Some questions about installing Arch on Luks-encrypted partitions

chuckychuck · 2009-04-18 17:29:45

Hi everyone !!
I might be interested in encrypting my whole Arch system,
i read this page of the wiki http://wiki.archlinux.org/index.php/LUKS_Encrypted_Root,
however there are still some points unclear ..

from point 5 to 8, how can we mount the /dev/mapper/xxx, use cryptsetup or modprobe before running arch/setup ??

the author implied we are using the installer from the inside of an already installed and running linux system right ?? or is there a way to do all this from the arch install cd only ?

once the new system has been installed, at boot-up, it "knows" that /dev/sda3 <--> /dev/mapper/root, as grub boots the system from sda3, but how does it know that sda4 <--> /dev/mapper/home and sda5 <--> /dev/mapper/tmp ??
( as the mappings between the sdx and the /dev/mapper/x are "lost" at the end of the install process )

thanks

Lars Stokholm · 2009-04-18 18:30:32

chuckychuck wrote:

the author implied we are using the installer from the inside of an already installed and running linux system right ?? or is there a way to do all this from the arch install cd only ?

The CD is the installed and running system implied. Everything explained on the wiki can be done by booting from the CD.

chuckychuck wrote:

( as the mappings between the sdx and the /dev/mapper/x are "lost" at the end of the install process )

They are not lost - they are put in /etc/crypttab (while you're running the installer, this will be /mnt/etc/crypttab).

You've got one little point though - one I've been meaning to ask about. So I might as well ask now: It says in the Install Bootloader section, that you should replace /dev/mapper/root with /dev/sda3 in /boot/grub/menu.lst. Why not the other way around?

Last edited by Lars Stokholm (2009-04-18 18:36:00)

chuckychuck · 2009-04-18 19:19:48

thanks for your answers, i didn't know the arch install cd behave like a full featured live-cd ^^

so if i understood well, only by executing the command "cryptsetup ... /dev/sdax /dev/mapper/x", this will modify the crypttab file ( that is located in a ramdisk as at this point there is no hard disk arch yet ?? )
and then when installing arch to the hard disk, it will write to the hard drive our previous cryptsetup parameters ??

about your question, when installing you need to tell arch what is its root partition, which is /dev/mapper/root ( == not a "real" physical partition, but a "virtual" one = /dev/sda3 + an encryting/decrypting layer ), this partition is then pasted to Grub config file, but Grub can't handle such a "virtual" partition
Grub just needs the "real" physical root partition of your system which is /dev/sda3, /dev/mapper/root doesn't exist for Grub

by the way is there any web page somewhere that precisely details how the arch install process work ?? for example as the arch cd is a kind of live-cd, and some of the modifications you make to the live system seem to be written to the hard disk when installing ( crypttab for example )

thanks

Last edited by chuckychuck (2009-04-18 19:23:01)

Lars Stokholm · 2009-04-18 20:38:47

chuckychuck wrote:

so if i understood well, only by executing the command "cryptsetup ... /dev/sdax /dev/mapper/x", this will modify the crypttab file ( that is located in a ramdisk as at this point there is no hard disk arch yet ?? )

No. You set up an encrypted device on your hard drive before you run /arch/setup. This is on your real hard drive - the one you're going to boot from after the installation. The root device is mounted at /mnt and this will be your future root. So editing /mnt/etc/crypttab (which you do with a text editor or echo, not with cryptsetup) will be reflected on your new installation, as this IS your new installation.

The best advice I can give to understand it better is to try it: Follow the directions. Make some mistakes. Learn from those mistakes. Probe and experiment. Start over if you have to.

chuckychuck wrote:

and then when installing arch to the hard disk, it will write to the hard drive our previous cryptsetup parameters ??

Installing Arch to the hard disk as you say (by which I guess you mean running /arch/setup) is primarily a matter of setting up mount points, config files and installing packages. So the installation is not done by editing a ram disk which is finally copied to the hard drive, but by setting up the partition(s), editing files directly on them/it and installing packages (presumably by use of chroot - I'm not sure).

chuckychuck wrote:

Grub just needs the "real" physical root partition of your system which is /dev/sda3, /dev/mapper/root doesn't exist for Grub

That is part of my understanding too. But /dev/sda3 should just be scrambled data, so how is GRUB using that for anything?

chuckychuck · 2009-04-18 20:45:52

Grub doesn't use it, in the wiki tutorial, there is an unencrypted /boot partition, that Grub does read
the root partition in the grub config file is just a parameter that is sent by grub to the linux kernel, at this point of the booting process the linux kernel needs to have the physical partition of / i think, and not yet the /dev/mapper/root
( i'm not 100% sure about all this )

thanks for your answers, now i see more clearly how the install process works

Last edited by chuckychuck (2009-04-18 20:55:46)

Lars Stokholm · 2009-04-18 20:54:15

Glad I could help. And I think I've come to rest with the GRUB thing which I understand a little better now, so thank you too.

chuckychuck · 2009-04-18 20:56:38

just some more questions , in the wiki where it's written :

Add the following line for the /home partition
home /dev/sda4 "myotherpassword"

this step is compulsory in order for the system to mount home as boot-time isn'it ? the author seems to imply it's just for avoiding entering passphrases

and the crypttab should also have a line for the /dev/mapper/tmp ( /dev/sda5 ) isn'it ?

Last edited by chuckychuck (2009-04-18 20:57:39)

Lars Stokholm · 2009-04-18 21:03:58

Good catch. I don't use a seperate /tmp partition myself, so I never thought of it, but you're right.

chuckychuck · 2009-04-18 21:05:34

ok, thanks for the help
bye

Arch Linux

#1 2009-04-18 17:29:45

Some questions about installing Arch on Luks-encrypted partitions

#2 2009-04-18 18:30:32

Re: Some questions about installing Arch on Luks-encrypted partitions

#3 2009-04-18 19:19:48

Re: Some questions about installing Arch on Luks-encrypted partitions

#4 2009-04-18 20:38:47

Re: Some questions about installing Arch on Luks-encrypted partitions

#5 2009-04-18 20:45:52

Re: Some questions about installing Arch on Luks-encrypted partitions

#6 2009-04-18 20:54:15

Re: Some questions about installing Arch on Luks-encrypted partitions

#7 2009-04-18 20:56:38

Re: Some questions about installing Arch on Luks-encrypted partitions

#8 2009-04-18 21:03:58

Re: Some questions about installing Arch on Luks-encrypted partitions

#9 2009-04-18 21:05:34

Re: Some questions about installing Arch on Luks-encrypted partitions

Board footer