ferdog 04-12-2012 06:41 PM

LVM and LUKS Question
I want to make sure that I've correctly configured my system to install Linux on a fully encrypted disk (minus /boot). I'm using LVM on LUKS - both of which I've got very little experience with. Here's what I did:

First, I created two partitions.


/dev/sda1 (100mb. I'll use this for /boot)
/dev/sda2 (Rest of disk. This is the LVM Container)

I then encrypted /dev/sda2:


cryptsetup -c aes-xts-plain -y -s 512 luksFormat /dev/sda2
I opened the LUKS partition:


cryptsetup luksOpen /dev/sda2 container
So, now I have:


I setup my logical volumes:


pvcreate /dev/mapper/container
vgcreate VolGroup00 /dev/mapper/container
lvcreate -L 20G VolGroup00 -n root
lvcreate -C y -L 10G VolGroup00 -n swap
lvcreate -l +100%FREE VolGroup00 -n home

created filesystems:


mkfs.ext4 /dev/VolGroup00/root
mkswap /dev/VolGroup00/swap
mkfs.ext4 /dev/VolGroup00/home

and mounted them:

swapon /dev/VolGroup00/swap
mount /dev/VolGroup00/root /
mount /dev/VolGroup00/home /home

Does this look correct? Did I miss anything?

roger_heslop 04-12-2012 07:53 PM

It looks correct as far as I can tell, however when I set up a LUKS partition, I do it the opposite way. In other words I create the logical volume / use luksFormat to open that logical volume as a seperate device in /dev/mapper, and then format that with ext4 (or whatever).

The important difference is that creating a the encrypted volume on top of the logical volume allows me to initially set the pv properly to type 8e, though your method may allow more flexibility in resizing the volumes. (I've never tested your method though.) I've written a few blog entries on this topic (to include automounting LUKS) here:

Edit: Both methods should work, see discussion here:

ferdog 04-13-2012 02:31 PM

Thanks for your advice and the links, Roger. Your blog is a helpful resource for someone new to LUKS such as myself.

