Scheduled Maintenance: We are aware of an issue with Google, AOL, and Yahoo services as email providers which are blocking new registrations. We are trying to fix the issue and we have several internal and external support tickets in process to resolve the issue. Please see: viewtopic.php?t=158230
Install Debian on Existing encrypted LVM
Install Debian on Existing encrypted LVM
Hello,
I am trying to install Debian 7 64bits on my computer on existing encrypted LVM.
My Hard Disk Configuration is:
sda1 /boot
sda5 encrypted partition that contain the LVM
|--- / Debian 7 OS partition
|--- /home home partition
|--- /swap partition
I did the installation of the operating system from a Live Debian CD unlocking the encrypted partition from the Desktop enviroment.
However, when I reboot the laptop I am not able to run Debian because, after that I decided to run Debian from grub, it replies to me that it is not able to find the root partition with the operating system.
I think that debian didn't compile the initramfs with the crypto instruction... is it possible?
Searching online I found that I need to created a new file called /etc/cryptab with the UUID of the partition and after regenerate the initramfs. I did it but... nothing changed...
How can I solve this problem?? There is a way to say in the installation process that I am using an encripted LVM partition instead a normal partition without format all the hard drive?
There is any command to recreate grub and all the other part in such way that it include also the crypto instruction??
Thank you very much.
I am trying to install Debian 7 64bits on my computer on existing encrypted LVM.
My Hard Disk Configuration is:
sda1 /boot
sda5 encrypted partition that contain the LVM
|--- / Debian 7 OS partition
|--- /home home partition
|--- /swap partition
I did the installation of the operating system from a Live Debian CD unlocking the encrypted partition from the Desktop enviroment.
However, when I reboot the laptop I am not able to run Debian because, after that I decided to run Debian from grub, it replies to me that it is not able to find the root partition with the operating system.
I think that debian didn't compile the initramfs with the crypto instruction... is it possible?
Searching online I found that I need to created a new file called /etc/cryptab with the UUID of the partition and after regenerate the initramfs. I did it but... nothing changed...
How can I solve this problem?? There is a way to say in the installation process that I am using an encripted LVM partition instead a normal partition without format all the hard drive?
There is any command to recreate grub and all the other part in such way that it include also the crypto instruction??
Thank you very much.
- dilberts_left_nut
- Administrator
- Posts: 5346
- Joined: 2009-10-05 07:54
- Location: enzed
- Has thanked: 13 times
- Been thanked: 66 times
Re: Install Debian on Existing encrypted LVM
Probably the installer doesn't know it is on an encrypted lvm partition.
I would just use the standard installer not the one from inside a live session.
I would just use the standard installer not the one from inside a live session.
AdrianTM wrote:There's no hacker in my grandma...
Re: Install Debian on Existing encrypted LVM
Hello dilberts_left_nut,
Thank you very much for you interest.
I tried with the standard CD of Debian 7 but, using it, I am not able to decrypt my encrypted partition neither from the command line. I am only enable to create a new encrypted partition, but I don't want to do that because I will delete all the data in my /home partition.
There is a way to say to the Debian installer that this is an encryted LVM partition?
Or can I re-install Grub and all the other necessary stuff running the live cd-rom ?
Thank you very much
Thank you very much for you interest.
I tried with the standard CD of Debian 7 but, using it, I am not able to decrypt my encrypted partition neither from the command line. I am only enable to create a new encrypted partition, but I don't want to do that because I will delete all the data in my /home partition.
There is a way to say to the Debian installer that this is an encryted LVM partition?
Or can I re-install Grub and all the other necessary stuff running the live cd-rom ?
Thank you very much
- kiyop
- Posts: 3983
- Joined: 2011-05-05 15:16
- Location: Where persons without desire to improve themselves fear to tread, in Japan
- Been thanked: 3 times
Re: Install Debian on Existing encrypted LVM
Can you unlock (decrypt) the LVM after booting with the live debian?
If you can, you may be able to chroot to the installed debian and to generate initramfs which involves proper module to enable decryption.
If you can, you may be able to chroot to the installed debian and to generate initramfs which involves proper module to enable decryption.
Write concretely what you did and what error messages you got.carachi wrote:I did the installation of the operating system from a Live Debian CD unlocking the encrypted partition from the Desktop enviroment.
However, when I reboot the laptop I am not able to run Debian because, after that I decided to run Debian from grub, it replies to me that it is not able to find the root partition with the operating system.
I think that debian didn't compile the initramfs with the crypto instruction... is it possible?
Searching online I found that I need to created a new file called /etc/cryptab with the UUID of the partition and after regenerate the initramfs. I did it but... nothing changed...
Openbox, JWM: Jessie, Sid, Arch / Win XP (on VirtualBox), 10
http://kiyoandkei.bbs.fc2.com/
http://kiyoandkei.bbs.fc2.com/
Re: Install Debian on Existing encrypted LVM
Hello kiyop,
I am sorry if I am not explained well. This is what I did:
- run live Debian CD rom
- I unlock the encrypted partition and the LVM
- I install the new version of debian on the correct partition and selecting also the home directory.
- I reboot the machine
However, the new installation of debian doesn't start correctly becuase it say that it is not able to find the OS/root (the / partition inside the LVM ).
The strange thing is that it doesn't ask me the password to unlock the encrypted LVM.
So, running again the Live Debian CD rom, I mounted the partitions and entered in chroot mode and I tried to recreate the initramfs (because I think that this is the problem, but I am not sure), I reboot but nothing change. It countinue to say to me that it is not able to find the partition where there is the operatin system.
I don't know what else to do or how I can recreate the initramfs including the proper modules to decrypt the partition and how to say that this is an encrypted LVM partition.
Thank you very much for your help.
Bye
I am sorry if I am not explained well. This is what I did:
- run live Debian CD rom
- I unlock the encrypted partition and the LVM
- I install the new version of debian on the correct partition and selecting also the home directory.
- I reboot the machine
However, the new installation of debian doesn't start correctly becuase it say that it is not able to find the OS/root (the / partition inside the LVM ).
The strange thing is that it doesn't ask me the password to unlock the encrypted LVM.
So, running again the Live Debian CD rom, I mounted the partitions and entered in chroot mode and I tried to recreate the initramfs (because I think that this is the problem, but I am not sure), I reboot but nothing change. It countinue to say to me that it is not able to find the partition where there is the operatin system.
I don't know what else to do or how I can recreate the initramfs including the proper modules to decrypt the partition and how to say that this is an encrypted LVM partition.
Thank you very much for your help.
Bye
- kiyop
- Posts: 3983
- Joined: 2011-05-05 15:16
- Location: Where persons without desire to improve themselves fear to tread, in Japan
- Been thanked: 3 times
Re: Install Debian on Existing encrypted LVM
Hi! carachi
I am not sure if the following solves your problem:
AFAIK, you can add module names to /etc/initramfs-tools/modules, so that they are involved in initramfs. After inserting the names of the modules to it, regenerate initramfs.
Furthermore, you can modify init script in initramfs by extracting the initramfs (/boot/initrd.img-* ) to current directory by
and modifying some and regenerating to new initramfs by
If kernel and initramfs files are loaded (started), and if / partition is not detected, busybox may start. At busybox, can you decrypt the LVM?
Could you please write the concrete URL where you downloaded the image?carachi wrote:- run live Debian CD rom
As dilberts_left_nut suggested, it may be due to that you started installation of debian after decrypting the encrypted LVM.carachi wrote:However, the new installation of debian doesn't start correctly becuase it say that it is not able to find the OS/root (the / partition inside the LVM ).
The strange thing is that it doesn't ask me the password to unlock the encrypted LVM.
So, running again the Live Debian CD rom, I mounted the partitions and entered in chroot mode and I tried to recreate the initramfs (because I think that this is the problem, but I am not sure), I reboot but nothing change.
I am not sure if the following solves your problem:
AFAIK, you can add module names to /etc/initramfs-tools/modules, so that they are involved in initramfs. After inserting the names of the modules to it, regenerate initramfs.
Furthermore, you can modify init script in initramfs by extracting the initramfs (/boot/initrd.img-* ) to current directory by
Code: Select all
gzip -dc /boot/initrd.img-PROPER_VERSION_WORDS |cpio -i
Code: Select all
find .|cpio -H newc -o|gzip -9 > NEW_INITRAMFS_FILE_NAME
Openbox, JWM: Jessie, Sid, Arch / Win XP (on VirtualBox), 10
http://kiyoandkei.bbs.fc2.com/
http://kiyoandkei.bbs.fc2.com/
Re: Install Debian on Existing encrypted LVM
Try rebuilding the initrd in chroot with instead of just using update-initramfs. The live-tools package replaces (disables) update-initramfs, and you need to use the original version to be able to boot an encrypted partition. I ran into a similar problem with a live installer I maintain. Here's a discussion - no lvm, just encrypted partitions, but maybe something here is helpful - http://refracta.freeforums.org/encrypte ... -t308.html
Code: Select all
update-initramfs.orig.initramfs-tools -u
Re: Install Debian on Existing encrypted LVM
Hi Everyone,
Thank you for your interest and suggestions.
I tried to do in these days what you suggest but however I didn't have success
So I tried to unzip it as suggest here:
So... What can I do??
How can I force Debian to include the crytpo library, the configuration file and all the other stuff inside the initramfs file?
There is a way during the installation process to say to the installer that this is an encrypted partition?
Thank you
Bye
Thank you for your interest and suggestions.
I tried to do in these days what you suggest but however I didn't have success
I tried to recreate the initramfs but .... it creates the some initramfs file... as the previous one...fsmithred wrote:Try rebuilding the initrd in chroot withinstead of just using update-initramfs. The live-tools package replaces (disables) update-initramfs, and you need to use the original version to be able to boot an encrypted partition. I ran into a similar problem with a live installer I maintain. Here's a discussion - no lvm, just encrypted partitions, but maybe something here is helpful - http://refracta.freeforums.org/encrypte ... -t308.htmlCode: Select all
update-initramfs.orig.initramfs-tools -u
So I tried to unzip it as suggest here:
And I analysed the content of this file. I also compared it with an other machine (created in virtual box) and I saw that all the file related to the crypto, the crypto library and the configuration file to the encrypted partition are missing. I tried to copy and paste those file in my initramfs and change the configuration file, but ... It doesn't work... Probably I missed to change something I don't know where.kiyop wrote: Furthermore, you can modify init script in initramfs by extracting the initramfs (/boot/initrd.img-* ) to current directory byand modifying some and regenerating to new initramfs byCode: Select all
gzip -dc /boot/initrd.img-PROPER_VERSION_WORDS |cpio -i
If kernel and initramfs files are loaded (started), and if / partition is not detected, busybox may start. At busybox, can you decrypt the LVM?Code: Select all
find .|cpio -H newc -o|gzip -9 > NEW_INITRAMFS_FILE_NAME
So... What can I do??
How can I force Debian to include the crytpo library, the configuration file and all the other stuff inside the initramfs file?
There is a way during the installation process to say to the installer that this is an encrypted partition?
Thank you
Bye
- kiyop
- Posts: 3983
- Joined: 2011-05-05 15:16
- Location: Where persons without desire to improve themselves fear to tread, in Japan
- Been thanked: 3 times
Re: Install Debian on Existing encrypted LVM
I do not konw well but, you can include modules into initramfs (/boot/initrd.img-.*) by adding the modules names into /etc/initramfs-tools/modules and executing "update-initramfs -u". "linux-headers-.*" package and so on may be necessary.carachi wrote:How can I force Debian to include the crytpo library, the configuration file and all the other stuff inside the initramfs file?
The following may be useful, although I do not know well:
https://wiki.debian.org/ModuleAssistant
https://wiki.debian.org/Modules
Also, read
Code: Select all
man lsmod
man modprobe
Openbox, JWM: Jessie, Sid, Arch / Win XP (on VirtualBox), 10
http://kiyoandkei.bbs.fc2.com/
http://kiyoandkei.bbs.fc2.com/
Re: Install Debian on Existing encrypted LVM
Make sure that cryptsetup is installed in the installed system. (check for /sbin/cryptsetup). I'm not sure if the debian installer adds everything that's on the live-CD or if it just installs the same things as the regular installation CD.
Make sure dm-mod is in the initrd - in mine, it's lib/modules/3.2.0-4-amd64/kernel/drivers/md/dm-mod.ko.
Make sure dm-mod is in the initrd - in mine, it's lib/modules/3.2.0-4-amd64/kernel/drivers/md/dm-mod.ko.
Re: Install Debian on Existing encrypted LVM
Hi all
thank you for your help! I really appriciate that.
In order:
After that I followed the fsmithred suggestion:
So I included the following modules inside the /etc/initramfs-tools/modules and I recreated the initramfs:
I re-checked if it cointants all tha crypto packages, and fortunatelly now there are!!!
So, I reboot the system, but unforunatelly now I have an other error messages:
I checked and the padlock_aes and aesni_intel files are cointained in the initramfs file....
Do you have any idea about these errors?
Thank you very much
Bye
thank you for your help! I really appriciate that.
In order:
I started the live Debian CD-Rom and I installed lvm2 (to open the LVM after decrypt the partition) and module-assistant . I followed the instruction reported on the Debian website but in the module-assistant menu there are nothing about the crypto or lvm modules....kiyop wrote: I do not konw well but, you can include modules into initramfs (/boot/initrd.img-.*) by adding the modules names into /etc/initramfs-tools/modules and executing "update-initramfs -u". "linux-headers-.*" package and so on may be necessary.
The following may be useful, although I do not know well:
https://wiki.debian.org/ModuleAssistant
https://wiki.debian.org/Modules
Also, readto know how to show the currently-used modules and how to enable modules.Code: Select all
man lsmod man modprobe
After that I followed the fsmithred suggestion:
I checked that the live Debian cointatins the cryptsetup, with success. After I checked if the initramfs cointains the dm-mod.ko modules. However It doesn't contain it.fsmithred wrote:Make sure that cryptsetup is installed in the installed system. (check for /sbin/cryptsetup). I'm not sure if the debian installer adds everything that's on the live-CD or if it just installs the same things as the regular installation CD.
Make sure dm-mod is in the initrd - in mine, it's lib/modules/3.2.0-4-amd64/kernel/drivers/md/dm-mod.ko.
So I included the following modules inside the /etc/initramfs-tools/modules and I recreated the initramfs:
Code: Select all
echo "aes" >> /etc/initramfs-tools/modules
echo "aes_x86_64" >> /etc/initramfs-tools/modules
echo "aes_generic" >> /etc/initramfs-tools/modules
echo "dm-crypt" >> /etc/initramfs-tools/modules
echo "dm-mod" >> /etc/initramfs-tools/modules
echo "sha256" >> /etc/initramfs-tools/modules
echo "sha256_generic" >> /etc/initramfs-tools/modules
echo "lrw" >> /etc/initramfs-tools/modules
echo "xts" >> /etc/initramfs-tools/modules
echo "crypto_blkcipher" >> /etc/initramfs-tools/modules
echo "gf128mul" >> /etc/initramfs-tools/modules
echo "dm-crypt" >> /etc/modules
update-initramfs.orig.initramfs-tools -u -k all
So, I reboot the system, but unforunatelly now I have an other error messages:
Code: Select all
modprobe: can't load module padlock_aes (kernel/drivers/crypto/padlock-aes.ko) No such device
modprobe: can't load module aesni_intel (kernel/drivers/crypto/aesni-intel.ko) No such device
Volume group "OS" not found
Skypping volume group OS
Unable to find LVM volume OS/root
Do you have any idea about these errors?
Thank you very much
Bye
- kiyop
- Posts: 3983
- Joined: 2011-05-05 15:16
- Location: Where persons without desire to improve themselves fear to tread, in Japan
- Been thanked: 3 times
Re: Install Debian on Existing encrypted LVM
I do not know the command "update-initramfs.orig.initramfs-tools".
How do you confirm that the necessary modules are in the used initramfs?
Where in the initramfs root directory are they?
You do not explicitly echo'ed "padlock_aes" nor "aesni_intel" to /etc/initramfs-tools/modules.
And in one of my debian wheezy, there is not aes-ni.intel.ko in /lib/modules/3.2.0-4-686-pae/kernel/crypto/
"-" and "_" seems to be recognized interchangeably by modprobe.
How do you confirm that the necessary modules are in the used initramfs?
Where in the initramfs root directory are they?
You do not explicitly echo'ed "padlock_aes" nor "aesni_intel" to /etc/initramfs-tools/modules.
And in one of my debian wheezy, there is not aes-ni.intel.ko in /lib/modules/3.2.0-4-686-pae/kernel/crypto/
Code: Select all
$ find /lib/modules -iname aes*
/lib/modules/3.2.0-4-686-pae/kernel/crypto/aes_generic.ko
/lib/modules/3.2.0-4-686-pae/kernel/arch/x86/crypto/aes-i586.ko
/lib/modules/3.2.0-4-686-pae/kernel/arch/x86/crypto/aesni-intel.ko
Last edited by kiyop on 2014-03-23 00:15, edited 1 time in total.
Openbox, JWM: Jessie, Sid, Arch / Win XP (on VirtualBox), 10
http://kiyoandkei.bbs.fc2.com/
http://kiyoandkei.bbs.fc2.com/
Re: Install Debian on Existing encrypted LVM
Finally I solved the problem in this way.
I ran that commands:
I created this file in /etc/initramfs-tools/conf.d/cryptroot with:
And I had regenerate the initramfs file:
I reboot and now seems works!!!
Thank you very much to all for the help. I hope that this information could help also some other persons.
Bye
I ran that commands:
Code: Select all
cp /usr/share/initramfs-tools/hooks/cryptroot /etc/initramfs-tools/hooks/cryptroot
cp /usr/share/initramfs-tools/scripts/local-top/cryptroot /etc/initramfs-tools/scripts/local-top/cryptroot
Code: Select all
target=sda5_crypt,source=UUID=ee0a6525-c864-283d-969b-6be334c8f35c,key=none,rootdev,lvm=OS-root
Code: Select all
update-initramfs.orig.initramfs-tools -u -k all
Thank you very much to all for the help. I hope that this information could help also some other persons.
Bye
- kiyop
- Posts: 3983
- Joined: 2011-05-05 15:16
- Location: Where persons without desire to improve themselves fear to tread, in Japan
- Been thanked: 3 times
Re: Install Debian on Existing encrypted LVM
Great! Congratulations!
Openbox, JWM: Jessie, Sid, Arch / Win XP (on VirtualBox), 10
http://kiyoandkei.bbs.fc2.com/
http://kiyoandkei.bbs.fc2.com/
-
- Posts: 7
- Joined: 2010-10-14 11:02
Debianinstaller doesn't install lvm2, and lacks some cryptro
I had a similar issue (but also with RAID), and wanted to know how DebianInstaller does a good job.
Installing Debian 7.5 I needed to put the following layers order:
Yes, to LVM+Crypt work without manual patches, there must be a LVM layer outside LUKS layer.
Once the system is installed, then it's enough with installing package lvm2 in a chroot session.
I believe that there is a bug in DebianInstaller because it doesn't install lvm2 package when necessary, and some other issue in initramfs/cryptsetup configuration that avoids the unlock prompt when LVM layer is only inside the encrypted one.
Installing Debian 7.5 I needed to put the following layers order:
- > /boot in a traditional partition
- > Physical volume for RAID, on each disk
- >>Physical volume for LVM
- >>>Physical volume for encryption
- >>>>Physical volume for LVM
Yes, to LVM+Crypt work without manual patches, there must be a LVM layer outside LUKS layer.
Once the system is installed, then it's enough with installing package lvm2 in a chroot session.
I believe that there is a bug in DebianInstaller because it doesn't install lvm2 package when necessary, and some other issue in initramfs/cryptsetup configuration that avoids the unlock prompt when LVM layer is only inside the encrypted one.
Re: Install Debian on Existing encrypted LVM
Hey,
I had the same problems with installin Debian (Wheezy (7.5) in an existing, encrypted LUKS-Container with LVM-Volume-Group inside and a non-encrypted boot partition outside the LUKS-Container. I solved it the following way:
First backup the file /etc/crypttab from your "old system" installed in the LUKS-container you want to reuse, if existing. You can use it to easy restore your system later on.
I choosed the normal installation (not expert). This installation does not load "cryptsetup" into it's installation kernel for some reasons. Therefore you have to switch with "<CTRL>+<Alt>+2" to another terminal right at the beginning of the installation (before you choose your language) and "mark" the packages "cryptsetup-udeb" and "crypto-dm-modules" to be loaded into the kernel during installation with following commands:
Switch back to the Installtion with <CTRL>+<Alt>+1 and follow the process as ususal till the partitioning part. Here you have to switch again into the second terminal. Now you have to decrypt your LUKS container and activate the containing LVM-Volume-Group with following commands:
After this, switch back to the Installtion and rescan the Hardware by going one step back in the installation. After rescanning you should end up in the manuell partitioning menu. Here the first step is to configure the LVM-Volume-Group. It has to be done to reuse your existing LVM-Group. Nothing has to be change on the LVM-Volume-Group here, as long as you don't want to of course. Be careful in this step and don't accidently format a partition you don't want to format. When you start the LVM-Volume-group configuration and the prompt doesn't mention anything about formating a certain partition, nothing should happen to your data, when you continue.
After that you choose the partition(s) you want your system and /boot installed on as you would normally do and follow the installation.
Before choosing your additional software you should switch again to the 2nd terminal and install cryptsetup. Instead it won't be installed in the final system, for whatever reason.
Now, finish the installation and reboot the system from a live system (in my case Lubuntu 14.04). The normal boot to your fresh installed system will fail because it doesn't decrypt the LUKS-container.
Start a terminal in the Live-System and prepare a chroot session by mounting following devices:
Get acces to important Hardware and System-information:
Finally enter the chroot environment:
I didn't had internet connection in the chroot-environment but you don't need it when cryptsetup was installed during installation.
Now the file /etc/crypttab must be edited with an editor. The easiest way is to restore the content from a backup version from your "old system" which was installed in the same LUKS-container before. However you can easily create a new entry.
and add the line:
sdxY UUID="UUID-of-sdxY" none luks
Find out the UUID with:
Afterwards you should update your initrd.img with following command to save the new settings and make it available to grub for booting:
There shouldn't be any warning popping up like "cryptsetup: WARNING: invalid line in /etc/crypttab". If so, make sure that you mounted your LUKS-Container with the same name used in /etc/crypttab (sdxY_crypt is the best choice). When you have no warning, you can leave the chroot environment with "exit" and reboot the system.
After booting your fresh installed Debian system everything should work and you should be asked for the passphrase to decrypt your LUKS-container.
Most if my informations I got from these pages and this thread. So for additional help check out:
http://blog.hartwork.org/?p=1757
http://ubuntuforums.org/showthread.php?t=1205372
http://wiki.ubuntuusers.de/chroot/Live-CD (German)
Best wishes
I had the same problems with installin Debian (Wheezy (7.5) in an existing, encrypted LUKS-Container with LVM-Volume-Group inside and a non-encrypted boot partition outside the LUKS-Container. I solved it the following way:
First backup the file /etc/crypttab from your "old system" installed in the LUKS-container you want to reuse, if existing. You can use it to easy restore your system later on.
I choosed the normal installation (not expert). This installation does not load "cryptsetup" into it's installation kernel for some reasons. Therefore you have to switch with "<CTRL>+<Alt>+2" to another terminal right at the beginning of the installation (before you choose your language) and "mark" the packages "cryptsetup-udeb" and "crypto-dm-modules" to be loaded into the kernel during installation with following commands:
Code: Select all
anna-install cryptsetup-udeb
anna-install crypto-dm-modules
Code: Select all
modprobe dm-crypt # loading the kernel-module. Didn't load automatically in my case
cryptsetup luksOpen /dev/sdxY sdxY_crypt # Opens Luks container (xY has to be adapted to local settings, e.g sda5)
vgscan # detects existing LVM-Volume-Groups
vgchange -a y 'Name-of-LVM-Volume-Group' # Activates LVM-Volume-Group (check output from vgscan for the right name)
After that you choose the partition(s) you want your system and /boot installed on as you would normally do and follow the installation.
Before choosing your additional software you should switch again to the 2nd terminal and install cryptsetup. Instead it won't be installed in the final system, for whatever reason.
Code: Select all
apt-install cryptsetup
Start a terminal in the Live-System and prepare a chroot session by mounting following devices:
Code: Select all
sudo cryptsetup /dev/sdxY sdxY_crypt # Opens the LUKS-container
sudo mount /dev/mapper/'LV-with-installed-system-on' /mnt
sudo mount /dev/mapper/'LV-with-home-folder-on /mnt/home # If necessary
sudo mount /dev/sdxY /mnt/boot # mount non-encrypted boot partition
Code: Select all
sudo mount -t devtmpfs /dev /mnt/dev
sudo mount -t devpts /dev/pts /mnt/dev/pts
sudo mount -t sysfs /sys /mnt/sys
sudo mount -t proc /proc /mnt/proc
sudo cp /proc/mounts /mnt/etc/mtab
Code: Select all
sudo chroot /mnt /bin/bash
Now the file /etc/crypttab must be edited with an editor. The easiest way is to restore the content from a backup version from your "old system" which was installed in the same LUKS-container before. However you can easily create a new entry.
Code: Select all
nano /etc/crypttab
sdxY UUID="UUID-of-sdxY" none luks
Find out the UUID with:
Code: Select all
sudo blkid /dev/sdxY
Code: Select all
update-initramfs -k all -c -t
After booting your fresh installed Debian system everything should work and you should be asked for the passphrase to decrypt your LUKS-container.
Most if my informations I got from these pages and this thread. So for additional help check out:
http://blog.hartwork.org/?p=1757
http://ubuntuforums.org/showthread.php?t=1205372
http://wiki.ubuntuusers.de/chroot/Live-CD (German)
Best wishes
Re: Install Debian on Existing encrypted LVM
Thanks to Eddy_W I was able install Debian on my existing LUKS+LVM partition setup.
I found some more Information for Debian 8 "Jessie" and the upcoming Debian 9 "Stretch".
Therefore I post how I setup Debian 8 on my system, where the system booted correctly directly after Installation.
Still it is recommended having a live media at hand.
#0 Preparation
Otherwise the file systems on the LVM partition won't get recognized, and you have to start over again from the beginning.
#1 Directly at the beginning of the installation (at least before selecting the keymap)
#4 Directly when Software Selection comes up (before installing additional software, e.g. desktop, etc.)
Regards
Maddes
I found some more Information for Debian 8 "Jessie" and the upcoming Debian 9 "Stretch".
Therefore I post how I setup Debian 8 on my system, where the system booted correctly directly after Installation.
Still it is recommended having a live media at hand.
#0 Preparation
- Get the installer image of the wanted Debian version.
This guide has been tested with Debian 7 "Wheezy", 8 "Jessie" and 9 "Strecth" (installer alpha5).
But should work on other versions too (maybe you have to manually load lvm2-udeb, lvmcfg-utils, mdadm-udeb, md-modules, mdcfg-utils, etc.). - Get the corresponding live image of that Debian version with the preferred desktop.
Check that the live version boots on the system.
Check how to change the keyboard layout and that it applies to a terminal session, as passwords with special characters have to be entered maybe. - Make a backup of /etc/crypttab from the old installation.
Placing it on a usb stick/drive is recommended, but it can also be put on a separate partition of the system (if it's not intended to format this partition, e.g. /home). - Make a backup of all important data from the old installation that is located on the root partition.
As it is recommended to format the root partition to have a clean installation.
Therefore it is also recommended to have a separate partition for /home and maybe other mounts like /var, /srv, /opt depending on your needs. - This guide works with the text and graphical installer, differences between these are noted where they apply.
- During installation several terminal consoles will be accessed via CTRL+ALT+Fx.
Here is a list of these with their corresponding number:
#1 Text Installer -or- Log from Graphical Installer itself
#2 free (will be used for shell access to execute additonal tasks)
#3 free
#4 Installation Log (APT, etc.)
#5 Graphical Installer - Expert Install mode is not necessary, but provides more options and steps are not running automatically.
- Debian Installer (d-i) manual is available at https://d-i.debian.org/manual/en.amd64/install.en.txt
- US keymap available at https://en.wikipedia.org/wiki/Keyboard_ ... al_layouts
- Comments after a command (" ; #...") must not be entered.
Otherwise the file systems on the LVM partition won't get recognized, and you have to start over again from the beginning.
#1 Directly at the beginning of the installation (at least before selecting the keymap)
- Switch to console #2
- Press enter to activate the console.
At this time the keymap will be US only. - Queue some UDEB packages for later installation.
BEWARE OF TYPOS, the package name is not checked at this time and you only have US keyboard layout!
Do not DEL key at all, and do not use TAB when entering package names.Code: Select all
anna-install cryptsetup-udeb anna-install crypto-dm-modules anna-install crypto-modules
- Switch to console #4
- Check that the package names have no typos, e.g. CRYPTsetup vs. cryptO-..., or weird chars (e.g. tab, del).
- Switch back to installer console.
- Continue setup.
- Switch to console #2
- Make sure the selected keymap (in /etc/default/keyboard) is applied to terminal console.
Especially the Graphical Installer does not do that.
This is important to enter the password correctly.Code: Select all
setupcon
- Open the encrypted partition so that the file systems on it are recognized by the partitioner "partman".
Shell variables are used to avoid typos and use consistent names.If anything went wrong (var name), then close the encrypted partition and repeat previous commands.Code: Select all
DEV='/dev/sdXn' DMNAME="${DEV##/dev/}_crypt" ; # sets variable to "sdXn_crypt" cryptsetup luksOpen $DEV $DMNAME ls /dev/mapper
Code: Select all
cryptsetup luksClose $DMNAME
- Switch back to installer console.
- Continue setup.
- Switch to console #2
- Check that LVM volumes are active. Otherwise activate them.
Code: Select all
lvs # vgscan ; # detect all volume groups vgchange -a y <vg> ; # activate all volumes of a volume group
- Switch back to installer console.
- DO NOT continue setup.
GO BACK ONE STEP to "Detect disks". - All LVM partitions should be available INCLUDING their file systems.
If not, e.g. no file systems, then it is likely that something was done wrongly and start over again from the beginning. - Now map the partitions as usual while keeping their file system under "Use as".
Do not forget the extra boot partition.
Do not format the partitions if you want to keep their data.
It is suggested to format the root (/) and boot (/boot) partitions. Make sure there is a backup of the individual data that is/was stored on it. - Continue setup.
#4 Directly when Software Selection comes up (before installing additional software, e.g. desktop, etc.)
- To create a correctly working initrd make sure cryptsetup is installed in /target, if not add it via apt-install.
On 8.0 and later cryptsetup should be already installed, otherwise use apt-install.Code: Select all
ls /target/sbin/crypt* # apt-install cryptsetup
- Create /etc/crypttab in /target (or copy your old crypttab to the new system, e.g. from a USB stick or one of your LVM volumes under /target (e.g. /target/home)).
Code: Select all
cat /target/etc/crypttab # printf "$DMNAME\tUUID=%s\tnone\tluks\n" "$(cryptsetup luksUUID $DEV)" >>/target/etc/crypttab # or from USB list-devices usb-partition mount /dev/sdXn /mnt cp /mnt/crypttab /target/etc/crypttab umount /mnt # cat /target/etc/crypttab nano /target/etc/crypttab
Code: Select all
mount -o bind /dev /mnt/dev
mount -o bind /dev/pts /mnt/dev/pts
mount -o bind /dev/shm /mnt/dev/shm
mount -o bind /proc /mnt/proc
mount -o bind /sys /mnt/sys
#
mount -o bind /run /mnt/run
mount -o bind /run/lock /mnt/run/lock
Maddes