I used guided FDE with LVM in my Debian Stable installation and there are two things I would like to change. I wasn't able to find help on a web search.
1. Debian assumed my primary disk device was sdb on installation. The installer named my USB stick I installed from sda, but after installation the system correctly sees my SSD as sda. Now my encrypted device is called sdb5_crypt. That might be just cosmetic but it irks me and I'd like to change that but I'm not sure how. If I change the label in /etc/crypttab I only get a second password prompt on boot. I also tried 'dmsetup rename' and that didn't seem to change anything.
Does anyone know where I can configure it?
2. After opening the cryptdevice on boot the system is not able to use the lvmetad service and I get error messages, that it needs to search manually instead for volume groups. Now, it doesn't even make a difference if I disable the service and disable lvmetad in lvm.conf, I still get the messages. My guess is there is something misconfigured in the initramfs. I tried looking in the init scripts but I'm not really able to troubleshoot the problem completely. Any ideas? I got rid of the warnings before the password prompt by removing line 11-16 in /usr/share/initramfs-tools/scripts/local-top/cryptroot, where it tries to load cryptroot after LVM, instead of before. Furthermore using the UUIDs instead of labels in fstab is advised against in the debian wiki.
Scheduled Maintenance: We are aware of an issue with Google, AOL, and Yahoo services as email providers which are blocking new registrations. We are trying to fix the issue and we have several internal and external support tickets in process to resolve the issue. Please see: viewtopic.php?t=158230
(Minor) problems with full disk encryption and LVM
Re: (Minor) problems with full disk encryption and LVM
Usually, Debian will use UUID by default to avoid this problem.
Please cat your /etc/crypttab, also your /etc/fstab, and then show the output from blkid
From this, you will be able to see the devices, the UUIDs and what is what. Then you can correct the problem.
If you have any doubts, post the outputs and someone here will be able to help.
Please cat your /etc/crypttab, also your /etc/fstab, and then show the output from blkid
From this, you will be able to see the devices, the UUIDs and what is what. Then you can correct the problem.
If you have any doubts, post the outputs and someone here will be able to help.
-
- Global Moderator
- Posts: 3049
- Joined: 2017-09-17 07:12
- Has thanked: 5 times
- Been thanked: 132 times
Re: (Minor) problems with full disk encryption and LVM
There is no correct nor incorrect naming. Names are assigned in the discovery order, and the discovery ordrer is, at most, unpredictable and not persistent. Bear with it.incas wrote:Debian assumed my primary disk device was sdb on installation. The installer named my USB stick I installed from sda, but after installation the system correctly sees my SSD as sda
Yes, it is just cosmetic. However I complain about this encrypted device naming scheme in the installer because it confuses things when the underlying device name changes (and it does). IMO The installer should ask the user to provide a meaningful name, just as it does for LVM VGs and LVs, or partition and filesystem labels.incas wrote:Now my encrypted device is called sdb5_crypt. That might be just cosmetic
A (partial) copy of /etc/crypttab is embedded in the initramfs in order to be able to mount the root filesystem, so I guess that you need to rebuild the initramfs after modifying /etc/crypttab.incas wrote: If I change the label in /etc/crypttab I only get a second password prompt on boot.
Code: Select all
update-initramfs -u
Re: (Minor) problems with full disk encryption and LVM
At least with encryption Debian will put the labels in fstab. https://wiki.debian.org/LVM#Labelsdotlj wrote:Usually, Debian will use UUID by default to avoid this problem.
Please cat your /etc/crypttab, also your /etc/fstab, and then show the output from blkid
From this, you will be able to see the devices, the UUIDs and what is what. Then you can correct the problem.
If you have any doubts, post the outputs and someone here will be able to help.
crypttab
Code: Select all
sdb5_crypt UUID=9dff24fd-7710-4c34-aa19-069483c84e38 none luks
Code: Select all
/dev/mapper/x230--vg-root / ext4 errors=remount-ro 0 1
# /boot was on /dev/sdb1 during installation
UUID=b88afa0e-89b1-42f4-9020-012d7e1c1b2b /boot ext2 defaults 0 2
/dev/mapper/x230--vg-home /home ext4 defaults 0 2
/dev/mapper/x230--vg-swap_1 none swap sw 0 0
Code: Select all
/dev/mapper/sdb5_crypt: UUID="g46fXU-4n2p-DcdF-jMnZ-3JeW-hhw7-azJQxM" TYPE="LVM2_member"
/dev/mapper/x230--vg-root: UUID="e246af5c-19dd-4c17-b1f6-9f2f05672404" TYPE="ext4"
/dev/sda1: UUID="b88afa0e-89b1-42f4-9020-012d7e1c1b2b" TYPE="ext2" PARTUUID="47ead8c8-01"
/dev/sda5: UUID="9dff24fd-7710-4c34-aa19-069483c84e38" TYPE="crypto_LUKS" PARTUUID="47ead8c8-05"
/dev/mapper/x230--vg-swap_1: UUID="76b8dfcf-1816-4584-87b0-b455ca8c8ac9" TYPE="swap"
/dev/mapper/x230--vg-home: UUID="5b93f123-fae1-4407-91c9-59b499336d6a" TYPE="ext4"
Re: (Minor) problems with full disk encryption and LVM
This gives me a warning.p.H wrote:A (partial) copy of /etc/crypttab is embedded in the initramfs in order to be able to mount the root filesystem, so I guess that you need to rebuild the initramfs after modifying /etc/crypttab.incas wrote: If I change the label in /etc/crypttab I only get a second password prompt on boot.Code: Select all
update-initramfs -u
Code: Select all
cryptsetup: WARNING: invalid line in /etc/crypttab for sdb5_crypt -
Re: (Minor) problems with full disk encryption and LVM
Thanks for the pointer on that one, I never knew how to do that in an easy way.incas wrote:then 'dmsetup rename', then update-initramfs.
The whole LVM/udev thing is just shabby.
The errors in initramfs are not important, they are not errors, just verbosity.
I never found it important enough to get rid of them.....