I've had some success with manually partitioning and installing LVM & LUKs.
The partitions are created – home, root, swap and boot, the pv and vg's were all created and set up correctly.
I installed from Live and everything in the file system installed to the right places.
I chroot and mounted and set up /etc/crypttab with the correct UUID and /etc/fstab is pointing to the right mapper and UUIDs (based on blkid output).
At this point I try a couple of approaches to try and get the bootloader and grub to give me a password login screen that will decrypt what I referenced in /etc/crypttab.
First approach –
mount -t proc proc /proc
mount -t sysfs sys /sys
update-initramfs -u
running this tells me
/usr/sbin/iucode_tool: cpuid kernel driver unavailable, cannot scan system processor signatures
Second approach –
Checking for /etc/mkinitcpio.conf to add lvm2 and encrypt and then followed by
mkinitcpio -p linux
This doesnt work either because mkinitcpio doesnt exist.
After some research I was thinking that /etc/crypttab perhaps is enough for the existing init processes?
Third approach –
Editing /etc/default/grub to add
GRUB_ENABLE_CRYPTODISK=y
and then running
grub mkconfig -o /boot/grub/grub.cfg
grub-install /dev/sda1
The problem I am getting with this I am getting
/usr/sbin/grub-probe: error: failed to get canonical path of `/dev/mapper/ubuntu-rootvol'
I know it should be fairly simple to get this boot screen with password sorted out but I'm out of options. Please can you tell me the correct method for having Ubuntu reference /etc/crypttab
Thanks for your help!
Best Answer
I found a way to setup LUKS and LVM while manually partitioning! I tested this on Ubuntu 16.04.2
Boot Ubuntu from a Live OS and select the option to try Ubuntu without installing. Follow the steps I've outlined below.
sudo cryptsetup luksFormat --hash=sha512 --key-size=512 --cipher=aes-xts-plain64 --verify-passphrase /dev/sda2
sudo cryptsetup luksOpen /dev/sda2 CryptDisk
sudo dd if=/dev/zero of=/dev/mapper/CryptDisk bs=4M
BEWARE, this could take a really long time!sudo pvcreate /dev/mapper/CryptDisk
sudo vgcreate vg0 /dev/mapper/CryptDisk
sudo lvcreate -n swap -L 2G vg0
sudo lvcreate -n root -L 10G vg0
sudo lvcreate -n home -l +100%FREE vg0
sudo blkid
/dev/sda2: UUID="bd3b598d-88fc-476e-92bb-e4363c98f81d" TYPE="crypto_LUKS" PARTUUID="50d86889-02"
sudo mount /dev/vg0/root /mnt
sudo mount /dev/vg0/home /mnt/home
# this is probably not necessarysudo mount /dev/sda1 /mnt/boot
/mnt/boot/efi
sudo mount --bind /dev /mnt/dev
# I'm not entirely sure this is necessarysudo mount --bind /run/lvm /mnt/run/lvm
sudo chroot /mnt
to access the installed systemmount -t proc proc /proc
mount -t sysfs sys /sys
mount -t devpts devpts /dev/pts
CryptDisk UUID=bd3b598d-88fc-476e-92bb-e4363c98f81d none luks,discard
update-initramfs -k all -c
update-grub
Special thanks go to Martin Eve, EGIDIO DOCILE, and the folks at blog.botux.fr for tutorials they posted. By pulling pieces from their posts and doing a little extra trouble shooting, I was finally able to figure this out.
I tried this a number of times and failed over and over. The bit that I had to work out for myself based on error messages was
sudo mount --bind /run/lvm /mnt/run/lvm