap this time so can I omit ro, or is it required for the preceding parts? If I do require ro, do I need only include it once at the end or does it need to be repeated after certain parts?
If there is anything else that I might have missed, that isn't covered in my guide but is required for my new 2 drive setup, please let me know.
Edit:
I realise my original guide has the note "If you have any other partitions such as home, they do not need to be listed here – they should have been generated in the fstab file." I do not believe this to be correct in the situation where home is on a separate drive, because the device is mapped separately?
Last edited by monkeypants (2016-06-18 19:10:02)
Offline
Non-root encrypted partitions are unlocked via crypttab and mounted via fstab. Remove the home= and the second cryptdevice= words from the cmdline.
For the fstab, i don't see the point of using UUIDS instead of the more readable /dev/mapper/vg0-root, which is already unique.
EDIT: Also, specify discard in the fstab for SSDs, and specify discard in the LUKS and LVM options.
Last edited by teateawhy (2016-06-18 18:04:12)
Offline
and specify discard in the LUKS and LVM options.
Where do I do this, in the fstab? so it would be
# /dev/mapper/vg0-root
UUID=xxxx / ext4 rw,relatime,discard,data=ordered 0 1
# /dev/sda1
UUID=xxxx /boot ext4 rw,relatime,discard,data=ordered 0 2
# /dev/mapper/vg1-home
UUID=xxxx /home ext4 rw,relatime,discard,data=ordered 0 2
Last edited by monkeypants (2016-06-18 18:24:05)
Offline
... specify the discard mount option. Was a bit unclear.
EDIT: You can read the article on "SSD" for details.
Last edited by teateawhy (2016-06-18 18:36:26)
Offline
... specify the discard mount option. Was a bit unclear.
EDIT: You can read the article on "SSD" for details.
I understand the discard for the SSD entries, I'm confused about where the LUKS and LVM options are. Do you mean I should add discard also to the vg1-home entry in fstab, which is on a mechanical hdd but is also encrypt?
Offline
I'm confused about where the LUKS and LVM options are.
Read the article on "SSD", it's in there.
Offline
monkeypants wrote:I'm confused about where the LUKS and LVM options are.
Read the article on "SSD", it's in there.
I'm going to mark the thread as solved. I think the guide I wrote for my Chromebook is not really applicable in this case, and there is clearly a lot of information that I've forgotten so I need to sit down with the Arch wiki this evening and do a few hours of reading and planning.
Thanks for the assistance, I'll probably be back with a new thread later tonight...
Offline