Debian Installation :: Removing An Encrypted LVM Partition?
May 16, 2011
I installed an old version on accident, I used an encrypted LVM. When I removed the old debian and started the installation of the new version, the encrypted partition could not be used to install, and the drive itself was creating an error message when I tried to mount the installation there. This is probably a vague explanation of what is happening, but does anyone know how to remove these encrypted LVM partitions?
My hard drive is partitioned fairly simply, with two primary partitions, one for Windows and one for Debian Squeeze.How can I remove sda1 and make it so that Debian takes up the whole disk on one large partition without reinstalling?I have downloaded and burnt the gparted live cd, but I daren't go any further without some hand holding.
Installing Debian on a new laptop and read that Debian-Installer (DI) can create an encrypted partition (/home) during installation.However, when I went through installation and started the manual partitioning (standard, non-lvm) , I am unable to locate the encryption option.
I'm trying to install Debian on a USB to create an encrypted partition, I get an error message saying I need to install missing firmware rtl_nic rtl8168d-2.fw.So I download that file and try again this time I get an error " There was a problem reading data from CD Rom" .I not using a CD Rom I put debian on the USB as an ISO file first using Unebutin then tried Rufus.
I have Debian and Virtual Box with another Debian. I have resized max size of vdi file with VBoxManage modifyhd but now I need to resize partition on virtual machine's system. I've downloaded GParted and I can run machine from this ISO as CD. Partition is encrypted on machine.Unfortunately GParted doesn't start with X so I have to use it in terminal. I can see partitions:
So I though maybe I need to use this (URL...). I couldn't find similar tutorial about Debian or GParted but OK, it's just executing these commands, not modifying its source.list.But I cannot even do the update:
Code: Select allroot@debian:/# sudo apt-get update Err: http://free.nchc.org.tw/debian sid InRelease Temporary failure resolving 'free.nchc.org.tw' Err2: http://free.nchc.org.tw/drbl-core drbl InRelease Temporary failure resolving 'free.nchc.org.tw' Reading package lists... Done W: Failed to fetch http://free.nchc.org.tw/debian/dists/sid/InRelease Teporary failure resolving 'free.nchc.org.tw' W: Failed to fetch http://free.nchc.org.tw/drbl-core/dists/drbl/InRelease Temporary failure resolving 'free.nchc.org.tw' W: Some index files failed to download. They have been ignored, or old ones used instead.
So I check my internet connection. VirtualBox has 'attached to NAT' and before I run out of space on virtual machine, Debian could access internet. So it's only something about this GParted. I have modified /etc/resolv.conf with vi (even vim is not available). And it has two valid nameservers. I haven't restarted anything, as I'm not sure if I need to, after modifying resolv.conf file.But even in that case I cannot ping anything from GParted:
sda is what I currently run to write this text, sdb is my former harddrive, connected via USB.
I want to access the root partition on sdb.
The problem is:
Code: Select allcryptsetup luksOpen /dev/sdb5 oldhd Enter passphrase for /dev/sdb5: root@x200s:/home/b# ls /dev/mapper/ control oldhd sda5_crypt x200s--vg-root x200s--vg-swap_1 root@x200s:/home/b# mount /dev/mapper/oldhd /mnt/ [b]mount: unknown filesystem type 'LVM2_member'[/b]
[Code] ..
Before all this, both sda and sdb where in the same volume group. I renamed the volume group of sdb to "oldDisk" using
Code: Select allvgrename <UUID> oldDisk
How I can access the data on the root filesystem of my sdb..
I installed Ubuntu successfully using rescue mode on the alternate cd, and let Ubuntu use an internal boot and home. At the final stage grub refused to install to the MBR, and then refused to install to my /boot partition on /dev/sda2. It said: No boot loader has been installed, either because you chose not to or because your specific architecture doesn't support a boot loader yet. You will need to boot manually with the /vmlinuz kernel on partition /dev/mapper/volumegroup-natty and root=/dev/mapper/volumegroup-natty passed as a kernel argument. Returning to debian, I did a update-grub, which detects Windows and Ubuntu:
[code]...
How do I make grub decrypt the LUKS partition before attempting to load the Ubuntu kernel?
I have 2 identical disks originally configured as a pair for a server. Each of the disks has 2 partitions dev/sdb1,dev/sdb2. The sdb1 partitions I had configured as a raid1 mirror. The sdb2 partitions were non-raid and used as extra misc. Space. Further, the raid setup is also encrypted using dm-crypt luks. Now I want to redeploy each of the disks for new purposes. One of the disks i want to deploy exactly as before (keeping the partitions and content), however without being part of a raid array.
I've successfully deployed this disk into a new system and I am mounting the dev/sdb1 partition as dev/md0 because the disk is set to autodetect raid. Actually I am using cryptsetup and mounting with mapper. Can I get rid of the setting for auto detect on this partition without losing the data, or breaking the encryption? I just want to mount the partition as a standalone encrypted disk. Is it as simple as doing crypt setup luksOpen /dev/sdb1 then mounting it with mapper? Or do I need to change the partition in some way. Or do I simply continue to operate it as a 'broken' raid array?
I encrypted my /home partition in my last installation F13. For some reason, I have to reinstall F13. After I login, I can not access /home. I followed some instructions like
I'm wiping out / on an Ubuntu box but want to keep everything in /home/, which is mounted on a different partition. Using Code: ecryptfs-unwrap-passphrase ~/.ecryptfs/wrapped-passphrase I have unwrapped the passphrase, resulting in a ~25 character alphanumeric string. Is it possible for me to install from a disk and give the installer the (current) passphrase so that it will automatically mount my home directory?
I used Windows XP's encryption to encrypt some folders on an NTFS Hard Drive.Upon mounting this drive in ubuntu, I can see all folders, and all file names, but I cannot open the contents of the encrypted files, getting "Permission Denied" despite all permissions being -rwxrwxrwx.Is there a way to open these from linux? I know the Windows XP login / encryption password.
I know a bunch of commands and I am comfortable using the terminal, I even set a powerpc server but I can't figure out how to remove epiphany on this new computer I'm setting up. I didn't install anything with tasksel. I installed gnome and xorg afterwards... I load it up and 'startx' just fine. then I check around for the programs that were installed. I lik'em gimp, lot's of utilities. gedit. anyway I find epiphany, which I have already established that I dislike, I immediately go to the root terminal (another nice program that comes with gnome) and type apt-get remove epiphany-browser-data the output says it will be deleting gnome... however I have researched and found these are simpy meta packages that don't really matter.... however under the section that states all the packages that will be removed by autoremove there is a huge list... I doubt these packages are safe to remove. how to remove epiphany without removing a huge amount of probably needed software
I want to install debian 7.7 to a laptop with encrypted LVM, but some how i can't install inside the LVM a separate /home and swap partition. Graphic Installer says i cannot change anymore after i made a encrypted LVM. When i make the separate partitions before making an LVM, i can encrypt them but i have to enter for every partition my passphrase. How I can create a LVM with /, /home and swap without entering three times my passphrase.
After my NVIDIA card died I decided it was time to buy an AMD card again (R9 270X), but I didn't think AMD drivers were such a pain in Linux as people said. Of course, in some distros anyway. On Arch, for example, there's no official release because Arch's developers would have to hold Xorg in order to make a closed-source driver available, because AMD's pace isn't in pair with Linux. So in order to install AMD's drivers on Arch I must rely on some guy's unnoficial repositories, but that isn't the whole problem. Even though I'm cool with adding repos and downgrading Xorg, I'm not cool with it not working for a lot of apps, so that's where I decided to try a few distros. Manjaro is a no-go because it installs Flash as default. openSUSE although is a very good distro, is a complete mess when it comes to repositories, specially multimedia ones. Ubuntu/Mint are also a no-go, Ubuntu because after 12.04 they have a spyware by default, and Mint because it contains non-free stuff by default.
So here I come! I ran Debian in the past for a long time (aside from a breaf period last year) and it was lovely, I could easily set up a custom encrypted install, but now I don't remember how to, and it's killing me. I don't like how the installer doesn't show the partitions size as they actually are, and I don't like how the automated encrypted LVM setup doesn't let me chose the encryption algorithm or the timeframe between each passphrase attempt. That's why I must create my install, and here's what I used to do on Arch (the part that really matters), converted to what I use on Debian:
Code: Select all# modprobe dm-mod
(create one 1GB partition for /boot, unencrypted ; create another big 930 GB formatted as "8e" - LVM - on dev/sda2) Code: Select all# fdisk /dev/sda (chose my ciphers and iter time) Code: Select all# cryptsetup -c twofish-xts-plain64 -y-s 512 --iter-time 5000 luksFormat /dev/sda2 (open the luks container on "sda2_crypt")
[Code].....
After this is done, I go to the "partition disks" page where I select each partition/volume to it's correct destination. I then proceed to installing the base system, configuring apt, and all that. Now, before I install Grub I used to execute the following commands on shell:
Code: Select all # nano /etc/crypttab
I used to put something there, but I don't remember what exactly. It's been a long time since I used Debian for long! But here's what I put there:
what i did was, remove evolution mail from synaptic, what i wanted to do was just remove the indicator applet from the task bar. i read a bunch of bad stuff about removing evolution from synaptic vs just removing the applet.
im worried. did i break anything or put my security at risk. after, i used a command (older) (sudo apt-get install ubuntu-desktop)to install ubuntu desktop. because i thought that it would fix evolution. then i went to synaptic and installed a package called evolution. i rechecked evolution in applications menu. however, i notice that i have both a checkable evolution and two evolution icons. nothing 'seems' broken. im not sure if it ever was. and evolution calender pops up as normal, as does the the installed plain evolution. they both seems to be an exact copy of the other.
all i really wanted to do was remove the indicator applet. did i make a serious mistake. since ive had ubuntu, ive reformatted a lot because i was worried i made a mistake of some kind. however now im into the more "make a mistake and fix it stage' as im pretty happy with my current desktop and have worked hard to customize it. the command, sudo apt-get remove indicator-messages removed the mail icon. i still am worried that i broke something, or put my security at risk. also, now i have two mail icons. evolution mail and calendar, and another just called evolution.
I've installed a Squeeze-based distro - Crunchbang - with an encrypted root partition (no LVM), and it won't boot.
Here's what I get: Loading initial ramdisk. Loading, Gave up waiting for root device ALERT! /dev/mapper/hda5_crypt does not exist. Dropping to a shell!
Here's my partition table: hda1 - Windows (Truecrypted) hda2 - GRUB2 hda5 - / hda6 - unused swap
[Code]...
What should I look for? Where do I go from the initramfs shell? Do I chroot? What then? This might be a Crunchbang issue (although others blame LVM which I didn't use, and it's the original Debian installer after all), but there's gotta be a reason it doesn't boot
works perfect, but boot time persistence works only for unencrypted storage. 'Cause I can not append the boot-log as file the most important part here:
The most confusing line is "Warning: cryptsetup is unavailable" - I took a look into the scripts, it checks if cryptsetup and askpass is executable if not this message. But:
I mounted the hdd-img file local and took a look: all binaries there.
So I tried a lot getting it working on boot time. I tried it with live-tools from testing, from wheezy and last but not least installed and pinned live-tools to unstable. Always the same. askpass isn't executable on boot time before mounting the persistence.
and yes, cryptsetup is inside package-list (otherwise live-persistence from within running machine with crypted partitions would not work). Live tools I used for last run is 4.0.3-1 from unstable, before tried with 4.0.2-1 from testing.
I just installed Debian Testing on an encrypted partition (using the encryption feature in the installer). Problem is when I boot I enter the passphrase and then Debian starts to load a bit and then it stops and won't move again. During a normal boot the boot stops after : EDAC sbridge : Couldn't find mci handler Then do a recovery mode boot from grub loader so more information is displayed during the boot time and it stops after : [12.513770] fb: switching to nouveaufb from simple it stops there I can't type anything, I can reboot the computer with ctrl+alt+del tho
I was booting just fine in a previous installation on a MBR-partitioned disk (now it's GPT-partitioned). I have to add that during installation I added a second encrypted volume on a HDD (while / is on a SSD) that mounts to /data. When few days ago I installed it on the MBR-partitioned disk it asked me for the /data passphrase pretty fast, now it just seems to boot and asks me only one passphrase until it freezes.
I'm running Debian Squeeze AMD64 with full disk encryption and LVM. After reinstalling Windows 7 I lost GRUB from the MBR. I managed to install GRUB after following this guide and using an Ubuntu 10.04 graphical installation disc, but I only get to a GRUB CLI when booting, so I can't actually choose an OS there.
I tried following this guide but I'm stuck after "# Mount the partitions to /mnt/root" and don't know what to do.
Does anyone know how I can fix GRUB so I get to choose between Debian and Windows 7 there?
I've been trying to purge my system from packages I don't normally use, like Epiphany and Evolution, and I think I have been somewhat successful but I'm still struggling with GNOME when trying to keep the gnome-applets package and the system forces the installation of the evolution-data-server-common and libedataserverui1.2-8 packages.What is the role of this packages? Are they hard-wired into GNOME and cannot be remove at all? Or is there a way to discard the packages and keep the one I want?
I'm not doing this for the sake disk space; I'm only trying to take control of my desktop to always have the most clean system possible.
I'm a long time user of Debian, but I'm having trouble with my partitioning process. Here is where I currently stand:
I am installing the latest Wheezy build. I am trying to install debian with an encrypted LVM that spans two hard disks.
My partitioning layout is as:
1. /home 2. /root 3. swap 4. /boot
I then added partitions 1, 2 and 3 to a physical volume group. I then took that physical volume group and added it to a logical volume. Then I encrypted the logical volume, leaving the /boot partition untouched. I was under the assumption that the only partition the system needed free to reach the loading of the LVM is the /boot partition, as it holds the files necessary for booting. But when I attempt to finalize the disk, it gives an error stating, "No root file system detected". That would be an issue as it is currently sitting inside the encrypted LV. Am I wrong in including the root partition in the encrypted LV?
What is the best way of having as little of my file system non-encrypted as possible while still allowing a proper boot?
Setting up a randomly passworded swap partition in Debian installer with the default settings (aes-xts-plain64 w/ AES-256 key strength) gives the following line in /etc/crypttab:
However according to cryptsetup manpage when using XTS mode the key size must be doubled so in effect the 'size=256' parameter above is actually resulting in AES-128 strength, no? To get 256 bit key length the size option should be set to 512. Quote from cryptsetup manpage:
For XTS mode (a possible future default), use "aes-xts-plain" or better "aes-xts-plain64" as cipher specification and optionally set a key size of 512 bits with the -s option. Key size for XTS mode is twice that for other modes for the same security level.
now I've re-installed W7 so grub was overwritten. I've tried the procedure which worked for me previously:booting with the netinst usb in rescue mode, choosing a root partition to mount, using grub-install to reinstall the grub:
Now I'm on Jessie (stable), and this time this fails, and I am able to mount only sda3.grub-install doesn't exit so I'm assuming it has been replaced by `grub-installer'. also '/boot' doesnt exist so I created it manually.
This is my specific solution to my specific problem. After updating to Squeeze from my prior Lenny distro (amd64 with whole disk encrytion using LVM2, dm-crypt, LUKS) everything went well - at first. I was duped like so many, thinking that all was well and I could remove the legacy-grub (aka: Grub1) and just use grub-pc (aka: Grub2). As soon as I removed the legacy-grub and rebooted my laptop, I was confronted with:
GRUB Loading stage1.5 GRUB loading, please wait..Error 15 At this point I wasn't sure if it was a Grub problem or a deeper encryption problem - especially after reading that some people had missing packages in Squeeze (lvm2, dm-setup, initramfs-tools, etc.)
Okay, the solution for me.
1. download and burn to disk: debian-live-6.0.0-amd64-rescue.iso[URL]..
2. scroll to and press enter/return on: text rescue
3. choose a root directory - for example: /dev/blah/root (I wrote down the list of possible /dev/.... for reference - this helped me remember where and what I had partitioned in Lenny)
4. choose: Execute a shell in /dev/blah/root
5. once in the shell, I discovered I needed to mount a few of those partitions that I had written down in order to get access to grub-probe, update-grub, grub-install, etc. You may not have to if your partitions are minimal. I you need to use other partitions, type (for example):
I m trying to install Alsa for playing wav files I typed this: aptitude install alsa-base It started removing a lot of software from debian. Is that expected with that command? Do I need to install another "base" to bring things back?
When updating from the last Debian Live image (Squeeze) to the current Debian testing, apt announces a lot of packages being not required:
The following packages were automatically installed and are no longer required: openoffice.org-draw libpcsclite1 libwpd8c2a usb-modeswitch gtk2-engines-smooth dnsmasq-base tomboy libmono-security2.0-cil libgsf-1-common update-notifier-common libndesk-dbus1.0-cil libmtp8 libmono-addins-gui0.2-cil gnome-js-common pnm2ppa libavutil49 libhal-storage1 libmono-system2.0-cil update-notifier python-mako openoffice.org-officebean openoffice.org-emailmerge network-manager-gnome openoffice.org-impress gdebi libgpod-common
[Code]...
These include some important packages, like network-manager-gnome for example. Was it really intended to be removed? Without it, it's impossible to manage network connections from Gnome (only manual option of editing interfaces config is left). Is it a bug, or some incomplete intention? apt suggests to autoremove these packages. Should they all be retained, or only some of them, or it's supposed to be none? Removing some of them makes sense for me (like Epiphany for example), but some not at all.
I am having issues with Grub 2 after installing Debian 7.8.0.The computer is a HP Pavilion 500-307nb. I made the original harddrive /dev/sdb and inserted a Samsung Evo 840 as /dev/sda. From the original hard drive (/dev/sdb), I wiped the windows partition, but left all other partitions unchanged (in case I would ever want to recover the desktop to its original state). I replaced the wiped windows partition with a swap partition and an LVM partition.These are my hard drive partitions:
/dev/sda (Samsung Evo 840)
Number Start End Size File system Name Flags 1 1049kB 3146kB 2097kB primary bios_grub 2 3146kB 944MB 941MB ext4 boot 3 944MB 94.4GB 93.4GB host lvm 4 94.4GB 1000GB 906GB guests lvm
[code]....
The partition /dev/sda3 has 2 logical volumes with filesystem ext4 that I mount to / and /home.The partition /dev/sda2 is mounted to /boot..When I install like this, Debian installs fine, however Grub2 is not installed correctly.Debian installs grub-pc which seems not able to boot the gpt partition. So I boot the Debian CD in rescue mode and execute:
mount /dev/sda2 /boot aptitude purge grub-pc aptitude -y install grub-efi
After rebooting, I come in the grub rescue shell, which says: error: no such device: 986f2176--4a4b-4222-83b9-8636a034b3c7.
When I then enter in the grub rescue shell: set boot=(hd0,gpt2) set prefix=(hd0,gpt2)/grub insmod normal normal
Grub and Debian start up correctly.why can Grub not start up automatically correctly? Where does the UUID 986f2176--4a4b-4222-83b9-8636a034b3c7 come from? I have reinstalled Grub several times, I have reinstall Debian several times, I have even wiped all partitions from /dev/sda and recreated a new gpt table with parted and manually set the partitions in parted. Still on each reinstallation, Grub fails because it cannot find exactly the same UUID. Since this UUID is always the same, it must be stored somewhere, but it cannot be the partitions, I have wiped them and the partition table several times.
I did though a firmware update of the Samsung Evo 840 before reinstallation, could this be a cause?Also the problem is not in grub.cfg. Grub starts correctly if I enter the commands above in the grub rescue screen and the UUID value does not appear there.
I have been using fedora 12 for last 6 months, recently I bought an external USB hard drive of 320 GB capacity. I made 2 partitions using the Disk Utility in Fedora. I encrypted the first partition as it was supposed to hold a lot of sensitive data, and yes it did have. Now I had to change my OS to AV linux for some audio-video editing work which wasnt being done properly on fedora due to some issue beyond my knowledge. now the problem is my encrypted partition is not accessible in my new installation. I see an empty space on my /dev/sda1. although no change to partition data has been done and the data on the second partition /dev/sda2 is easily accessible. when putting the drive on automount, is does not ask me for the password and neither does it show me the data. I have tried fdisk and sme other utilities but have failed to get my drive unencrypted.
I used Ubuntu for years now, but since the latest decisions got public I deceided to try something new: Fedora. I installed the system as a dualboot,Ubuntu and my old data. Because Fedora got installed inbetween of two partitions,ad to do the partitioning manually. I just made one partition /dev/sda4. During the installation process I got asked about the password for my /dev/sda1 partition. Of course, I entered it. So far so good.Now, everytime when I boot, the boot process stops and asks me for the password of the /dev/sda1 partition. However, the boot process does not go on, unless i press STRG+C.After the log in, I can also not access my data, by entering the password (GUI).The only way I can acces the data on that partition is:
Code: su - cryptsetup luksOpen /dev/DEVICENAME luks-fedora
