Forked from seanorama/notes-lmde-with-lvm-on-luks.txt
Last active
February 14, 2020 09:34
-
-
Save Nokta-strigo/c13c6fc116b40d0c7a0f87f0b47e72ce to your computer and use it in GitHub Desktop.
Install LMDE (Linux Mint Debian Edition) with LVM on LUKS (encryption) & hibernation support
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
# Title: Install EFI-enabled LMDE (Linux Mint Debian Edition) 2 "Betsy" with LVM on LUKS (encryption) & hibernation support on GPT disk | |
# | |
# Description: These are very rough notes for installing LMDE with | |
# encryption via LVM on top of LUKS. | |
# - This includes SWAP being within LUKS | |
# - Includes fixing hibernation (which will also apply to Debian Jessie or greater) | |
######## | |
# 1. Boot from LMDE DVD/USB/... | |
######## | |
# 2. Wipe the target drive and create partitions | |
# - be careful since the primary disk may be detected at a different path than /dev/sda | |
# - the following will | |
# - create a GPT | |
# - create a 100MB /boot/efi partition | |
# - create a 300MB /boot partition | |
# - use the rest of disk for the LUKS encrypted volume | |
sudo - su # everything needs to be done as root | |
dd if=/dev/zero of=/dev/sda iflag=nocache oflag=direct bs=4096 | |
apt-get install parted | |
parted -a optimal /dev/sda | |
mklabel gpt | |
unit mib | |
mkpart primary 1 100 | |
mkpart primary 100 400 | |
mkpart primary 400 -1 | |
set 1 boot on | |
quit | |
######## | |
# 3. Encrypt, format, and mount | |
cryptsetup luksFormat -c aes-xts-plain64 -s 512 -h sha512 -i 5000 -y /dev/sda3 | |
cryptsetup luksDump /dev/sda3 # check your work | |
cryptsetup luksOpen /dev/sda3 lvmlocal | |
pvcreate /dev/mapper/lvmlocal | |
vgcreate lvmlocal /dev/mapper/lvmlocal | |
lvcreate -L 16G -n swap lvmlocal | |
lvcreate -L 20G -n root lvmlocal | |
lvcreate -l 100%FREE -n home lvmlocal | |
lvs # check your work | |
mkfs.fat -F 32 /dev/sda1 | |
mkfs.ext4 /dev/sda2 | |
mkfs.ext4 /dev/mapper/lvmlocal-root | |
mkfs.ext4 /dev/mapper/lvmlocal-home | |
mkswap -f /dev/mapper/lvmlocal-swap | |
swapon /dev/mapper/lvmlocal-swap | |
mkdir /target | |
mount /dev/mapper/lvmlocal-root /target | |
mkdir /target/boot /target/home | |
mount /dev/mapper/lvmlocal-home /target/home | |
mount /dev/sda2 /target/boot | |
mkdir /target/boot/efi | |
mount /dev/sda1 /target/boot/efi | |
# 4. Start installer | |
# - Click: Menu -> Administration -> Install Linux Mint | |
# - For the partitioning choose: (Advanced) manually mount | |
# - After the 1st part of the installer process completes, continue with steps below | |
# 5. A few extra steps to make the system ready | |
# Actually, it didn't work for me properly. I had to change the disk UUIDs in /etc/fstab manually after install (live boot from USB drive, get the UUIDs with gparted and put them into /etc/fstab) | |
LANG=C chroot /target /bin/bash | |
UUID_UEFI_PARTITION=$(blkid /dev/sda1 | sed -n 's/.*UUID=\"\([^\"]*\)\".*/\1/p') | |
UUID_BOOT_PARTITION=$(blkid /dev/sda2 | sed -n 's/.*UUID=\"\([^\"]*\)\".*/\1/p') | |
UUID_SWAP_PARTITION=$(blkid /dev/mapper/lvmlocal-swap | sed -n 's/.*UUID=\"\([^\"]*\)\".*/\1/p') | |
UUID_ROOT_PARTITION=$(blkid /dev/mapper/lvmlocal-root | sed -n 's/.*UUID=\"\([^\"]*\)\".*/\1/p') | |
UUID_HOME_PARTITION=$(blkid /dev/mapper/lvmlocal-home | sed -n 's/.*UUID=\"\([^\"]*\)\".*/\1/p') | |
cat > /etc/fstab << "EOF" | |
# <fs> <mount point> <type> <options> <dump> <pass> | |
proc /proc proc defaults 0 0 | |
none /dev/pts devpts gid=5,mode=620 0 0 | |
#sys /sys sysfs nodev,noexec,nosuid 0 0 | |
EOF | |
echo "#UUID=${UUID_ROOT_PARTITION} / ext4 defaults 0 0" >> /etc/fstab | |
echo "/dev/mapper/lvmlocal-root / ext4 defaults 0 1" >> /etc/fstab | |
echo "#UUID=${UUID_HOME_PARTITION} / ext4 defaults 0 0" >> /etc/fstab | |
echo "/dev/mapper/lvmlocal-home /home ext4 defaults 0 1" >> /etc/fstab | |
echo "UUID=${UUID_BOOT_PARTITION} /boot ext4 defaults 0 1" >> /etc/fstab | |
echo "UUID=${UUID_UEFI_PARTITION} /boot/efi vfat defaults 0 1" >> /etc/fstab | |
echo "#UUID=${UUID_SWAP_PARTITION} none swap sw 0 0" >> /etc/fstab | |
echo "/dev/mapper/lvmlocal-swap none swap sw 0 0" >> /etc/fstab | |
grep -v swap /etc/fstab >/etc/mtab | |
apt-get -y update | |
apt-get -y install tzdata lvm2 cryptsetup initramfs-tools python-software-properties | |
echo aes-i586 >> /etc/initramfs-tools/modules | |
echo aes_x86_64 >> /etc/initramfs-tools/modules | |
echo dm-crypt >> /etc/initramfs-tools/modules | |
echo dm-mod >> /etc/initramfs-tools/modules | |
echo xts >> /etc/initramfs-tools/modules | |
echo "lvmlocal /dev/sda3 none luks,tries=3" >> /etc/crypttab | |
vim /etc/default/grub | |
# update this line: | |
# GRUB_CMDLINE_LINUX="cryptdevice=/dev/sda3:lvmlocal root=/dev/mapper/lvmlocal-root resume=/dev/mapper/lvmlocal-swap" | |
dpkg-reconfigure locales | |
# I chose en_US.UTF-8 | |
# 6. finish installer | |
# - do not reboot | |
exit # exit chroot | |
umount /target/boot/efi | |
umount /target/boot | |
umount /target/home | |
umount /target | |
#reboot into newly installed system | |
reboot | |
# 7. Fix hibernation | |
# - this took some time to discover | |
sudo su - | |
apt-get install sysfsutils | |
echo "power/disk = shutdown" >> /etc/sysfs.d/local.conf | |
cat /sys/power/disk | |
# output should look like this: platform [shutdown] reboot suspend | |
# 8. All done. Test hibernation if you like | |
sudo pm-hibernate |
Thx, @mc0e!
I've replaced tabs with spaces, if someone still need it.
Thanks @mc0e, we implemented LUKS and LVM support in LMDE 4 and this helped us :)
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
More serious: