Assuming you are using the live, desktop CD:
Mount your crypt
This assumes your crypt is called crypt
, the physical partition is /dev/sda1
, and the root partition partition in /dev/mapper is called root
, adjust accordingly to your setup.
Boot the live (Desktop) CD and install lvm2 and cryptsetup.
sudo apt-get update && sudo apt-get install lvm2 cryptsetup
Load the cryptsetup module.
sudo modprobe dm-crypt
Decrypt your file system.
sudo cryptsetup luksOpen /dev/sda1 crypt
Get the live CD to recognize (activate) your LVM.
sudo vgscan --mknodes
sudo vgchange -ay
You can now access / mount the crypt
sudo mkdir /media/crypt_root
sudo mount /dev/mapper/root /media/crypt_root
Installing into the encrypted partition
I have not done this manually from an Ubuntu live CD and honestly I am not sure it will work, sort of depends on how much you already know, and how much I forget. This is going to be a long post, so I may not cover each and every detail ;).
You can try running the graphical installer and try to use /dev/mapper/root as your root ( / ) partition. You will need to unmount it first.
If that fails , you can install the long way with chroot
Installing into a chroot is fairly easy, you need to make any other partitions you are using , including /boot (you already have), swap, and if you so desire /home
You then install a base system with debootstrap, use /media/crypt_root as the chroot.
Typing all the commands for a chroot is going to be too long for an already long post, but DebootstrapChroot will walk you through how to do this step - by - step
After installing the base with debootstrap, we will chroot in and install / configure the rest.
Note: After following the above link, you should have configured the chroot , /media/crypt_root
, including resolv.conf, and you should have proc, sys, and dev mounted in the chroot. All that is covered, but just making sure ;)
sudo -i
#mount your boot partition in the chroot
mount /dev/sda2 /media/chroot_root/boot
#mount home also if you have a separate home
#If you do not have a separate home, skip this
mount /dev/your_home_partition
chroot /media/crypt_root
RUN THESE COMMANDS IN THE CHROOT
apt-get install ubuntu-desktop lvm2 cryptsetup linux-generic grub2
# Add and configure your user
useradd your_user
passwd your_user
usermod usermod -a -G admin,users
Configure the chroot. You will need to edit /etc/fstab
, /etc/crypttab
In /etc/crypttab
define your crypt
crypt /dev/sda1 none luks
In /etc/fstab
make sure you define your partitions, swap, etc
/dev/mapper/crypt_root / ext4 defaults,errors=remount-ro 0 1
MAKE SURE YOUR FSTAB IS COMPLETE , including swap, proc, home (if you use a separate home, tmpfs, etc. Use the live desktop cd as a template if needed.
Exit the chroot
exit
EXIT Chroot
You now need to install grub, run this command from the live CD
sudo grub-install --root-directory=/media/crypt_root /dev/sda
That is about it, I do not think I forgot anything major. I can not fill in all the details of all your partitions as I do not know your layout and do not know how much or how little you know about /etc/fstab.
If you need further assistance or I forgot something post back or perhaps someone will chime in.
If all the seems overwhelming , well that is why people use the alternate CD, it automates the process.
Additional references:
http://en.gentoo-wiki.com/wiki/DM-Crypt_with_LUKS
https://wiki.archlinux.org/index.php/System_Encryption_with_LUKS
Those links will have gentoo and arch specific information, which you can ignore as you are on Ubuntu. But they contain more detailed descriptions on how to set up LVM and your crypt, including examples of crypttab and fstab.
Hope that helps.
Best Answer
How to identify the name originally assigned to LUKS partition?
Identify your root partition in the broken system when booted to Live USB
We will assume the encrypted partition is
/dev/sdXY
where X is a letter and Y is a number.Decrypt the root partition so we can look inside
Open a terminal by pressing Ctrl+Alt+T and enter:
First, you will be asked for your
sudo password
. Type the password and press Enter. Next it will say:Type the passphrase and press Enter. Neither the password nor the passphrase will show and the cursor will not move. This is normal. This will create
/dev/mapper/temp_name
Mount the decrypted partition and see whats inside
The last line should show you the contents of the
crypttab
file which should look like:Write down the
correct_name
to continue with the tutorial.Undo all the steps
Type the following commands to return everything as they were before:
Hope this helps