Full disk encryption - changing main drive
 

Hello all!

I've got a problem with my Slackware 14 installation. When I installed it for the first time I used a guide available here: ftp://ftp.slackware.pl/pub/slackware...ADME_CRYPT.TXT to enable full disk encryption. I've had only one disk in my laptop, which was SDA. Then I have added another disk as a primaty, and the disk with Slackware installation is mounted with eSATAp cable as an external drive, what causes it to be recognized as SDB. Now, when I'm trying to boot Slack it goes to LILO, but it's configured to unlock SDA, which is different, not encrypted hard drive, so the boot fails. My question is: what to do to boot from SDB, despite I made initial configuration to load from SDA?

Best regards,
Chris.

Update /etc/lilo.conf and /etc/crypttab. If you are booting with initrd, run mkinitrd with the correct boot and encrypt drive.

You could try passing luksdev=/dev/sdb<partition number> root=cryptroot from the lilo boot prompt.
(after setting <partition number> and 'cryptroot' to whatever values you used to create the encrypted root filesystem.

Should that get you up and running(*) you can then recreate the mkinitrd with appropriate -r and -C options for the changed device name and reinstall lilo. Don't forget to also change appropriate settings in lilo.conf to reflect the change.


(*) I'm making some assumptions about what you have actually done as you didn't give any details.


CAUTION!!
If you've got any references to /dev/sda partitions still in your /etc/fstab for other partitions on your disk then that could be dangerous to the data on your new sda drive, so you need to be careful here. You might need to boot from the install cd, manually unlock and mount the encrypted root fs and change them in that case.

When you have multiple drives or add or change drives there is no guarantee what /dev/sdx slot it will assign. Instead you can use UUIDs to specify the device, and that will not change even if you rearrange your drives. You can determine the UUIDs of your different devices and partitions using the command blkid. After that, in lilo.conf for example, you would use "root=UUID=<UUID of device>" rather than "root=/dev/sdxy".

Brian

Hello,

Thank you for all the responses. Maybe I'll describe the situation more clearly, as I'm still fighting with this issue. I'm using LUKS together with LVM. My partitions were mounted as follows:
This is the configuration, that the system uses right now and I need to change that to use /dev/sdb instead /dev/sda. I've managed to open the LUKS device with
Then I've enabled LVM blocks:
Next, I've mounted /dev/cryptvg/root under /mnt and updated /mnt/etc/lilo.conf and /mnt/etc/fstab to point to /dev/sdb instead of /dev/sda.
Now I assume I have to use mkinitrd with the correct -r and -C parameters, but even if I do:
and then execute:
I get error that mkinitrd was not found. Can you point me to the solution?

Chris.

Hello again,

I've managed to repair my Slackware 14 installation. For future references I'll descript whole process here.

So, once again, let's describe the problem: when I installed Slackware 14 x86_64 (with LVM and LUKS) I had only one disk in my machine (sda). Then I added one disk more, and used Slack HDD as an externally connected hard drive. Because of that Slack drive received different label (sdb) than during installation. Bootloader tried to unlock partition /dev/sda2, but this was a partition on a different HDD. The correct one at this time was /dev/sdb2. I needed to make new initrd.gz, this time unlocking /dev/sdb2.

Solution: during boot process, because the root filesystem failed to mount, I have been dropped to command line. I was able to unlock encrypted /dev/sdb2 and mount LVM volumes available on it. Then I've tried to generate new initrd.gz with:
but this command only made it worse - because I didn't have all necessary partitions mounted during execution of above command I generated a ram disk which wasn't able to boot at all. I received "Kernel panic" message at boot and I was stuck without even access to console. So, I booted up the box with Slackware 14 x86_64 DVD disc and executed:
Next, I've enabled LVM volumes with:
Then I've mounted all the drives:
In the end I've generated new ram disk as previously:
As the last step I've executed command:
Please note that this command will return some warrnings. That's normal. The most important is that you shouldn't receive any "Fatal" errors. If you get one, the boot process will most probably fail.

Hope this will help someone.

There's still one question in this topic: how to use drive UUID's instead of device names during ram disk generation? This would solve the issue for future.

Best regards,
Chris.