Ubuntu – Ubuntu dual-boot with LVM and LUKS install fails

dual-bootencryptiongrub2lvmuefi

I have a HP Pavilion G7 laptop with UEFI support and a 250GB GPT SSD disk. Laptop initially had Windows 8 installed, but later I made a Windows 10 clean install and reserved some empty space for linux.

Now I want to have Win10 & Ubuntu16 Mate 16.04 LTS dualboot, LUKS encrypted disks with LVM.

This kind of dualboot confuguration with LUKS and LVM is not possible with Ubuntu Mate GUI installer, but I found following instructions to follow (tested for Ubuntu 13.04):

How can I install Ubuntu encrypted with LUKS with dual-boot?

I tried to follow these instructions but always when booting I cannot open the encrypted disk because cryptsetup fails.

Here is my procedure, numbering is same as in instructions:

  1. Boot from an Ubuntu live DVD or USB stick, and select "Try Ubuntu".

  2. Create partitions using GParted included in the live disk.
    GParted. Created 2 partitions: boot and data for LUKS. Windows esp will be used for Ubuntu also.

    (parted) print list                                                       
Model: ATA Samsung SSD 850 (scsi)
Disk /dev/sda: 250GB
Sector size (logical/physical): 512B/512B
Partition Table: gpt
Disk Flags: 

Number  Start   End    Size    File system  Name                          Flags
 1      1049kB  473MB  472MB   ntfs         Basic data partition          hidden, diag
 2      473MB   578MB  105MB   fat32        EFI system partition          boot, esp
 3      578MB   595MB  16.8MB               Microsoft reserved partition  msftres
 4      595MB   123GB  123GB   ntfs         Basic data partition          msftdata
 5      123GB   124GB  835MB   ntfs                                       hidden, diag
 6      124GB   125GB  524MB   ext4         NotUsed
 7      125GB   126GB  1049MB  ext4         linux-boot
 8      126GB   250GB  124GB                linux-data

ubuntu-mate@ubuntu-mate:~$ lsblk
NAME   MAJ:MIN RM   SIZE RO TYPE MOUNTPOINT
sda      8:0    0 232.9G  0 disk 
├─sda1   8:1    0   450M  0 part 
├─sda2   8:2    0   100M  0 part (This is Windows esp)
├─sda3   8:3    0    16M  0 part 
├─sda4   8:4    0 114.4G  0 part 
├─sda5   8:5    0   796M  0 part 
├─sda6   8:6    0   500M  0 part 
├─sda7   8:7    0  1000M  0 part (boot)
└─sda8   8:8    0 115.7G  0 part (LUKS)

    format partitions sda7, sda8

  3. Create a LUKS container using these commands

    sudo cryptsetup luksFormat /dev/sda8
sudo cryptsetup luksOpen /dev/sda8 pv_data

  4. It is critical to properly initialize the new LUKS container 

    ubuntu-mate@ubuntu-mate:~$ sudo dd if=/dev/zero of=/dev/mapper/pv_data bs=16M
dd: error writing '/dev/mapper/pv_data': No space left on device
7469+0 records in
7468+0 records out
125303783424 bytes (125 GB, 117 GiB) copied, 381.69 s, 328 MB/s

  5. Inside the mounted LUKS container, create an LVM physical volume, a volume group and two logical volumes. The first logical volume will be mounted at /, and the second one will be used as swap.

    ubuntu-mate@ubuntu-mate:~$ sudo pvcreate /dev/mapper/pv_data
  Physical volume "/dev/mapper/pv_data" successfully created

ubuntu-mate@ubuntu-mate:~$ sudo vgcreate vg_data /dev/mapper/pv_data
  Volume group "vg_data" successfully created

ubuntu-mate@ubuntu-mate:~$ sudo lvcreate -n lv_swap -L 12g vg_data
  Logical volume "lv_swap" created.

ubuntu-mate@ubuntu-mate:~$ sudo lvcreate -n lv_root -L 80g vg_data
  Logical volume "lv_root" created.

ubuntu-mate@ubuntu-mate:~$ lsblk
NAME                  MAJ:MIN RM   SIZE RO TYPE  MOUNTPOINT
sda                     8:0    0 232.9G  0 disk  
...
└─sda8                  8:8    0 115.7G  0 part  
└─pv_data           252:0    0 115.7G  0 crypt 
    ├─vg_data-lv_swap 252:1    0    12G  0 lvm   
    └─vg_data-lv_root 252:2    0    80G  0 lvm

  6. Create filesystems for the two logical volumes

    ubuntu-mate@ubuntu-mate:~$ sudo mkfs.ext4 /dev/mapper/vg_data-lv_root
mke2fs 1.42.13 (17-May-2015)
Creating filesystem with 20971520 4k blocks and 5242880 inodes
Filesystem UUID: 1cbd1ea6-fa20-41f6-a870-5c159301bee4
Superblock backups stored on blocks: 
32768, 98304, 163840, 229376, 294912, 819200, 884736, 1605632, 2654208, 
4096000, 7962624, 11239424, 20480000

Allocating group tables: done                            
Writing inode tables: done                            
Creating journal (32768 blocks): done
Writing superblocks and filesystem accounting information: done   

ubuntu-mate@ubuntu-mate:~$ sudo mkswap /dev/mapper/vg_data-lv_swap
Setting up swapspace version 1, size = 12 GiB (12884897792 bytes)
no label, UUID=d665e5d7-b81f-4078-a5d5-bb1dd137fce2

  7. Install Ubuntu using the graphical installer, choosing manual partitioning.

    Assign: / to /dev/mapper/vg_data-lv_root, /boot to /dev/sda7, swap to /dev/mapper/vg_data-lv_swap

    mark other partitions "do not use" except sda7 boot, lv_root, lv_swap, sda2 efi windows boot manager

    Select device for bootloader installation to /dev/sda

  8. Once the graphical installer is finished, select "continue testing" and open a terminal.

  9. Find the UUID of the LUKS partitions: /dev/sda8 

    ubuntu-mate@ubuntu-mate:~$ sudo blkid
/dev/sda1: LABEL="Recovery" UUID="FABE4708BE46BCBF" TYPE="ntfs" PARTLABEL="Basic data partition" PARTUUID="69ee7fd0-ed56-41b2-b974-b76647cb98d5"
/dev/sda2: UUID="9A47-7CB4" TYPE="vfat" PARTLABEL="EFI system partition" PARTUUID="3cfbb43a-3bfd-48ac-b673-109f469c4d72"
/dev/sda4: UUID="82324D05324D0021" TYPE="ntfs" PARTLABEL="Basic data partition" PARTUUID="342a1cfb-8587-4dbc-a180-4872aa23aff5"
/dev/sda5: UUID="D606B52306B50611" TYPE="ntfs" PARTUUID="6bebe835-96b9-422e-b9c1-baf69ae085b3"
/dev/sda6: UUID="341a01d8-dcb7-4c51-99aa-22a84d53054b" TYPE="ext4" PARTLABEL="NotUsed" PARTUUID="f2524ea7-8736-4998-8705-5e9d22c42b3c"
/dev/sda7: UUID="d0033e81-c785-4efc-a0d3-1128b7a99792" TYPE="ext4" PARTLABEL="linux-boot" PARTUUID="08e453f9-84ca-48b0-a26f-915f2462c578"
/dev/sdb1: LABEL="UBUNTU-MATE" UUID="8EDE-65EA" TYPE="vfat" PARTLABEL="Microsoft Basic Data" PARTUUID="2c0f92b3-5d67-45c7-bc1b-ce8a1a284015"
/dev/loop0: TYPE="squashfs"
/dev/sda8: UUID="ec4c6b1d-0bf1-41d4-81ec-754987a5532f" TYPE="crypto_LUKS" PARTLABEL="linux-data" PARTUUID="18bf1837-1dda-477a-9007-e3478e12f565"
/dev/sdc1: LABEL="FAT32GB" UUID="FE56-878C" TYPE="vfat" PARTUUID="58ee1847-01"
/dev/mapper/pv_data: UUID="11kz5r-WtT9-c2oU-sDrB-ObWm-OCiP-t0JG9c" TYPE="LVM2_member"
/dev/mapper/vg_data-lv_swap: UUID="d665e5d7-b81f-4078-a5d5-bb1dd137fce2" TYPE="swap"
/dev/mapper/vg_data-lv_root: UUID="57c480e3-59c7-4203-ac5c-2a08075fd71c" TYPE="ext4"
/dev/dm-1: UUID="d665e5d7-b81f-4078-a5d5-bb1dd137fce2" TYPE="swap"
/dev/sda3: PARTLABEL="Microsoft reserved partition" PARTUUID="dfbb8924-81a1-4646-9baa-3a4977641f5e"

  10. Mount the appropriate devices to the appropriate locations in /mnt, and chroot into it:

    sudo mount /dev/mapper/vg_data-lv_root /mnt
sudo mount /dev/sda7 /mnt/boot
sudo mount --bind /dev /mnt/dev
sudo chroot /mnt

  11. Create a file named /etc/crypttab in the chrooted environment:

    root@ubuntu-mate:/# cat /etc/crypttab
# <target name> <source device> <key file> <options>
pv_data UUID=ec4c6b1d-0bf1-41d4-81ec-754987a5532f none luks,retry=1,lvm=vg_data

  12. Create a file named /etc/initramfs-tools/conf.d/cryptroot in the chrooted environment:

    root@ubuntu-mate:/# cat /etc/initramfs-tools/conf.d/cryptroot
CRYPTROOT=target=pv_data,source=/dev/disk/by-uuid/ec4c6b1d-0bf1-41d4-81ec-754987a5532f

  13. Run the following command in the chrooted environment:

    root@ubuntu-mate:/# update-initramfs -k all -c
update-initramfs: Generating /boot/initrd.img-4.4.0-38-generic
cat: /proc/cmdline: No such file or directory
update-initramfs: Generating /boot/initrd.img-4.4.0-31-generic
cat: /proc/cmdline: No such file or directory

    Are these errors critical?

  14. Edit the file named /etc/default/grub in the chrooted envirnoment:

    root@ubuntu-mate:/# cat /etc/default/grub
# If you change this file, run 'update-grub' afterwards to update
# /boot/grub/grub.cfg.
# For full documentation of the options in this file, see:
#   info -f grub -n 'Simple configuration'

GRUB_DEFAULT=0
#GRUB_HIDDEN_TIMEOUT=0
GRUB_HIDDEN_TIMEOUT_QUIET=true
GRUB_TIMEOUT=10
GRUB_DISTRIBUTOR=`lsb_release -i -s 2> /dev/null || echo Debian`
GRUB_CMDLINE_LINUX_DEFAULT="quiet splash"
#GRUB_CMDLINE_LINUX=""
GRUB_CMDLINE_LINUX="cryptopts=target=pv_data,source=/dev/disk/by-uuid/ec4c6b1d-0bf1-41d4-81ec-754987a5532f,lvm=vg_data"

# Uncomment to enable BadRAM filtering, modify to suit your needs
# This works with Linux (no patch required) and with any kernel that obtains
# the memory map information from GRUB (GNU Mach, kernel of FreeBSD ...)
#GRUB_BADRAM="0x01234567,0xfefefefe,0x89abcdef,0xefefefef"

# Uncomment to disable graphical terminal (grub-pc only)
#GRUB_TERMINAL=console

# The resolution used on graphical terminal
# note that you can use only modes which your graphic card supports via VBE
# you can see them in real GRUB with the command `vbeinfo'
#GRUB_GFXMODE=640x480

# Uncomment if you don't want GRUB to pass "root=UUID=xxx" parameter to Linux
#GRUB_DISABLE_LINUX_UUID=true

# Uncomment to disable generation of recovery mode menu entries
#GRUB_DISABLE_RECOVERY="true"

# Uncomment to get a beep at grub start
#GRUB_INIT_TUNE="480 440 1"
root@ubuntu-mate:/#

  15. Run the following command in the chrooted environment:

    root@ubuntu-mate:/# update-grub
Generating grub configuration file ...
...
/proc/devices: fopen failed: No such file or directory
Found linux image: /boot/vmlinuz-4.4.0-38-generic
Found initrd image: /boot/initrd.img-4.4.0-38-generic
/proc/devices: fopen failed: No such file or directory
device node not found
/proc/devices: fopen failed: No such file or directory
device node not found
Found linux image: /boot/vmlinuz-4.4.0-31-generic
Found initrd image: /boot/initrd.img-4.4.0-31-generic
/proc/devices: fopen failed: No such file or directory
/proc/devices: fopen failed: No such file or directory
/proc/devices: fopen failed: No such file or directory
device node not found
...
device node not found
/proc/devices: fopen failed: No such file or directory
device node not found
Found memtest86+ image: /memtest86+.elf
Found memtest86+ image: /memtest86+.bin
grep: /proc/mounts: No such file or directory
Cannot find list of partitions!  (Try mounting /sys.)
done
root@ubuntu-mate:/#

    Dozens of device node not found errors removed here, is it normal that update-grub produces this many errors?

  16. Reboot and boot into the encrypted Ubuntu. You should be prompted for a password.

    During the reboot, Windows 10 starts to boot by default. If I hit Esc and select Ubuntu from list, Ubuntu starts booting but cryptsetup fails with following error messages:

    cryptsetup: cryptsetup failed, bad password or options?
/scripts/local-top/cryptroot: line:1 /sbin/cryptsetup: not found.

What's the reason for this failure and how can I fix it?

/etc/modules file is empty. Should there be something?

Best Answer

I finally got time to fix this.

Error was in step 10. I missed this part of it:

mount -t proc proc /proc
mount -t sysfs sys /sys
mount -t devpts devpts /dev/pts

After fixing that, installation went fine.

Other notes concerning the referenced answer:

  • Author has modified the answer so that if you read all the comments saying that you can skip steps 12,14,15 you go WRONG. Modifications take these comments into account and these steps are already removed from instructions, so do not skip any steps.
  • I installed Ubuntu Mate LTS 16.4.1 with those instructions.

I also noticed that it is actually possible to install dual boot with LUKS encrypted partition without exiting the Ubuntu installer GUI. The downsize of this option is that you can only make 1 encrypted partition. So with GUI installer you can have a configuration like this:

  • non-crypted boot
  • encrypted root

and then create swapfile inside the encrypted root if needed with these instructions

Related Question