Page 4 of 4 FirstFirst ... 234
Results 31 to 38 of 38

Thread: HOWTO: install and reinstall on an encrypted LUKS/LVM system

  1. #31
    Join Date
    Sep 2011
    Beans
    2

    Re: HOWTO: install and reinstall on an encrypted LUKS/LVM system

    This didn't work for me.
    The solution described using the alternate install was done and the system was installed but, since my user directory was encrypted in /home/username/.Private using encryptfs, it failed to mount, and I didn't find a workaround yet, since no username nor any passwork seems to work, even typing the exact terms I entered during install. So I can only access a Guest account, which dosn't allow me to access any Terminal nor sudo neither any graphical interface that requires root.
    It seems that alternate install doesn't have the necessary packages to deal with encryptfs, since it doesn't understands its partition type. I tried to get into recovery other times to try to figure out something in the fstab, but nothing works. Even adding /home/username/.Private /home/username encryptfs defaults 0 0 makes the installed system to tells me it is not a valid partition.
    Maybe you should advise people, by editing the thread, not to try this in this case, or sugesting a workaround, that maybe would be copying no only cryptfs but also fstab, or maybe installing other packages. All I know is that more people is having a hard time with this thing, and in times when ubuntu wants to go to the crowd, in cell phones, things like these shouldn't happen anymore. The closer canonical gets from people willing to pay for it, the least it can just rely in the "use it in an 'as is' basis" clause.

  2. #32
    Join Date
    Jan 2007
    Location
    Ann Arbor, MI, USA
    Beans
    55
    Distro
    Ubuntu 10.10 Maverick Meerkat

    Re: HOWTO: install and reinstall on an encrypted LUKS/LVM system

    Tuliouel, I'm not sure of the scenario where one would want to use an encrypted user directory given that one is also using whole disk encryption. Unless I'm misunderstanding how the encrypted user directories work, I don't think it provides any additional security. But in any case, it is an allowed scenario and you seem to have hit an issue with it. I would like to add a comment in my original tutorial warning about the possibility of data loss in this scenario, but I'm no longer able to edit my original post. The powers that be are suggesting that tutorials be moved to one of the wikis instead of being maintained in the forums. Maybe someday I'll add an up-to-date version of this tutorial to the wiki. In the meantime, hopefully other users will see your post and be warned about this scenario.

  3. #33
    Join Date
    Nov 2009
    Beans
    4

    Re: HOWTO: install and reinstall on an encrypted LUKS/LVM system

    Hi everybody, hi John Wiersba, I have just installed a working Kubuntu 13.04, while keeping my encrypted partitions (some encapsulated in a Logical Volume Manager), only formatting / and /boot. As I have used the hints of John, and another tip corresponding to an Ubuntu bug (see below), here is my summary of the installation:

    Installation of Kubuntu through Lubuntu

    At the beginning, my idea was to use the Kubuntu 13.04 installer, using the tip explained at https://wiki.kubuntu.org/RaringRingtail/Alpha2/Kubuntu:

    The desktop image installer cannot unlock existing encrypted (LUKS) volumes. If you need to make use of existing encrypted volumes during partitioning, then use the "Try Ubuntu without installing" boot option to start a live session, open the encrypted volumes (for example, by clicking on their icons in the Unity launcher), enter your password when prompted to unlock them, close them again, and run ubiquity to start the installer. (1066480)
    refering to bug https://bugs.launchpad.net/ubuntu/+s...y/+bug/1066480. Indeed, this technique works: by mounting my two encrypted partitions in Dolphin from the KDE live CD:


    • one for /home on a HDD
    • another one for a Logical Volume Manager on a SSD containing /home/local (separated from /home to benefit from the speed of the SSD for scientific computing), /, /usr/local.


    I was able to see them in the installer (run from the icon on the KDE desktop). Without mounting them before, only the various /dev/sda* and /dev/sdb* partitions are seen, not the encrypted volumes and LVM. However, the installer segfaults more or less rapidly when assigning paths to logical volumes. I found no easy workaround, so my next idea was to do the same by using a live distribution of Ubuntu instead of Kubuntu. Indeed the process is almost the same, and the installation works like a charm. However, at the reboot, I obtain an error: Linux does not find the logical volume for /. The solution was to use the technique indicated in the HOWTO located at http://ubuntuforums.org/showthread.php?t=1205372, i.e. to use the “rescue mode” of the text installer to:


    • make a suitable /etc/crypttab file
    • run update-initramfs as indicated in aforementioned HOWTO.


    But I did not realize that at this time, and instead I had the idea to use the old good text installer shipped with Lubuntu, but unfortunately no more distributed with Ubuntu and Kubuntu. So I downloaded Lubuntu, put it on a USB key, installed it (the logical volumes and partitions are detected without any problem by this text installer; to do that it asks for the encryption passwords). After having updated /etc/crypttab and run update-initramfs, it booted perfectly. Now, to obtain a working KDE system, I had to do the two following things from the “rescue mode” of the installer:


    • use "adduser" to add my user account. Indeed, for some reason only a guest account appeared after a reboot.
    • put this new user in the “sudo” group so as to be able to run root commands.
    • install the following packages
      • kde-standard which is the “KDE Plasma Desktop and standard set of applications” (not kde-plasma-desktop, which is the “KDE Plasma Desktop and minimal set of applications”)
      • kde-workspace-randr for display management to appear in KDE system settings.
      • and possibly, if not installed by kde-standard (at the beginning, I had installed by error kde-plasma-desktop instead of kde-standard): muon, update-manager-kde, kontact, kmix, muon-installer, kmag.


  4. #34
    Join Date
    Oct 2007
    Beans
    92

    Re: HOWTO: install and reinstall on an encrypted LUKS/LVM system

    Anyone have issues with installing 12.04.2 and it not prompting to enter a username and password?

  5. #35
    Join Date
    Sep 2013
    Beans
    1

    Re: HOWTO: install and reinstall on an encrypted LUKS/LVM system

    Hi,

    For reinstalling, I followed your reinstalling tuto (on Debian Wheezy).

    The command:
    Code:
    update-initramfs -k all -c -v
    says:
    Code:
    Available versions:  3.2.0-4-486
    Execute: /usr/sbin/update-initramfs -c -k "3.2.0-4-486" -b /boot -v
    Cannot create version 3.2.0-4-486: already exists
    Therefore, I tried:
    Code:
    update-initramfs -k all -u -v
    I "worked", but after a reboot, the system does not ask for my passphrase, and thus cannot boot.

    Thank you for your help.

  6. #36
    Join Date
    Jan 2007
    Location
    Ann Arbor, MI, USA
    Beans
    55
    Distro
    Ubuntu 10.10 Maverick Meerkat

    Re: HOWTO: install and reinstall on an encrypted LUKS/LVM system

    Well, I've never seen that error before. In any case, maybe these notes will help you recover. These notes are meant for reinstalling an OS like Mint into an already-existing LUKS/LVM container. You will need to know which partition has the LUKS/LVM container and your passphrase to unlock it. In the notes below, that partition is referred to as sda5. You can skip the parts about installing.

    Code:
    To install into already-created LVM containers within encrypted partition
    
    Boot desktop CD, open terminal, and install missing packages as needed:
    
       # not needed in mint: sudo apt-get install cryptsetup lvm2
       # not needed in mint: sudo modprobe dm-crypt
    
    Now set up the LVM and crypto partitions with the command line tools. If you
    already have Ubuntu installed on a standard LVM-on-LUKS, this is as easy as:
    
       sudo cryptsetup luksOpen /dev/sda5 sda5_crypt
    
    or whichever partition is the encrypted LVM PV. This should automatically
    create the LVM LVs in /dev/mapper/.
    
       cd /dev/mapper
       ls -l
    
    NOW DO THE INSTALL: Start ubiquity with manual partitioning, and use the
    existing partitions; keep /home etc. as they are, and reformat the root
    partition in the LVM. Do not reboot immediately; your system will not boot!
    After installation, mount the newly installed target system:
    
       # sudo mount /dev/mapper/ubuntu*-root /mnt
       sudo mount /dev/mapper/vg1-lvroot2 /mnt
       sudo chroot /mnt mount /proc
       sudo mount --bind /dev /mnt/dev
       sudo chroot /mnt mount /boot
    
    Create an appropriate crypttab:
    
       echo "sda5_crypt UUID=$(sudo blkid -s UUID -o value /dev/sda5) none luks" |
          sudo tee -a /mnt/etc/crypttab
    
    # or alternatively on older systems:
    
       # OLD: echo "sda5_crypt UUID=$(sudo vol_id --uuid /dev/sda5) none luks" |
       #    sudo tee -a /mnt/etc/crypttab
    
    Rebuild the ramdisk:
    
    # This only applies to Ubuntu version < 11.04.  Install a few missing packages
    # into the target system (this will also take care of updating the initramfs):
    
       # OLD: sudo chroot /mnt apt-get install cryptsetup lvm2 dmsetup
    
    This only applies to Ubuntu version >= 11.04.  Run the following command to
    rebuild the ramdisk:
    
       # The following line (update-initramfs) causes a warning:
       #  Warning: No support for locale: en_US.utf8
       #
       # This is caused by the locales being stored in (/mnt)/usr/lib/locale:
       #     C.UTF-8
       #     locale-archive
       #
       # This next command (--no-archive) will delete the archive and replace it
       # with the .utf8 files
       #
       #     sudo chroot /mnt locale-gen --purge --no-archive    # remove archive
       #
       # To get the archive back:
       #     sudo chroot /mnt locale-gen --purge                 # recover archives
       #
       # After rebooting, try:
       #     sudo dpkg-reconfigure locales
       #     sudo update-locale LANG=en_US.UTF-8
       # ??? sudo update-locale LANG=en_US.utf8     # I don't think this is right
    
       sudo chroot /mnt update-initramfs -u
    
    Create a backup copy of the master boot record
    
       sudo chroot /mnt dd bs=512 count=1 if=/dev/sda of=/boot/mbr.bin
    
    Create a backup copy of /boot
    
       cd /boot    # or /mnt/boot
       sudo tar cvzf /tmp_boot.tgz .
       sudo mv /tmp_boot.tgz ./boot.tgz
    
    Unmount the target system:
    
       sudo umount /mnt/proc /mnt/dev /mnt/boot /mnt
    
    Reboot into your newly installed system.

  7. #37
    Join Date
    Nov 2009
    Beans
    4

    Re: HOWTO: install and reinstall on an encrypted LUKS/LVM system

    I have just installed (K)Ubuntu 14.04 through ubiquity, and using some of the tips you give in your Howto, John. I have made a small installation report at the following location

    http://julien-scordia.org/?p=119

  8. #38
    Join Date
    Jan 2007
    Location
    Ann Arbor, MI, USA
    Beans
    55
    Distro
    Ubuntu 10.10 Maverick Meerkat

    Re: HOWTO: install and reinstall on an encrypted LUKS/LVM system

    Thanks for the report Julien! It would be nice if these use-cases were better integrated with the installation process. I'm sure it will get there someday...

Page 4 of 4 FirstFirst ... 234

Tags for this Thread

Bookmarks

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •