LinuxQuestions.org
Support LQ: Use code LQ3 and save $3 on Domain Registration
Go Back   LinuxQuestions.org > Forums > Linux Forums > Linux - Distributions > Slackware
User Name
Password
Slackware This Forum is for the discussion of Slackware Linux.

Notices

Reply
 
Search this Thread
Old 09-21-2009, 10:47 AM   #1
carlitoco
Member
 
Registered: Jan 2008
Location: Berlin
Distribution: Slackware / Arch
Posts: 132

Rep: Reputation: 15
Setup slack13 over 2 dm-crypted lvm hdds


Hey!
I planed to setup my favorite distribution since 4 years onto 2 120GB hdds.
They should be an 240GB lvm and dm-crypted device.
How can I reach this?
I've already worked with lvms and dmcrypted systems but only on one physical hdd.

My first thougth was
'I have just to made a lvm over the two already dm-crypted, openend devices'
but it doesn't work.
Please help me! And pre thanks to all linux developers
 
Old 09-21-2009, 11:09 AM   #2
gegechris99
Member
 
Registered: Oct 2005
Location: France
Distribution: Slackware 14.1 64bit
Posts: 735
Blog Entries: 3

Rep: Reputation: 81
Hello,

This README_CRYPT.TXT should be of help in your endeavour. There is a section "Combining LUKS and LVM"

Also, have a look at README_LVM.TXT for details of setting up LVM.
 
Old 09-21-2009, 11:35 AM   #3
GazL
Senior Member
 
Registered: May 2008
Posts: 3,502

Rep: Reputation: 1024Reputation: 1024Reputation: 1024Reputation: 1024Reputation: 1024Reputation: 1024Reputation: 1024Reputation: 1024
The Slackware initrd only has code in it to unlock one encrypted device, so if the volume group that contains your rootfs contains more than one encrypted PV then it won't come online, your rootfs won't be available and the system will fail to boot.

There are a few ways around this, non of them ideal. The easiest would probably be to have your rootfs outside of lvm in its own partition and then use encrypted lvm partitions for the rest of your filesystems.
 
Old 09-22-2009, 08:18 PM   #4
carlitoco
Member
 
Registered: Jan 2008
Location: Berlin
Distribution: Slackware / Arch
Posts: 132

Original Poster
Rep: Reputation: 15
hmm a bit of mudd

My version to get a dm-crypted 200GB "home" partition, with two 120GB HDD's.
It works since 8 hours and 2 reboots

The init decrypt and mount the volumes, the system need to boot.
A script should resume the decryption of sdy1 and make "vgscan --mknodes", "vgchange -ay" and "mount /dev/box2vg/home /home"

1.
make 2 partitions on /dev/sdx
first is the boot device, my is huge 300MB
2.
Code:
crypsetup -s 256 -y luksFormat /dev/sdx2 box1
...
crypsetup -s 256 -y luksFormat /dev/sdy1 box2
...
pvcreate /dev/mapper/box1
vgcreate box1vg /dev/mapper/box1
lvcreate -L 25G -n root box1vg
lvcreate -L 3,7G -n swap box1vg
lvcreate -L G85,5 -n homebox1 box1vg
...
pvcreate /dev/box1vg/homebox1 /dev/mapper/box2
vgcreate box2vg /dev/box1vg/homebox1 /dev/mapper/box2
lvcreate -L  199.9G -n home box2vg

Last edited by carlitoco; 09-22-2009 at 08:32 PM.
 
Old 09-24-2009, 03:18 PM   #5
carlitoco
Member
 
Registered: Jan 2008
Location: Berlin
Distribution: Slackware / Arch
Posts: 132

Original Poster
Rep: Reputation: 15
This is not some kind of documentation for dm-crypt on Slackware Linux
13, but a real world example. I simply publish my experiences here.
You can read this in addition to README_CRYPT.TXT
on your Slackware 13.0 disks.

Infact crypt support improved much and I had no problems, you should
really skip this and read the README_CRYPT.TXT.

# dd if=/dev/urandom of=/dev/sdx

I like cfdisk for creating tables (reboot afterwards required).

# cfdisk

It looks like that. sda1 is /boot and sda2 & sdb1 is the rest.

Disk /dev/sda: 122.9 GB, 122942324736 bytes
255 heads, 63 sectors/track, 14946 cylinders
Units = cylinders of 16065 * 512 = 8225280 bytes
Disk identifier: 0xa18e45fd

Device Boot Start End Blocks Id System
/dev/sda1 * 1 36 289138+ 83 Linux
/dev/sda2 37 14946 119764575 83 Linux

Disk /dev/sdb: 122.9 GB, 122942324736 bytes
255 heads, 63 sectors/track, 14946 cylinders
Units = cylinders of 16065 * 512 = 8225280 bytes
Disk identifier: 0x70a8edb5

Device Boot Start End Blocks Id System
/dev/sdb1 1 14946 120053713+ 83 Linux

We need to encrypt sda2 & sdb1.

# cryptsetup -s 256 -y luksFormat /dev/sda2

# cryptsetup -s 256 -y luksFormat /dev/sdb1

And now we open this one in order to be able to install on to it.

# cryptsetup luksOpen /dev/sda2 box1luks

# cryptsetup luksOpen /dev/sdb1 box2luks


Now we create LVM volumes. I just list the steps.

# pvcreate /dev/mapper/box1luks
# vgcreate box1vg /dev/mapper/box1luks
# lvcreate -L 25G -n root box1vg
# lvcreate -L 3,7G -n swap box1vg
# lvcreate -L 85.5G -n home box1vg
# pvcreate /dev/box1vg/home
# vgcreate homevg /dev/mapper/box1vg-home
# vgexpand homevg /dev/mapper/box2
# lvcreate -L 199.9G -n home homevg
# vgscan --mknodes
# vgchange -ay

We have to run mkswap on our new swap partition so that the setup will detect it as such.

# mkswap /dev/box1vg/swap

Now you can start the setup program.
During setup make sure to install to /dev/box1vg/root rather then to /dev/sda2 also not to something like /dev/mapper/*. But dont't forget to chose /dev/sda1 as /boot and /dev/homevg/home as /home.
Don't reboot after setup, but chroot into your new system and create a custom initrd.

# chroot /mnt

Check with

# ls -l /boot/vmlinuz

which kernel you use and than run

# mkinitrd -c -k 2.6.29.6 -m ext4 -f ext4 -r /dev/box1vg/root -C /dev/sda2 -L -l de -h /dev/box1vg/swap

In order to use this initrd.gz you need to edit /etc/lilo.conf.

# cat /etc/lilo.conf
# LILO configuration file
# generated by 'liloconfig'
#
# Start LILO global section
boot = /dev/sda
compact # faster, but won't work on all systems.
# Boot BMP Image.
# Bitmap in BMP format: 640x480x8
bitmap = /boot/slack.bmp
# Menu colors (foreground, background, shadow, highlighted
# foreground, highlighted background, highlighted shadow):
bmp-colors = 255,0,255,0,255,0
# Location of the option table: location x, location y, number of
# columns, lines per column (max 15), "spill" (this is how many
# entries must be in the first column before the next begins to
# be used. We don't specify it here, as there's just one column.
bmp-table = 60,6,1,16
# Timer location x, timer location y, foreground color,
# background color, shadow color.
bmp-timer = 65,27,0,255
# Standard menu.
# Or, you can comment out the bitmap menu above and
# use a boot message with the standard menu:
#message = /boot/boot_message.txt

# Append any additional kernel parameters:
append="resume=/dev/box1vg/swap vt.default_utf8=0"
prompt
timeout = 50
# VESA framebuffer console @ 1024x768x64k
vga = 791
# ramdisk = 0 # paranoia setting
# End LILO global section
# Linux bootable partition config begins
image = /boot/vmlinuz
initrd = /boot/initrd.gz
root = /dev/box1vg/root
label = linux
read-only # Partitions should be mounted read-only for checking
# Linux bootable partition config ends

Dont forget to run lilo in order to apply the changes.

# lilo

Edit # joe /etc/rc.d/rc.local

/root/run.sh

Edit # joe /root/run.sh

cryptsetup luksOpen /dev/sdb1 box2
vgscan --mknodes
vgchange -ay
mount /dev/homevg/home /home

After rebooting you have a encrypted suspend to disk capable Slackware Linux system you can put it to sleep with.

# echo -n disk > /sys/power/state
 
  


Reply


Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off


Similar Threads
Thread Thread Starter Forum Replies Last Post
Slack13: Problem with machine_restart and acpi_poweroff kemsiro Slackware 1 09-03-2009 05:45 AM
Problem with crypted LVM after Debian installation setkos Linux - Newbie 7 12-28-2008 07:30 AM
lvm issues: trouble adding HDDs spargonaut Linux - Software 1 04-28-2007 03:00 PM
How to setup linux to enable by HDDs as SATA vicky_me Linux - Hardware 3 09-11-2006 05:54 AM
Accessing other HDDs/Booting from other HDDs Namatacka Ubuntu 2 05-07-2006 12:21 PM


All times are GMT -5. The time now is 05:29 PM.

Main Menu
Advertisement
My LQ
Write for LQ
LinuxQuestions.org is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
Syndicate
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
identi.ca: @linuxquestions
Facebook: linuxquestions Google+: linuxquestions
Open Source Consulting | Domain Registration