Setup slack13 over 2 dm-crypted lvm hdds
Hey!
I planed to setup my favorite distribution since 4 years onto 2 120GB hdds. They should be an 240GB lvm and dm-crypted device. How can I reach this? I've already worked with lvms and dmcrypted systems but only on one physical hdd. My first thougth was 'I have just to made a lvm over the two already dm-crypted, openend devices' but it doesn't work. Please help me! And pre thanks to all linux developers :D |
Hello,
This README_CRYPT.TXT should be of help in your endeavour. There is a section "Combining LUKS and LVM" Also, have a look at README_LVM.TXT for details of setting up LVM. |
The Slackware initrd only has code in it to unlock one encrypted device, so if the volume group that contains your rootfs contains more than one encrypted PV then it won't come online, your rootfs won't be available and the system will fail to boot.
There are a few ways around this, non of them ideal. The easiest would probably be to have your rootfs outside of lvm in its own partition and then use encrypted lvm partitions for the rest of your filesystems. |
hmm a bit of mudd
My version to get a dm-crypted 200GB "home" partition, with two 120GB HDD's.
It works since 8 hours and 2 reboots :D The init decrypt and mount the volumes, the system need to boot. A script should resume the decryption of sdy1 and make "vgscan --mknodes", "vgchange -ay" and "mount /dev/box2vg/home /home" 1. make 2 partitions on /dev/sdx first is the boot device, my is huge 300MB 2. Code:
crypsetup -s 256 -y luksFormat /dev/sdx2 box1 |
This is not some kind of documentation for dm-crypt on Slackware Linux
13, but a real world example. I simply publish my experiences here. You can read this in addition to README_CRYPT.TXT on your Slackware 13.0 disks. Infact crypt support improved much and I had no problems, you should really skip this and read the README_CRYPT.TXT. # dd if=/dev/urandom of=/dev/sdx I like cfdisk for creating tables (reboot afterwards required). # cfdisk It looks like that. sda1 is /boot and sda2 & sdb1 is the rest. Disk /dev/sda: 122.9 GB, 122942324736 bytes 255 heads, 63 sectors/track, 14946 cylinders Units = cylinders of 16065 * 512 = 8225280 bytes Disk identifier: 0xa18e45fd Device Boot Start End Blocks Id System /dev/sda1 * 1 36 289138+ 83 Linux /dev/sda2 37 14946 119764575 83 Linux Disk /dev/sdb: 122.9 GB, 122942324736 bytes 255 heads, 63 sectors/track, 14946 cylinders Units = cylinders of 16065 * 512 = 8225280 bytes Disk identifier: 0x70a8edb5 Device Boot Start End Blocks Id System /dev/sdb1 1 14946 120053713+ 83 Linux We need to encrypt sda2 & sdb1. # cryptsetup -s 256 -y luksFormat /dev/sda2 # cryptsetup -s 256 -y luksFormat /dev/sdb1 And now we open this one in order to be able to install on to it. # cryptsetup luksOpen /dev/sda2 box1luks # cryptsetup luksOpen /dev/sdb1 box2luks Now we create LVM volumes. I just list the steps. # pvcreate /dev/mapper/box1luks # vgcreate box1vg /dev/mapper/box1luks # lvcreate -L 25G -n root box1vg # lvcreate -L 3,7G -n swap box1vg # lvcreate -L 85.5G -n home box1vg # pvcreate /dev/box1vg/home # vgcreate homevg /dev/mapper/box1vg-home # vgexpand homevg /dev/mapper/box2 # lvcreate -L 199.9G -n home homevg # vgscan --mknodes # vgchange -ay We have to run mkswap on our new swap partition so that the setup will detect it as such. # mkswap /dev/box1vg/swap Now you can start the setup program. During setup make sure to install to /dev/box1vg/root rather then to /dev/sda2 also not to something like /dev/mapper/*. But dont't forget to chose /dev/sda1 as /boot and /dev/homevg/home as /home. Don't reboot after setup, but chroot into your new system and create a custom initrd. # chroot /mnt Check with # ls -l /boot/vmlinuz which kernel you use and than run # mkinitrd -c -k 2.6.29.6 -m ext4 -f ext4 -r /dev/box1vg/root -C /dev/sda2 -L -l de -h /dev/box1vg/swap In order to use this initrd.gz you need to edit /etc/lilo.conf. # cat /etc/lilo.conf # LILO configuration file # generated by 'liloconfig' # # Start LILO global section boot = /dev/sda compact # faster, but won't work on all systems. # Boot BMP Image. # Bitmap in BMP format: 640x480x8 bitmap = /boot/slack.bmp # Menu colors (foreground, background, shadow, highlighted # foreground, highlighted background, highlighted shadow): bmp-colors = 255,0,255,0,255,0 # Location of the option table: location x, location y, number of # columns, lines per column (max 15), "spill" (this is how many # entries must be in the first column before the next begins to # be used. We don't specify it here, as there's just one column. bmp-table = 60,6,1,16 # Timer location x, timer location y, foreground color, # background color, shadow color. bmp-timer = 65,27,0,255 # Standard menu. # Or, you can comment out the bitmap menu above and # use a boot message with the standard menu: #message = /boot/boot_message.txt # Append any additional kernel parameters: append="resume=/dev/box1vg/swap vt.default_utf8=0" prompt timeout = 50 # VESA framebuffer console @ 1024x768x64k vga = 791 # ramdisk = 0 # paranoia setting # End LILO global section # Linux bootable partition config begins image = /boot/vmlinuz initrd = /boot/initrd.gz root = /dev/box1vg/root label = linux read-only # Partitions should be mounted read-only for checking # Linux bootable partition config ends Dont forget to run lilo in order to apply the changes. # lilo Edit # joe /etc/rc.d/rc.local /root/run.sh Edit # joe /root/run.sh cryptsetup luksOpen /dev/sdb1 box2 vgscan --mknodes vgchange -ay mount /dev/homevg/home /home After rebooting you have a encrypted suspend to disk capable Slackware Linux system you can put it to sleep with. # echo -n disk > /sys/power/state |
All times are GMT -5. The time now is 03:41 AM. |