LinuxQuestions.org
Help answer threads with 0 replies.
Go Back   LinuxQuestions.org > Forums > Linux Forums > Linux - Newbie
User Name
Password
Linux - Newbie This Linux forum is for members that are new to Linux.
Just starting out and have a question? If it is not in the man pages or the how-to's this is the place!

Notices


Reply
  Search this Thread
Old 04-26-2014, 06:17 AM   #1
dusf
LQ Newbie
 
Registered: Jan 2014
Posts: 2

Rep: Reputation: Disabled
Question Encrypted /root, /home, and swap mount at boot as does LV shared but no write access?


The following is how I have encrypted the /root, /home, and swap partitions on a disk already containing Windows 8.1 and only require a single passphrase entry on boot:

Create 500 MiB ext4 sda5 partition that will later be assigned as /boot

Code:
sudo dd if=/dev/urandom of=/dev/sda6
12 hours elapse.

Code:
dd: writing to ‘/dev/sda6’: No space left on device
660092929+0 records in
660092928+0 records out
337967579136 bytes (338 GB) copied, 39571.4 s, 8.5 MB/s
Code:
modprobe dm-crypt
modprobe aes-x86_64
modprobe sha256
When I do this over I will run crptysetup benchmark first to see which aes and sha works best for my system.

Code:
sudo cryptsetup luksFormat /dev/sda6

WARNING!
========
This will overwrite data on /dev/sda6 irrevocably.

Are you sure? (Type uppercase yes): YES
Enter passphrase:
Verify passphrase:
sudo cryptsetup luksOpen /dev/sda6 enc-pv
Enter passphrase for /dev/sda6:

sudo pvcreate /dev/mapper/enc-pv
 Physical volume "/dev/mapper/enc-pv" successfully created
sudo vgcreate vg /dev/mapper/enc-pv
 Volume group "vg" successfully created
sudo lvcreate -L 8.5G -n swap vg
 Logical volume "swap" created
sudo lvcreate -L 20G -n ubuntu-root vg
 Logical volume "ubuntu-root" created
sudo lvcreate -L 50G -n ubuntu-home vg
 Logical volume "ubuntu-home" created
sudo lvcreate -L 140G -n shared vg
 Logical volume "shared" created

sudo lvdisplay
 --- Logical volume ---
 LV Path                /dev/vg/swap
 LV Name                swap
 VG Name                vg
 LV UUID                EMSdc1-yTSS-FF9W-5vcv-jEwF-OeF7-5oOoEI
 LV Write Access        read/write
 LV Creation host, time ubuntu, 2014-04-23 12:57:17 +0000
 LV Status              available
 # open                 0
 LV Size                8.50 GiB
 Current LE             2176
 Segments               1
 Allocation             inherit
 Read ahead sectors     auto
 - currently set to     256
 Block device           252:1

 --- Logical volume ---
 LV Path                /dev/vg/ubuntu-root
 LV Name                ubuntu-root
 VG Name                vg
 LV UUID                TCPIIE-fGv0-3tz8-XP3R-1c9Z-E18R-XTbcOd
 LV Write Access        read/write
 LV Creation host, time ubuntu, 2014-04-23 12:58:41 +0000
 LV Status              available
 # open                 0
 LV Size                20.00 GiB
 Current LE             5120
 Segments               1
 Allocation             inherit
 Read ahead sectors     auto
 - currently set to     256
 Block device           252:2

 --- Logical volume ---
 LV Path                /dev/vg/shared
 LV Name                shared
 VG Name                vg
 LV UUID                dPHDeT-52zj-7bAx-xjzP-p4yC-kXoo-aw7Eac
 LV Write Access        read/write
 LV Creation host, time ubuntu, 2014-04-23 12:59:50 +0000
 LV Status              available
 # open                 0
 LV Size                140.00 GiB
 Current LE             35840
 Segments               1
 Allocation             inherit
 Read ahead sectors     auto
 - currently set to     256
 Block device           252:4

 --- Logical volume ---
 LV Path                /dev/vg/ubuntu-home
 LV Name                ubuntu-home
 VG Name                vg
 LV UUID                pWFs3D-MXrh-bMez-68r0-4yPc-zMTo-MGhNF1
 LV Write Access        read/write
 LV Creation host, time ubuntu, 2014-04-23 13:06:11 +0000
 LV Status              available
 # open                 0
 LV Size                50.00 GiB
 Current LE             12800
 Segments               1
 Allocation             inherit
 Read ahead sectors     auto
 - currently set to     256
 Block device           252:3

sudo vgdisplay | grep -i free
 Free  PE / Size       24641 / 96.25 GiB
Code:
sudo mkfs.ext4 /dev/mapper/vg-shared

mke2fs 1.42.9 (4-Feb-2014)
Filesystem label=
OS type: Linux
Block size=4096 (log=2)
Fragment size=4096 (log=2)
Stride=0 blocks, Stripe width=0 blocks
9175040 inodes, 36700160 blocks
1835008 blocks (5.00%) reserved for the super user
First data block=0
Maximum filesystem blocks=4294967296
1120 block groups
32768 blocks per group, 32768 fragments per group
8192 inodes per group
Superblock backups stored on blocks:
   32768, 98304, 163840, 229376, 294912, 819200, 884736, 1605632, 2654208,
   4096000, 7962624, 11239424, 20480000, 23887872

Allocating group tables: done                            
Writing inode tables: done                            
Creating journal (32768 blocks): done
Writing superblocks and filesystem accounting information: done
There was similar output for:

Code:
sudo mkfs.ext4 /dev/mapper/vg-ubuntu-root
sudo mkfs.ext4 /dev/mapper/vg-ubuntu-home
I may have needed to add an extra hyphen, like vg-ubuntu--root

Next I opened the Ubuntu 14.04 installer and selected 'something else'. I assigned /boot to the 500 MiB partition on sda5 and then /root, /home, and swap to the logical /dev/mapper/vg volumes.

After Ubuntu installs, before rebooting from the live USB I entered the following:

Code:
sudo cryptsetup luksOpen /dev/sda6 enc-pv
Enter passphrase for /dev/sda6:
sudo mount /dev/vg/ubuntu-root /mnt
sudo chroot /mnt mount /proc
sudo mount --bind /dev /mnt/dev
sudo chroot /mnt mount /boot
sudo echo "enc-pv UUID=`sudo blkid -s UUID -o value /dev/sda6` none luks" | sudo tee -a /mnt/etc/crypttab
enc-pv UUID=ad8b8a32-95ea-4add-abe6-326d151e30fa none luks
sudo chroot /mnt update-initramfs -u
update-initramfs: Generating /boot/initrd.img-3.13.0-24-generic
sudo umount /mnt/proc /mnt/dev /mnt/boot /mnt
On reboot Ubuntu boots asking for only one entry of the passphrase instead of three, one for each encrypted volume.

==================================================================

The only problem remaining now is that although the /dev/mapper/vg-shared volume appears like any other partitionin /media/dusf/, and although I can open it without having to enter the passphrase again, I cannot create files on it.

I have tried replacing the command 'sudo mount /dev/vg/ubuntu-root /mnt' with 'sudo mount /dev/vg/shared /mnt' but then when i go onto the next command 'sudo chroot /mnt mount /proc' it gives me the error 'chroot: failed to run command ‘mount’: No such file or directory'.

Can anyone tell me how I should edit the following commands so that /dev/vg/-shared not only mounts at boot, but I can also write to it?

Code:
sudo cryptsetup luksOpen /dev/sda6 enc-pv
Enter passphrase for /dev/sda6:
sudo mount /dev/vg/ubuntu-root /mnt
sudo chroot /mnt mount /proc
sudo mount --bind /dev /mnt/dev
sudo chroot /mnt mount /boot
sudo echo "enc-pv UUID=`sudo blkid -s UUID -o value /dev/sda6` none luks" | sudo tee -a /mnt/etc/crypttab
enc-pv UUID=ad8b8a32-95ea-4add-abe6-326d151e30fa none luks
sudo chroot /mnt update-initramfs -u
update-initramfs: Generating /boot/initrd.img-3.13.0-24-generic
sudo umount /mnt/proc /mnt/dev /mnt/boot /mnt

Last edited by dusf; 04-26-2014 at 06:27 AM. Reason: Title
 
  


Reply


Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off



Similar Threads
Thread Thread Starter Forum Replies Last Post
Shrink partition (LVM encrypted PVs + encrypted LVs) gedaj Linux - Newbie 2 05-22-2013 03:44 AM
LXer: Ubuntu’s Encrypted Home Directory: A Canonical Approach to Data Privacy LXer Syndicated Linux News 0 10-22-2009 10:31 PM
Encrypted root and swap on thumbdrive itags.org Ubuntu 1 08-02-2009 05:04 PM
Min Size part / required to install Edgy. Shared swap & home w/ other bundles digital8doug Ubuntu 9 11-18-2006 08:47 PM
how can i move this folder of music from /root/Shared to /home/coffee/Shared ? thx mr_coffee Linux - Newbie 9 01-23-2006 06:50 AM


All times are GMT -5. The time now is 10:04 AM.

Main Menu
Advertisement
My LQ
Write for LQ
LinuxQuestions.org is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
Syndicate
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
Facebook: linuxquestions Google+: linuxquestions
Open Source Consulting | Domain Registration