You are not logged in.
- Topics: Active | Unanswered
#1 2021-10-03 19:18:42
- Gaen
- Member
- Registered: 2020-12-16
- Posts: 28
[SOLVED] Pendrive | GRUB | LVM on LUKS | ERROR: device not found
Hi!
I want to create a bootable encrypted pendrive using LVM on LUKS for both BIOS and UEFI systems.
Currently testing the whole installation process inside VirtualBox with snapshots.
Summarized installation:
==============================================
ARCH ISO - PREPARATION
==============================================
loadkeys ...
setfont ...
ip link
ping -c 5 archlinux.org
reflector ...
==============================================
PARTITIONING
==============================================
lsblk
// name of the usb device is "sda"
sgdisk -o -n 1:0:+10M -t 1:EF02 -n 2:0:+550M -t 2:EF00 -n 3:0:0 -t 3:8309 /dev/sda
// 10M BIOS partition, a 550M EFI partition, 100%FREE Linux LUKS partition
lsblk /dev/sda
NAME MAJ:MIN RM SIZE RO TYPE MOUNTPOINT
sda x:xxx x [xx]G 0 disk
├─sda1 x:xxx x 10M 0 part BIOS/MBR | EF02
├─sda2 x:xxx x 550M 0 part EFI | EF00
└─sda3 x:xxx x [xx]G 0 part Linux LUKS | 8309
mkfs.fat -F32 /dev/sda2
cryptsetup luksFormat --type luks1 --use-random -S 1 -s 512 -h sha512 -i 5000 /dev/sda3
cryptsetup open /dev/sda3 cryptLVM
pvcreate /dev/mapper/cryptLVM
vgcreate vg /dev/mapper/cryptLVM
lvcreate -l 50%FREE vg -n root
lvcreate -l 100%FREE vg -n home
mkfs.ext4 /dev/vg/root
mkfs.ext4 /dev/vg/home
mount /dev/vg/root /mnt
mkdir /mnt/home
mount /dev/vg/home /mnt/home
mkdir /mnt/efi
mount /dev/sda2 /mnt/efi
==============================================
INSTALL BASE PACKAGE SET
==============================================
pacstrap /mnt base base-devel linux linux-firmware linux-headers lvm2 intel-ucode amd-ucode vim git grub efibootmgr iwd acpi terminus-font bdf-unifont
==============================================
GENERATE FILE SYSTEM TABLE
==============================================
genfstab -U /mnt > /mnt/etc/fstab
==============================================
MOUNT OPTIONS
==============================================
vim /mnt/etc/fstab
> Change "relatime" option to "noatime"
==============================================
CHANGE ROOT & CHECK PARTITIONS
==============================================
arch-chroot /mnt
lsblk /dev/sda
NAME MAJ:MIN RM SIZE RO TYPE MOUNTPOINT
sda x:xxx x [xx]G 0 disk
├─sda1 x:xxx x 10M 0 part
├─sda2 x:xxx x 550M 0 part /mnt/efi
└─sda3 x:xxx x [xx]G 0 part
└─cryptLVM x:xxx x [xx]G 0 crypt
├─vg-root x:xxx x [xx]G 0 lvm /mnt
└─vg-home x:xxx x [xx]G 0 lvm /mnt/home
==============================================
SET LOCALE & FONT
==============================================
ln -sf ...
hwclock --systohc
vim /etc/locale.gen
locale-gen
vim /etc/locale.conf
vim /etc/vconsole.conf
==============================================
HOSTNAME
==============================================
echo "..." > /etc/hostname
vim /etc/hosts
==============================================
NETWORK
==============================================
ln -s /dev/null /etc/udev/rules.d/80-net-setup-link.rules
vim /etc/systemd/network/20-ethernet.network
systemctl enable systemd-networkd.service
systemctl enable systemd-resolved.service
systemctl enable iwd.service
cp /etc/systemd/network/20-ethernet.network /etc/systemd/network/20-wlan.network
vim /etc/systemd/network/20-wlan.network
systemctl enable systemd-timesyncd.service
==============================================
USER
==============================================
passwd
useradd -mG wheel ...
passwd ...
EDITOR=vim visudo
%wheel ALL=(ALL) ALL
==============================================
JOURNAL CONFIGURATION
==============================================
mkdir -p /etc/systemd/journald.conf.d
vim /etc/systemd/journald.conf.d/10-volatile.conf
[Journal]
Storage=volatile
SystemMaxUse=16M
RuntimeMaxUse=32M
==============================================
INITRAMFS
==============================================
vim /etc/mkinitcpio.conf
HOOKS=(base udev autodetect keyboard keymap consolefont modconf block encrypt lvm2 filesystems fsck)
mkinitcpio -p linux
==============================================
BOOTLOADER
==============================================
blkid | sed -n '/sda3/s/.*\sUUID=\"\([^\"]*\)\".*/\1/p' > uuid
vim uuid
yy
:tabe /etc/default/grub
p
GRUB_CMDLINE_LINUX="cryptdevice=UUID=xxxxxxxx-xxxx-xxxxxx-xxxxxx-xxxxx-xxxxxx:cryptLVM root=/dev/vg/root"
GRUB_ENABLE_CRYPTODISK=y
rm uuid
grub-install --target=i386-pc --boot-directory=/boot /dev/sda
grub-install --target=x86_64-efi --efi-directory=/efi --boot-directory=/boot --removable --recheck
grub-mkconfig -o /boot/grub/grub.cfg
==============================================
EMBED A KEYFILE IN INITRAMFS
==============================================
mkdir /root/secrets
chmod 700 /root/secrets
head -c 64 /dev/urandom > /root/secrets/crypto_keyfile.bin
chmod 600 /root/secrets/crypto_keyfile.bin
cryptsetup -v luksAddKey -i 1 /dev/sda3 /root/secrets/crypto_keyfile.bin
vim /etc/mkinitcpio.conf
FILES=(/root/secrets/crypto_keyfile.bin)
mkinitcpio -p linux
vim /etc/default/grub
GRUB_CMDLINE_LINUX="cryptdevice=UUID=xxxxxxxx-xxxx-xxxxxx-xxxxxx-xxxxx-xxxxxx:cryptLVM root=/dev/vg/root cryptkey=rootfs:/root/secrets/crypto_keyfile.bin"
grub-mkconfig -o /boot/grub/grub.cfg
chmod 700 /boot
chmod 600 /boot/initramfs-linux*
Edit:
I screwed up the whole thing by using the wrong UUID and the boot partition was not right either..
blkid | sed -n '/cryptLVM/s/.*UUID=\"\([^\"]*\)\".*/\1/p' > uuid << Wrong UUID = "device not found"
blkid | sed -n '/sda3/s/.*\sUUID=\"\([^\"]*\)\".*/\1/p' > uuid << Correct one!
"Tip: /boot is not required to be kept in a separate partition; it may also stay under the system's root / directory tree."
- Arch WikiAfter fixing all of this, the pendrive works as intended; asks for the passphrase on both BIOS and UEFI systems.
Last edited by Gaen (2021-10-26 21:43:37)
Offline