Ubuntu – How to install in EFI mode with Encrypted LVM


I'm trying to properly install Ubuntu 12.04.1 LTS 64-bit PC (AMD64) with the alternate install CD ".iso" on a lenovo Thinkpad X220.

Default Hard Disk (with a pre-installed version of Windows 7) has been replaced with a brand new SSD.

The UEFI BIOS of the lenovo Thinkpad X220 is set to "UEFI Boot only" & "USB UEFI BIOS Support" is enabled (I'm using an external USB DVD reader to perform Ubuntu installation).

The BIOS is a Phoenix SecureCore Tiano, BIOS version is 8DET56WW (1.26). The attempts below are made with the UEFI BIOS settings described above. Here's what I've tried so far:

Boot on a live GParted CD

  • Create a GPT partition table
  • Create a FAT32 partition for UEFI System, set the partition to "EF00" type ("boot" flag)
  • Leave remaining space unformated

Boot on Ubuntu 12.04.1 LTS 64-bit PC (AMD64) with alternate CD:

  • Perform the install with network updates enabled
  • Use manual partitioning
  • FAT32 partition created with GParted is used as "EFI System partition"
  • Remaining space is set to be used as "Physical volume for LVM"
  • Then "Configure encrypted volumes" using the previous "Physical volume for LVM" as the encrypted container, passphrase is setup.
  • "Configure the Logical Volume Manager" creating a volume Group using the encrypted container /dev/mapper/sda2_crypt
  • Creation of the Logical Volumes "Create logical volume", choosing the previously created volume Group
  • Assign a mount point and file system to the Logical volumes :

    LV-root for /

    LV-var for /var

    LV-usr for /usr

    LV-usr-local for /usr/local

    LV-swap for swap

    LV-home for /home

    NOTE: /tmp would be in RAM only using TMPFS

  • Bootloader step: neither my ESP partition (/dev/sda1, /dev/sda or MBR) seems to be the right place for GRUB, I get the following message (X suffix is for demonstration only):

unable to install grub in /dev/sdaX
Executing 'grub-install /dev/sdaX' failed
This is a fatal error.

Finish installation without the Bootloader & Reboot

The system doesn't start, there's no EFI/GRUB menu at startup.

What are the steps to perform a clean and working installation of Ubuntu 12.04.1 Precise Pangolin, 64bit version in U(EFI) mode using the encrypted LUKS + LVM scheme described above?

Best Answer

First, it's not 100% clear that you booted the installer in EFI mode. If it booted in BIOS mode, it would try to install grub-pc (for BIOS-based systems), which wouldn't work if your firmware is set to boot the hard disk in EFI mode. I doubt if this is the problem, but I thought I'd toss it out as a possibility. You can check your boot mode by dropping to a shell and looking for the /sys/firmware/efi file; if it's present, you've booted in EFI mode. If not, you've probably booted in BIOS mode, although that's not 100% certain.

In any event, at this point your best bet is to do a manual installation of an EFI boot loader. IMHO, GRUB 2 (which is Ubuntu's default) is the worst possible choice; it's flaky and unreliable on EFI systems, in my experience. The easiest to get working is likely to be either ELILO or Fedora's patched GRUB Legacy. If you want to use a 3.3.0 or later kernel, it includes its own built-in EFI boot loader, which is quite reliable and can be very easy to use if paired with rEFInd. My Web page on EFI boot loaders describes all the options and includes installation instructions. Detailing them all here would be impractical.