Forked from seanorama/notes-lmde-with-lvm-on-luks.txt
Last active
March 20, 2017 16:50
-
-
Save YourFriendCaspian/89fce017be888fb14c5cff35f2db8234 to your computer and use it in GitHub Desktop.
Install LMDE (Linux Mint Debian Edition) with LVM on LUKS (encryption) & hibernation support
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
# Title: Install LMDE (Linux Mint Debian Edition) 17 with LVM on LUKS (encryption) & hibernation support | |
# | |
# Description: These are very rough notes for installing LMDE with | |
# encryption via LVM on top of LUKS. | |
# - This includes SWAP being within LUKS | |
# - Includes fixing hibernation (which will also apply to Debian Jessie or greater) | |
######## | |
# 1. Boot from LMDE DVD/USB/... | |
######## | |
# 2. Wipe the target drive and create partitions | |
# - be careful since the primary disk may be detected at a different path than /dev/sda | |
# - the following will | |
# - create a traditional msdos (not GPT) MBR since my BIOS doesn't work with GPT | |
# - create a 300MB /boot partition | |
# - use the rest of disk for the LUKS encrypted volume | |
sudo - su # everything needs to be done as root | |
dd if=/dev/zero of=/dev/sda iflag=nocache oflag=direct bs=4096 | |
apt-get install parted | |
parted -a optimal /dev/sda | |
mklabel msdos | |
unit mib | |
mkpart primary 1 300 | |
set 1 boot on | |
mkpart primary 300 -1 | |
quit | |
######## | |
# 3. Encrypt, format, and mount | |
cryptsetup luksFormat -c aes-xts-plain64 -s 512 -h sha512 -i 5000 -y /dev/sda2 | |
cryptsetup luksDump /dev/sda2 # check your work | |
cryptsetup luksOpen /dev/sda2 lvmlocal | |
pvcreate /dev/mapper/lvmlocal | |
vgcreate lvmlocal /dev/mapper/lvmlocal | |
lvcreate -L 16G -n swap lvmlocal | |
lvcreate -L 20G -n root lvmlocal | |
lvcreate -l 100%FREE -n home lvmlocal | |
lvs # check your work | |
mkfs.ext4 /dev/sda1 | |
mkfs.ext4 /dev/mapper/lvmlocal-root | |
mkfs.ext4 /dev/mapper/lvmlocal-home | |
mkswap -f /dev/mapper/lvmlocal-swap | |
swapon /dev/mapper/lvmlocal-swap | |
mkdir /target | |
mount /dev/mapper/lvmlocal-root /target | |
mkdir /target/boot /target/home | |
mount /dev/mapper/lvmlocal-home /target/home | |
mount /dev/sda1 /target/boot | |
# 4. Start installer | |
# - Click: Menu -> Administration -> Install Linux Mint | |
# - For the partitioning choose: (Advanced) manually mount | |
# - After the 1st part of the installer process completes, continue with steps below | |
# 5. A few extra steps to make the system ready | |
LANG=C chroot /target /bin/bash | |
UUID_BOOT_PARTITION=$(blkid /dev/sda1 | sed -n 's/.*UUID=\"\([^\"]*\)\".*/\1/p') | |
UUID_SWAP_PARTITION=$(blkid /dev/mapper/lvmlocal-swap | sed -n 's/.*UUID=\"\([^\"]*\)\".*/\1/p') | |
UUID_ROOT_PARTITION=$(blkid /dev/mapper/lvmlocal-root | sed -n 's/.*UUID=\"\([^\"]*\)\".*/\1/p') | |
UUID_HOME_PARTITION=$(blkid /dev/mapper/lvmlocal-home | sed -n 's/.*UUID=\"\([^\"]*\)\".*/\1/p') | |
cat > /etc/fstab << "EOF" | |
# <fs> <mount point> <type> <options> <dump> <pass> | |
proc /proc proc defaults 0 0 | |
none /dev/pts devpts gid=5,mode=620 0 0 | |
#sys /sys sysfs nodev,noexec,nosuid 0 0 | |
EOF | |
echo "#UUID=${UUID_ROOT_PARTITION} / ext4 defaults 0 0" >> /etc/fstab | |
echo "/dev/mapper/lvmlocal-root / ext4 defaults 0 1" >> /etc/fstab | |
echo "#UUID=${UUID_HOME_PARTITION} / ext4 defaults 0 0" >> /etc/fstab | |
echo "/dev/mapper/lvmlocal-home /home ext4 defaults 0 1" >> /etc/fstab | |
echo "UUID=${UUID_BOOT_PARTITION} /boot ext4 defaults 0 1" >> /etc/fstab | |
echo "#UUID=${UUID_SWAP_PARTITION} none swap sw 0 0" >> /etc/fstab | |
echo "/dev/mapper/lvmlocal-swap none swap sw 0 0" >> /etc/fstab | |
grep -v swap /etc/fstab >/etc/mtab | |
apt-get -y update | |
apt-get -y install tzdata lvm2 cryptsetup initramfs-tools python-software-properties | |
echo aes-i586 >> /etc/initramfs-tools/modules | |
echo aes_x86_64 >> /etc/initramfs-tools/modules | |
echo dm-crypt >> /etc/initramfs-tools/modules | |
echo dm-mod >> /etc/initramfs-tools/modules | |
echo xts >> /etc/initramfs-tools/modules | |
echo "lvmlocal /dev/sda2 none luks,tries=3" >> /etc/crypttab | |
vim /etc/default/grub | |
# update this line: | |
# GRUB_CMDLINE_LINUX="cryptdevice=/dev/sda2:lvmlocal root=/dev/mapper/lvmlocal-root resume=/dev/mapper/lvmlocal-swap" | |
dpkg-reconfigure locales | |
# I chose en_US.UTF-8 | |
# 6. finish installer | |
# - do not reboot | |
umount /target/boot | |
umount /target/home | |
umount /target | |
reboot | |
# 7. Fix hibernation | |
# - this took some time to discover | |
sudo su - | |
apt-get install sysfsutils | |
echo "power/disk = shutdown" >> /etc/sysfs.d/local.conf | |
cat /sys/power/disk | |
# output should look like this: platform [shutdown] reboot suspend | |
# 8. All done. Test hibernation if you like | |
sudo pm-hibernate |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment