Setup slack13 over 2 dm-crypted lvm hdds
 

Hey!
I planed to setup my favorite distribution since 4 years onto 2 120GB hdds.
They should be an 240GB lvm and dm-crypted device.
How can I reach this?
I've already worked with lvms and dmcrypted systems but only on one physical hdd.

My first thougth was
'I have just to made a lvm over the two already dm-crypted, openend devices'
but it doesn't work.
Please help me! And pre thanks to all linux developers :D

Hello,

This README_CRYPT.TXT should be of help in your endeavour. There is a section "Combining LUKS and LVM"

Also, have a look at README_LVM.TXT for details of setting up LVM.

The Slackware initrd only has code in it to unlock one encrypted device, so if the volume group that contains your rootfs contains more than one encrypted PV then it won't come online, your rootfs won't be available and the system will fail to boot.

There are a few ways around this, non of them ideal. The easiest would probably be to have your rootfs outside of lvm in its own partition and then use encrypted lvm partitions for the rest of your filesystems.

hmm a bit of mudd
 

My version to get a dm-crypted 200GB "home" partition, with two 120GB HDD's.
It works since 8 hours and 2 reboots :D

The init decrypt and mount the volumes, the system need to boot.
A script should resume the decryption of sdy1 and make "vgscan --mknodes", "vgchange -ay" and "mount /dev/box2vg/home /home"

1.
make 2 partitions on /dev/sdx
first is the boot device, my is huge 300MB
2.

This is not some kind of documentation for dm-crypt on Slackware Linux
13, but a real world example. I simply publish my experiences here.
You can read this in addition to README_CRYPT.TXT
on your Slackware 13.0 disks.

Infact crypt support improved much and I had no problems, you should
really skip this and read the README_CRYPT.TXT.

# dd if=/dev/urandom of=/dev/sdx

I like cfdisk for creating tables (reboot afterwards required).

# cfdisk

It looks like that. sda1 is /boot and sda2 & sdb1 is the rest.

Disk /dev/sda: 122.9 GB, 122942324736 bytes
255 heads, 63 sectors/track, 14946 cylinders
Units = cylinders of 16065 * 512 = 8225280 bytes
Disk identifier: 0xa18e45fd

Device Boot Start End Blocks Id System
/dev/sda1 * 1 36 289138+ 83 Linux
/dev/sda2 37 14946 119764575 83 Linux

Disk /dev/sdb: 122.9 GB, 122942324736 bytes
255 heads, 63 sectors/track, 14946 cylinders
Units = cylinders of 16065 * 512 = 8225280 bytes
Disk identifier: 0x70a8edb5

Device Boot Start End Blocks Id System
/dev/sdb1 1 14946 120053713+ 83 Linux

We need to encrypt sda2 & sdb1.

# cryptsetup -s 256 -y luksFormat /dev/sda2

# cryptsetup -s 256 -y luksFormat /dev/sdb1

And now we open this one in order to be able to install on to it.

# cryptsetup luksOpen /dev/sda2 box1luks

# cryptsetup luksOpen /dev/sdb1 box2luks


Now we create LVM volumes. I just list the steps.

# pvcreate /dev/mapper/box1luks
# vgcreate box1vg /dev/mapper/box1luks
# lvcreate -L 25G -n root box1vg
# lvcreate -L 3,7G -n swap box1vg
# lvcreate -L 85.5G -n home box1vg
# pvcreate /dev/box1vg/home
# vgcreate homevg /dev/mapper/box1vg-home
# vgexpand homevg /dev/mapper/box2
# lvcreate -L 199.9G -n home homevg
# vgscan --mknodes
# vgchange -ay

We have to run mkswap on our new swap partition so that the setup will detect it as such.

# mkswap /dev/box1vg/swap

Now you can start the setup program.
During setup make sure to install to /dev/box1vg/root rather then to /dev/sda2 also not to something like /dev/mapper/*. But dont't forget to chose /dev/sda1 as /boot and /dev/homevg/home as /home.
Don't reboot after setup, but chroot into your new system and create a custom initrd.

# chroot /mnt

Check with

# ls -l /boot/vmlinuz

which kernel you use and than run

# mkinitrd -c -k 2.6.29.6 -m ext4 -f ext4 -r /dev/box1vg/root -C /dev/sda2 -L -l de -h /dev/box1vg/swap

In order to use this initrd.gz you need to edit /etc/lilo.conf.

# cat /etc/lilo.conf
# LILO configuration file
# generated by 'liloconfig'
#
# Start LILO global section
boot = /dev/sda
compact # faster, but won't work on all systems.
# Boot BMP Image.
# Bitmap in BMP format: 640x480x8
bitmap = /boot/slack.bmp
# Menu colors (foreground, background, shadow, highlighted
# foreground, highlighted background, highlighted shadow):
bmp-colors = 255,0,255,0,255,0
# Location of the option table: location x, location y, number of
# columns, lines per column (max 15), "spill" (this is how many
# entries must be in the first column before the next begins to
# be used. We don't specify it here, as there's just one column.
bmp-table = 60,6,1,16
# Timer location x, timer location y, foreground color,
# background color, shadow color.
bmp-timer = 65,27,0,255
# Standard menu.
# Or, you can comment out the bitmap menu above and
# use a boot message with the standard menu:
#message = /boot/boot_message.txt

# Append any additional kernel parameters:
append="resume=/dev/box1vg/swap vt.default_utf8=0"
prompt
timeout = 50
# VESA framebuffer console @ 1024x768x64k
vga = 791
# ramdisk = 0 # paranoia setting
# End LILO global section
# Linux bootable partition config begins
image = /boot/vmlinuz
initrd = /boot/initrd.gz
root = /dev/box1vg/root
label = linux
read-only # Partitions should be mounted read-only for checking
# Linux bootable partition config ends

Dont forget to run lilo in order to apply the changes.

# lilo

Edit # joe /etc/rc.d/rc.local

/root/run.sh

Edit # joe /root/run.sh

cryptsetup luksOpen /dev/sdb1 box2
vgscan --mknodes
vgchange -ay
mount /dev/homevg/home /home

After rebooting you have a encrypted suspend to disk capable Slackware Linux system you can put it to sleep with.

# echo -n disk > /sys/power/state