HOWTO: install and reinstall on an encrypted LUKS/LVM system

**jpeddicord** · July 7th, 2009

Very well organized lists.

Approved, and thank you for contributing to Tutorials & Tips.

**ducksun43** · July 7th, 2009

http://sunoano.name/ws/public_xhtml/dm-crypt_luks.html is also quite good; there is also a link to page that shows howto setup ecryptfs

**phip** · July 9th, 2009

I am trying to follow the second set of instructions, "Install Ubuntu 9.04 (Jaunty Jackalope) over existing encrypted LUKS/LVM partitions" to install over partitions created by Fedora. I can't get past step 12 however, it keeps prompting me for the passphrase over and over.

I know that these partitions were set up with cryptsetup cypher aes-cbc-essiv:sha256. I also notice that if I drop into installer shell and issue cat /proc/crypto, it only reports stdrng and md5. By comparison, my Fedora 11 box reports: sha256, sha224, cbc(aes), ecb(arc4), arc4, xts(aes), aes, stdrng, crc32c, sha1, md5.

Could this be the problem? The kernel included with 9.04 alternate cd does not include the crypto modules I need?

**John Wiersba** · July 9th, 2009

My procedure was tested as written on an encrypted partition from Hardy. I don't know how that may be different from what Fedora has. As you suggest, it's probably different crypto/cipher settings. Maybe dmesg from the command line would tell you (or you could look at the logs in /var/log). Here's my Jaunty /proc/crypto:

$ cat /proc/crypto
name : ecb(arc4)
driver : ecb(arc4-generic)
module : ecb
priority : 0
refcnt : 3
selftest : passed
type : blkcipher
blocksize : 1
min keysize : 1
max keysize : 256
ivsize : 0
geniv : <default>

name : arc4
driver : arc4-generic
module : arc4
priority : 0
refcnt : 3
selftest : passed
type : cipher
blocksize : 1
min keysize : 1
max keysize : 256

name : sha256
driver : sha256-generic
module : sha256_generic
priority : 0
refcnt : 1
selftest : passed
type : digest
blocksize : 64
digestsize : 32

name : sha224
driver : sha224-generic
module : sha256_generic
priority : 0
refcnt : 1
selftest : passed
type : digest
blocksize : 64
digestsize : 28

name : cbc(aes)
driver : cbc(aes-asm)
module : kernel
priority : 200
refcnt : 2
selftest : passed
type : givcipher
async : yes
blocksize : 16
min keysize : 16
max keysize : 32
ivsize : 16
geniv : chainiv

name : cbc(aes)
driver : cbc(aes-asm)
module : cbc
priority : 200
refcnt : 2
selftest : passed
type : blkcipher
blocksize : 16
min keysize : 16
max keysize : 32
ivsize : 16
geniv : <default>

name : aes
driver : aes-asm
module : aes_i586
priority : 200
refcnt : 3
selftest : passed
type : cipher
blocksize : 16
min keysize : 16
max keysize : 32

name : aes
driver : aes-generic
module : aes_generic
priority : 100
refcnt : 1
selftest : passed
type : cipher
blocksize : 16
min keysize : 16
max keysize : 32

name : stdrng
driver : krng
module : kernel
priority : 200
refcnt : 2
selftest : passed
type : rng
seedsize : 0

name : md5
driver : md5-generic
module : kernel
priority : 0
refcnt : 1
selftest : passed
type : digest
blocksize : 64
digestsize : 16

**Colt45** · May 1st, 2010

could someone update this thread for lucid?

**Colt45** · May 2nd, 2010

BE VERY CAREFUL when using this guide with Ubuntu 10.04. If you have a hardware RAID controller attached to your system that doesn't allow booting off arrays, this is important for you.

The Ubuntu installer may assign the RAID controller device as /dev/sda. If that happens you will need to pay careful attention to the last step when running the manual installer.

Once you come to the final steps of John's guide, in Ubuntu 10.04 a grub2 prompt will appear. You are forced with choosing yes/no to "install grub on master boot record" Choose NO.

The issue here is that choosing yes causes Ubuntu installer to automatically write Grub2 to the MBR on the first recognized device which in this case was the RAID controller array(/dev/sda). If your RAID controller does not allow for booting from an array, you're now caught in a situation where grub2 entry in the MBR located on /dev/sda (RAID controller, which can't be used a boot device). This results in the bootloader being inaccessible and a black screen on every reboot.

The solution here is...

1. write down the device (/dev/sdb etc) you will install Ubuntu on.

2. when you get to the final step where the installer asks if you want to install to the MBR, choose NO. This will put you at a screen "configuring grub-pc".

3. Here you will enter the the device you installed Ubuntu on. In this case it was "/dev/sdb".

4. continue install, Ubuntu will finish, then reboot.

**John Wiersba** · May 5th, 2010

The procedure remains essentially the same with Lucid 10.04 as with previous versions. I will update this post soon to include the minor changes.

I will also add a note to be careful if you're using a RAID configuration (which I haven't tested).