Ubuntu – How to migrate an encrypted LVM install to a new disk

encryptiongrub2lvmpartitioning

I have a somewhat customised laptop install I want to move to a SSD directly, without having to reinstall Ubuntu, reinstall all the apps and make all the other changes again. The SSD is smaller, so I can't just do dd.

The original install was done with the Ubuntu alternate installer, selecting the full disk encryption with LVM option.

What steps are required and how do I do them? I expect to have to:

  • set up the disk partitions, encryption etc
  • copy the data across
  • install grub and get it working with new UUID values etc.

Best Answer

Partitioning and file copy - while running

I did this by starting with the running system. I plugged the new SSD into a USB SATA adapter and partitioned it, set up LVM and copied the files across.

# confirm disk size is as expected for sdc
sudo fdisk -l /dev/sdc
# now partition - 500 MB partition as boot, the rest as a single (logical) partition
sudo cfdisk /dev/sdc

Your disk should now look like:

sudo fdisk -l /dev/sdc
Disk /dev/sda: 120.0 GB, 120034123776 bytes
255 heads, 63 sectors/track, 14593 cylinders, total 234441648 sectors
Units = sectors of 1 * 512 = 512 bytes
Sector size (logical/physical): 512 bytes / 512 bytes
I/O size (minimum/optimal): 512 bytes / 512 bytes
Disk identifier: 0x00000000

   Device Boot      Start         End      Blocks   Id  System
/dev/sda1   *          63      979964      489951   83  Linux
/dev/sda2          979965   234441647   116730841+   5  Extended
/dev/sda5          980028   234441647   116730810   82  Linux swap / Solaris

The next step is to put encryption on the partition and LVM on top of the encryption.

sudo cryptsetup -y luksFormat /dev/sdc5
sudo cryptsetup luksOpen /dev/sdc5 crypt
sudo vgcreate crypt-lvm /dev/mapper/crypt
sudo lvcreate -L4G -nswap crypt-lvm
sudo lvcreate -l100%FREE -nroot crypt-lvm

Now make the filesystems and mount them and copy your system across.

sudo mkfs.ext2 /dev/sdc1
# you do ls /dev/mapper to check the name if different
sudo mkfs.ext4 /dev/mapper/crypt-root
sudo mkdir /mnt/boot
sudo mkdir /mnt/root
sudo mount -t ext2 /dev/sdc1 /mnt/boot
sudo mount -t ext4 /dev/mapper/crypt-root /mnt/root

# rsync files
sudo rsync -a /boot/* /mnt/boot/
sudo rsync -aHAX --devices --specials --delete --one-file-system --exclude proc --exclude run --exclude boot --exclude sys --exclude tmp /* /mnt/root/

Up to this point you can keep the system running and use it. Now you need to shutdown and boot into a live CD/USB so you can get the system in a shutdown state.

Partitioning and file copy - live CD/USB

Once you have booted, open a terminal and:

sudo apt-get install lvm2

# mount old hard drive
sudo cryptsetup luksOpen /dev/sda5 sda5_crypt
sudo mkdir /mnt/sdaroot
# you can do ls /dev/mapper to check the name if it is different
sudo mount -t ext4 /dev/mapper/sda5_crypt--root /mnt/sdaroot

# mount new hard drive (over USB)
sudo cryptsetup luksOpen /dev/sdc5 sdc5_crypt
sudo mkdir /mnt/sdcroot
sudo mount -t ext4 /dev/mapper/sdc5_crypt--root /mnt/sdcroot

# final rsync
sudo rsync -aHAX --devices --specials --delete --one-file-system --exclude proc --exclude run --exclude boot --exclude sys --exclude tmp /mnt/sdaroot/* /mnt/sdcroot/

chroot

# prepare chroot
cd /mnt/sdcroot
sudo mkdir boot

# these directories are set up by the system and we need them inside the chroot
sudo mount -t proc proc /mnt/sdcroot/proc
sudo mount -t sysfs sys /mnt/sdcroot/sys
sudo mount -o bind /dev /mnt/sdcroot/dev

# now enter the chroot
sudo chroot /mnt/root/

Changing UUIDs

Now we are root inside the chroot and run the following commands:

# inside chroot, as root
mount -t ext2 /dev/sdc1 /boot
blkid

Now you will see all the UUIDs for the various disk in the system. You will need to edit the UUIDs in /etc/fstab and /etc/crypttab to match the values for /dev/sdc?

In /etc/fstab you need to use the UUID for the boot disk - /dev/sdc1 if your disks have the same letter as me.

In /etc/crypttab you need to use the UUID for the other (big) partition - /dev/sdc5 if your disks have the same letter as me.

initramfs and grub

# now update initramfs for all installed kernels
update-initramfs -u -k all

# install grub and ensure it is up to date
grub-install /dev/sdc      # NOTE sdc NOT sdc1
update-grub

# hit Ctrl-D to exit chroot
sudo umount /mnt/root

Now shutdown, put the SSD inside your laptop, cross your fingers and boot up.

Useful links

Good guide for the cryptsetup stuff at http://www.debian-administration.org/articles/577

For installing grub on an external partition: https://stackoverflow.com/questions/247030/how-to-set-up-grub-in-a-cloned-hard-disk

https://help.ubuntu.com/community/UsingUUID