Scheduled Maintenance: We are aware of an issue with Google, AOL, and Yahoo services as email providers which are blocking new registrations. We are trying to fix the issue and we have several internal and external support tickets in process to resolve the issue. Please see: viewtopic.php?t=158230

 

 

 

Use encrypted LVM at multiple disks partitions with dual OS boot on two disks: HDD\SDD

Ask for help with issues regarding the Installations of the Debian O/S.
Post Reply
Message
Author
User avatar
nikobit
Posts: 120
Joined: 2009-02-08 19:40
Location: Moscow, Russia
Has thanked: 5 times
Contact:

Use encrypted LVM at multiple disks partitions with dual OS boot on two disks: HDD\SDD

#1 Post by nikobit »

Hello all! Well my Buster became obsolete obviously and it's about time to move towards Bullseye. As my machine is dual boot for this reason I have to keep MS Windows to share both disks. This is my current partition table of both disks as it is shown by #fdisk -l:

Code: Select all

Disk /dev/sda: 238.5 GiB, 256060514304 bytes, 500118192 sectors
Disk model: SAMSUNG SSD PM85
Units: sectors of 1 * 512 = 512 bytes
Sector size (logical/physical): 512 bytes / 512 bytes
I/O size (minimum/optimal): 512 bytes / 512 bytes
Disklabel type: gpt
Disk identifier: 643C5657-41FE-213AB-CD24-C2B09B421E9A

Device         Start       End   Sectors   Size Type
/dev/sda1       2048   1026047   1024000   500M EFI System #fat32 partition /boot/efi-mountpoint - boot, esp ESP
/dev/sda2    1026048   1107967     81920    40M unknown #fat32 Basic data partition - hidden DIAGS
/dev/sda3    1107968   1370111    262144   128M Microsoft reserved #partition unknown --msftres
/dev/sda4    1370112   2906111   1536000   750M Windows recovery environment #ntfs Basic data partition WINRETOOLS - hidden, diag
/dev/sda5    2906112 245005083 242098972 115.5G Microsoft basic data #ntfs Basic data partition OS - msftdata
/dev/sda6  245006336 246861823   1855488   906M Windows recovery environment #ntfs - hidden, diag
/dev/sda7  246861824 250767359   3905536   1.9G Linux swap #linux-swap 
/dev/sda8  250767360 482316287 231548928 110.4G Linux filesystem #ext4 ROOTDIR /
/dev/sda9  482316288 500116143  17799856   8.5G Windows recovery environment #ntfs PBR Image - hidden, diag
not allocated ---   --- ---- 1M


Disk /dev/sdb: 931.5 GiB, 1000204886016 bytes, 1953525168 sectors
Disk model: ST1000LM024 HN-M
Units: sectors of 1 * 512 = 512 bytes
Sector size (logical/physical): 512 bytes / 4096 bytes
I/O size (minimum/optimal): 4096 bytes / 4096 bytes
Disklabel type: gpt
Disk identifier: 9ED6C6A8-53C1-5C63-A321-C5B0EA02B530

Device          Start        End    Sectors   Size Type
/dev/sdb1        2048     264191     262144   128M Microsoft reserved #unknown partition - msftres
/dev/sdb2      264192 1042657279 1042393088 497.1G Microsoft basic data #ntfs MSDATA - msftdata
/dev/sdb3  1042657280 1953523711  910866432 434.3G Linux filesystem #ext4 HOME /home
My intention is to avoid erasing MS partitions and install Bullseye at
  • /dev/sda1 = /boot/efi
  • /dev/sda7 = linux-swap
  • /dev/sda8 = /
  • /dev/sdb3 = /home

Root partition is to be resized to give some room for swap - up to 16GB.

Is it even possible to apply LVM with encryption in my case?
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
  • OS: Debian 11 bullseye
  • Kernel: x86_64 Linux 5.10.0-19-amd64
  • Shell: bash
  • DE: GNOME 3.38.4
  • CPU: Intel Core i7-4790 @ 8x 4GHz
  • GPU: NVE4
  • RAM: 2384MiB / 15925MiB
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

p.H
Global Moderator
Global Moderator
Posts: 3049
Joined: 2017-09-17 07:12
Has thanked: 5 times
Been thanked: 132 times

Re: Use encrypted LVM at multiple disks partitions with dual OS boot on two disks: HDD\SDD

#2 Post by p.H »

nikobit wrote: 2022-11-20 09:18 Is it even possible to apply LVM with encryption in my case?
What do you want to encrypt ? Everything (/, swap, /home) ?

User avatar
nikobit
Posts: 120
Joined: 2009-02-08 19:40
Location: Moscow, Russia
Has thanked: 5 times
Contact:

Re: Use encrypted LVM at multiple disks partitions with dual OS boot on two disks: HDD\SDD

#3 Post by nikobit »

p.H wrote: 2022-11-20 17:23
nikobit wrote: 2022-11-20 09:18 Is it even possible to apply LVM with encryption in my case?
What do you want to encrypt ? Everything (/, swap, /home) ?
Yes that is a plan - to encrypt all. /, Swap, /home.
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
  • OS: Debian 11 bullseye
  • Kernel: x86_64 Linux 5.10.0-19-amd64
  • Shell: bash
  • DE: GNOME 3.38.4
  • CPU: Intel Core i7-4790 @ 8x 4GHz
  • GPU: NVE4
  • RAM: 2384MiB / 15925MiB
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

p.H
Global Moderator
Global Moderator
Posts: 3049
Joined: 2017-09-17 07:12
Has thanked: 5 times
Been thanked: 132 times

Re: Use encrypted LVM at multiple disks partitions with dual OS boot on two disks: HDD\SDD

#4 Post by p.H »

It is easier if you leave /boot unencrypted. The classic installer does not support encrypted /boot. I don't know about the Calamares installer.
For the rest, you can create two LUKS containers on the SSD and the HDD. You may use both encrypted volumes as LVM PVs in a single VG or two separate VG, and create LVs as desired. I do not recommend using both volumes in a single VG though.

User avatar
nikobit
Posts: 120
Joined: 2009-02-08 19:40
Location: Moscow, Russia
Has thanked: 5 times
Contact:

Re: Use encrypted LVM at multiple disks partitions with dual OS boot on two disks: HDD\SDD

#5 Post by nikobit »

p.H wrote: 2022-11-20 21:58 It is easier if you leave /boot unencrypted. The classic installer does not support encrypted /boot. I don't know about the Calamares installer.
Yes indeed! There's no need in /boot encryption. The /boot/efi at /dev/sda1 was left as it is and last time Buster installer did it's job just fine approving this during manual re-partitioning.
For the rest, you can create two LUKS containers on the SSD and the HDD. You may use both encrypted volumes as LVM PVs in a single VG or two separate VG, and create LVs as desired. I do not recommend using both volumes in a single VG though.
I'll try just that and in the end skip the disk format to post preliminary results here for further discussion. Hope I'll get what those PVs and LVs mean :-)
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
  • OS: Debian 11 bullseye
  • Kernel: x86_64 Linux 5.10.0-19-amd64
  • Shell: bash
  • DE: GNOME 3.38.4
  • CPU: Intel Core i7-4790 @ 8x 4GHz
  • GPU: NVE4
  • RAM: 2384MiB / 15925MiB
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

p.H
Global Moderator
Global Moderator
Posts: 3049
Joined: 2017-09-17 07:12
Has thanked: 5 times
Been thanked: 132 times

Re: Use encrypted LVM at multiple disks partitions with dual OS boot on two disks: HDD\SDD

#6 Post by p.H »

nikobit wrote: 2022-11-21 16:20 There's no need in /boot encryption.
It depends why you need encryption. If you want to protect against data disclosure when the computer is lost or stolen, then most of the system does not need to be encrypted. If you want to protect against tampering, then as much as possible must be encrypted.
nikobit wrote: 2022-11-21 16:20 Hope I'll get what those PVs and LVs mean
It is basic LVM terminology. Do not use LVM if you are not familiar with it.
LV = Logical Volume
PV = Physical Volume
VG = Volume Group

User avatar
nikobit
Posts: 120
Joined: 2009-02-08 19:40
Location: Moscow, Russia
Has thanked: 5 times
Contact:

Re: Use encrypted LVM at multiple disks partitions with dual OS boot on two disks: HDD\SDD

#7 Post by nikobit »

p.H wrote: 2022-11-21 19:46
nikobit wrote: 2022-11-21 16:20 There's no need in /boot encryption.
It depends why you need encryption. If you want to protect against data disclosure when the computer is lost or stolen, then most of the system does not need to be encrypted. If you want to protect against tampering, then as much as possible must be encrypted.

Option number one.
nikobit wrote: 2022-11-21 16:20 Hope I'll get what those PVs and LVs mean
It is basic LVM terminology. Do not use LVM if you are not familiar with it.
LV = Logical Volume
PV = Physical Volume
VG = Volume Group
[/quote]
Much obliged. But the thing is I use Bullseye Graphical Installer.
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
  • OS: Debian 11 bullseye
  • Kernel: x86_64 Linux 5.10.0-19-amd64
  • Shell: bash
  • DE: GNOME 3.38.4
  • CPU: Intel Core i7-4790 @ 8x 4GHz
  • GPU: NVE4
  • RAM: 2384MiB / 15925MiB
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

User avatar
nikobit
Posts: 120
Joined: 2009-02-08 19:40
Location: Moscow, Russia
Has thanked: 5 times
Contact:

Re: Use encrypted LVM at multiple disks partitions with dual OS boot on two disks: HDD\SDD

#8 Post by nikobit »

Yes! Succeeded in partitioning and installation.
Made two VG:
vg_ssd and vg_hdd
Then assigned several LV:
LV with lv_home (previously known as /dev/sdb3)
LV with lv_root (previously known as /dev/sda8)
and
LV with lv_swap - /dev/sda7.
ROOT and SWAP partitions were resized to new size accordingly. Added a few GB to match SWAP to RAM amount.
Extremely long wait for disk partitions to be wiped off with zeroes!
Nevertheless in the end all works fine and Bullseye is in place!
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
  • OS: Debian 11 bullseye
  • Kernel: x86_64 Linux 5.10.0-19-amd64
  • Shell: bash
  • DE: GNOME 3.38.4
  • CPU: Intel Core i7-4790 @ 8x 4GHz
  • GPU: NVE4
  • RAM: 2384MiB / 15925MiB
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

p.H
Global Moderator
Global Moderator
Posts: 3049
Joined: 2017-09-17 07:12
Has thanked: 5 times
Been thanked: 132 times

Re: Use encrypted LVM at multiple disks partitions with dual OS boot on two disks: HDD\SDD

#9 Post by p.H »

I guess all these LVs are in vg_ssd (for speed). What did you use vg_hdd for ?

User avatar
nikobit
Posts: 120
Joined: 2009-02-08 19:40
Location: Moscow, Russia
Has thanked: 5 times
Contact:

Re: Use encrypted LVM at multiple disks partitions with dual OS boot on two disks: HDD\SDD

#10 Post by nikobit »

p.H wrote: 2022-12-03 10:18 I guess all these LVs are in vg_ssd (for speed). What did you use vg_hdd for ?
As you may observe from the top post I do have a couple disks in the machine. The biggest 'hdd' is used for /home partition.
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
  • OS: Debian 11 bullseye
  • Kernel: x86_64 Linux 5.10.0-19-amd64
  • Shell: bash
  • DE: GNOME 3.38.4
  • CPU: Intel Core i7-4790 @ 8x 4GHz
  • GPU: NVE4
  • RAM: 2384MiB / 15925MiB
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

p.H
Global Moderator
Global Moderator
Posts: 3049
Joined: 2017-09-17 07:12
Has thanked: 5 times
Been thanked: 132 times

Re: Use encrypted LVM at multiple disks partitions with dual OS boot on two disks: HDD\SDD

#11 Post by p.H »

nikobit wrote: 2022-12-25 13:47 The biggest 'hdd' is used for /home partition.
IMO it is a waste to not use the SSD for users' home directories. Only specific subdirectories which take a lot of disk space and/or do not require high speed (e.g. media files) may be stored on the hard disk.

User avatar
nikobit
Posts: 120
Joined: 2009-02-08 19:40
Location: Moscow, Russia
Has thanked: 5 times
Contact:

Re: Use encrypted LVM at multiple disks partitions with dual OS boot on two disks: HDD\SDD

#12 Post by nikobit »

p.H wrote: 2022-12-26 12:06
IMO it is a waste to not use the SSD for users' home directories.
What percentage of free SSD space can you recommend for such use?
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
  • OS: Debian 11 bullseye
  • Kernel: x86_64 Linux 5.10.0-19-amd64
  • Shell: bash
  • DE: GNOME 3.38.4
  • CPU: Intel Core i7-4790 @ 8x 4GHz
  • GPU: NVE4
  • RAM: 2384MiB / 15925MiB
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

p.H
Global Moderator
Global Moderator
Posts: 3049
Joined: 2017-09-17 07:12
Has thanked: 5 times
Been thanked: 132 times

Re: Use encrypted LVM at multiple disks partitions with dual OS boot on two disks: HDD\SDD

#13 Post by p.H »

One advantage of LVM is that you do not have to bother about this: as long as there is available free space in the volume group, you can extend a logical volume as needed.

Post Reply