2013-02-24

Install LMDE (201303 Cinnamon RC x64) with dm-crypt

# variables that could be changed
LVM_NAME=lvm_luks
VG_NAME=vg_luks
LV_ROOT_NAME=lv_root
LV_SWAP_NAME=lv_swap
LV_ROOT_NAME=lv_root
SWAP_SIZE=2048
SDA=sda

sudo cfdisk /dev/${SDA}
# create 100M for /boot; and and rest for encryption 
sudo apt-get install -y cryptsetup lvm2
sudo modprobe dm-crypt
cryptsetup luksFormat --cipher aes-xts-plain64 --key-size 512 --verify-passphrase /dev/${SDA}2
# type UPPER case YES, then the password for encryption
sudo cryptsetup luksOpen /dev/${SDA}2 ${LVM_NAME}
sudo pvcreate /dev/mapper/${LVM_NAME}
sudo vgcreate ${VG_NAME} /dev/mapper/${LVM_NAME}
sudo lvcreate -L ${SWAP_SIZE}M -n ${LV_SWAP_NAME} ${VG_NAME} -Zn
sudo lvcreate -l 100%FREE -n ${LV_ROOT_NAME} ${VG_NAME} -Zn
sudo mkswap /dev/mapper/${VG_NAME}_${LV_SWAP_NAME}
sudo mkfs.ext4 /dev/mapper/${VG_NAME}_${LV_ROOT_NAME}
sudo mkfs.ext2 /dev/${SDA}1
sudo mkdir -p /target
sudo mount /dev/mapper/${VG_NAME}_${LV_ROOT_NAME} /target
sudo mkdir -p /target/boot
sudo mount /dev/${SDA}1 /target/boot

Start the LMDE installer, proceed, select "manually mount partitions", and install. When the installer finishes copying files and pauses:

# sudo mount -o bind /dev /target/dev
# sudo mount -t proc proc /target/proc
# sudo mount -t sysfs sys /target/sys
sudo chroot /target
sudo apt-get install cryptsetup lvm2 -y --force-yes
LVM_UUID=# find this in /dev/disk/by-uuid
sudo echo "${LVM_NAME} UUID=${LVM_UUID} none luks" >> /etc/crypttab
sudo echo "/dev/${SDA}1 / ext2 defaults 0 2" >> /etc/fstab
sudo echo "/dev/mapper/${VG_NAME}-${LV_ROOT_NAME} / ext4 defaults 0 1" >> /etc/fstab
sudo echo "/dev/mapper/${VG_NAME}-${LV_SWAP_NAME} none swap sw 0 0" >> /etc/fstab
sudo vim /etc/default/grub
# make the line reads GRUB_CMDLINE_LINUX="cryptdevice=/dev/${SDA}2:${LVM_NAME} root=/dev/mapper/${VG_NAME}-${LV_ROOT_NAME} resume=/dev/mapper/${VG_NAME}-${LV_SWAP_NAME}"
sudo update-initramfs -u -k all
sudo update-grub2
sudo grub-install /dev/${SDA}

Reboot the machine ** NOTE: I can't click on "Finish" button as what the installer tells me, which might be a bug of the installer. I had to (force) reboot the machine manually. It seems some system configuration has been done only partially. The user set up before could not be logged in. To overcome that, log in root in one of the ttys, change the password (and possibly lock root account) and log in again.

Ref:
Posted by at No comments:
Subscribe to: Posts (Atom)