Ubuntu – how to mount / with encrypted lvm root during installation

Assuming you are using the live, desktop CD:

Mount your crypt

This assumes your crypt is called crypt, the physical partition is /dev/sda1 , and the root partition partition in /dev/mapper is called root, adjust accordingly to your setup.

1. Boot the live (Desktop) CD and install lvm2 and cryptsetup.

   sudo apt-get update && sudo apt-get install lvm2 cryptsetup

2. Load the cryptsetup module.

   sudo modprobe dm-crypt

3. Decrypt your file system.

   sudo cryptsetup luksOpen /dev/sda1 crypt

4. Get the live CD to recognize (activate) your LVM.

   sudo vgscan --mknodes
   sudo vgchange -ay

5. You can now access / mount the crypt

   sudo mkdir /media/crypt_root
   sudo mount /dev/mapper/root /media/crypt_root

Installing into the encrypted partition

I have not done this manually from an Ubuntu live CD and honestly I am not sure it will work, sort of depends on how much you already know, and how much I forget. This is going to be a long post, so I may not cover each and every detail ;).

You can try running the graphical installer and try to use /dev/mapper/root as your root ( / ) partition. You will need to unmount it first.

If that fails , you can install the long way with chroot

Installing into a chroot is fairly easy, you need to make any other partitions you are using , including /boot (you already have), swap, and if you so desire /home

You then install a base system with debootstrap, use /media/crypt_root as the chroot.

Typing all the commands for a chroot is going to be too long for an already long post, but DebootstrapChroot will walk you through how to do this step - by - step

After installing the base with debootstrap, we will chroot in and install / configure the rest.

Note: After following the above link, you should have configured the chroot , /media/crypt_root , including resolv.conf, and you should have proc, sys, and dev mounted in the chroot. All that is covered, but just making sure ;)

sudo -i

#mount your boot partition in the chroot
mount /dev/sda2 /media/chroot_root/boot

#mount home also if you have a separate home
#If you do not have a separate home, skip this
mount /dev/your_home_partition

chroot /media/crypt_root 

RUN THESE COMMANDS IN THE CHROOT

apt-get install ubuntu-desktop lvm2 cryptsetup linux-generic grub2

# Add and configure your user
useradd your_user 
passwd your_user
usermod usermod -a -G admin,users

Configure the chroot. You will need to edit /etc/fstab , /etc/crypttab

In /etc/crypttab define your crypt

crypt  /dev/sda1  none  luks

In /etc/fstab make sure you define your partitions, swap, etc

/dev/mapper/crypt_root  /  ext4  defaults,errors=remount-ro  0  1

MAKE SURE YOUR FSTAB IS COMPLETE , including swap, proc, home (if you use a separate home, tmpfs, etc. Use the live desktop cd as a template if needed.

Exit the chroot

exit

EXIT Chroot

You now need to install grub, run this command from the live CD

sudo grub-install --root-directory=/media/crypt_root /dev/sda

That is about it, I do not think I forgot anything major. I can not fill in all the details of all your partitions as I do not know your layout and do not know how much or how little you know about /etc/fstab.

If you need further assistance or I forgot something post back or perhaps someone will chime in.

If all the seems overwhelming , well that is why people use the alternate CD, it automates the process.

Additional references:

http://en.gentoo-wiki.com/wiki/DM-Crypt_with_LUKS

https://wiki.archlinux.org/index.php/System_Encryption_with_LUKS

Those links will have gentoo and arch specific information, which you can ignore as you are on Ubuntu. But they contain more detailed descriptions on how to set up LVM and your crypt, including examples of crypttab and fstab.

Hope that helps.