Ubuntu :: Update-grub Fail When Converting To LVM On Luks Partition?
Oct 26, 2010
I'm trying to migrate my LVs over to a Luks volume (prompt on password at boot). Unfortunately, as soon as I add my luks-encrypted physical volume to my volume group, I'm no longer able to update my grub configuration. I've detailed my steps below:
I've created and unlocked my encrypted partition with the following:
Code:
sudo cryptsetup -c aes-cbc-essiv:sha256 -y -s 256 luksFormat /dev/sdb1
sudo cryptsetup luksOpen /dev/sdb1 crypto_agilityssd
My /etc/crypttab looks like this:
I'm running Karmic Server with GRUB2 on a Dell XPS 420. Everything was running fine until I changed 2 BIOS settings in an attempt to make my Virtual Box guests run faster. I turned on SpeedStep and Virtualization, rebooted, and I was slapped in the face with a grub error 15. I can't, in my wildest dreams, imagine how these two settings could cause a problem for GRUB, but they have. To make matters worse, I've set my server up to use Luks encrypted LVMs on soft-RAID. From what I can gather, it seems my only hope is to reinstall GRUB. So, I've tried to follow the Live CD instructions outlined in the following article (adding the necessary steps to mount my RAID volumes and LVMs). [URL]
If I try mounting the root lvm as 'dev/vg-root' on /mnt and the boot partition as 'dev/md0' on /mnt/boot, when I try to run the command $sudo grub-install --root-directory=/mnt/ /dev/md0, I get an errors: grub-setup: warn: Attempting to install GRUB to a partition instead of the MBR. This is a BAD idea. grub-setup: error: Embedding is not possible, but this is required when the root device is on a RAID array or LVM volume.
Somewhere in my troubleshooting, I also tried mounting the root lvm as 'dev/mapper/vg-root'. This results in the grub-install error: $sudo grub-install --root-directory=/mnt/ /dev/md0 Invalid device 'dev/md0'
Obviously, neither case fixes the problem. I've been searching and troubleshooting for several hours this evening, and I must have my system operational by Monday morning. That means if I don't have a solution by pretty early tomorrow morning...I'm screwed. A full rebuild will by my only option.
Has anyone tried encrypting the boot partition to prevent the kernel from being modified. Iv tried following this but I'm running into issues when building. [URL] Im using the source from bzr checkout [URL] Last time I tried I screwed grub and it wouldnt boot.
My computer was working this morning and both hard drives were working fine, then all of a sudden for about two hours I was stuck with this "problem", then after fumbling and moving and stablizing things, then Windows works? See below for details. I've finally reinstalled both hard drives, but the one with the Linux partition doesn't work: it says nothing is discovered on the disk. I can't login at the LUKS login after grub starts, therefore I can't get into Linux, but Windows works?! I used to be able to go directly into Grub when the computer starts, I forgot how to do that but it doesn't matter. If you need details I'd be glad to provide them. I just wondered why Linux doesn't work, but Windows does. I have Linux & Windows on two different separate hard drives
I need to change my LUKS partition to NTFS as I do not need the boot partition any longer, but I need to keep sdb3 (truecrypted ext3) intact. This is how the disk looks now:
Code:
Disk /dev/sdb: 1000.2 GB, 1000204886016 bytes 255 heads, 63 sectors/track, 121601 cylinders Units = cylinders of 16065 * 512 = 8225280 bytes
I want to convert a vfat partition into an ext4 partition. This is on my wife's machine and she deleted the Windoze partition as she now prefers Linux. Here is the (edited) output from fdisk -l:-
/dev/sda2 514048 4708351 2097152 83 Linux /dev/sda3 4708352 6805503 1048576 82 Linux swap /dev/sda4 52693200 234436544 90871672+ f W95 Ext'd (LBA) /dev/sda5 59006800 234227699 87610446 83 Linux
I want to change /dev/sda4 to 83 to free up space for Linux without losing the partitions in this 'extended' partition!
I have a LVM logical volume, that contains a LUKS encrypted volume, on which is an ext4 filesystem. I shrank the partition to the minimum size. Next step is to luksClose the device, and then to resize the LVM logical volume. I suspect that LUKS has overhead. So if the ext4 filesystem was resized from, say 1TB to 500G, I have the idea that resizing the LVM LV to 500G does not take LUKS overhead into account and this might corrupt data on the end of the FS. So, what's the smart move to take? How do I calculate the safe minimum LV size? Or should I just give the 500G disk a few gigabytes extra to be sure?
I need to resize (increase) LUKS partition. I have found a lot of manuals, but they are just for LVM volumes(I dont use LVM and I dont plan to use it). I have HDD splited to the 4 parts:
sda1(/) sda2(LUKS) unalocated swap
I want to increase LUKS partition, by using the part of unalocated space.
BUT I dont want to do the following: Backup data from LUKS partition Delete LUKS partition Create new bigger LUKS partition Restore data to the LUKS partition
if encrypt my root partition with Luksformat on my laptop and the battery suddenly goes out without a proper shutdown, I stand a big chance on corrupting the luks header or key slot?
I have a really tricky and may be intresting problem with a encrypted disk partition (cryptsetup luks...) which was fine until it accidentally got re-formatted by an instance of Windows 7. Most of the data on that 1TB-disk will probably still exist, only the LUKS header at the very beginning of the partition is - of course - gone.
So when I try to open the container, it gives no verbose, just the return value 234.
I scanned the whole partition for other LUKS headers with hexedit, none there. But, luckyly I have another partition which is encrypted in the exact same way with the exact same passphrase (which I remember very well!), so I had an idea: I copied the LUKS header (592 bytes) from the other LUKS encrypted partition over to the damaged partition. When I now issue
Code:
Code: No key available with this passphrase
Here is the command how I created the container:
Code:
How do I get the existing passphrase accepted by LUKS?
I'm trying to have a LUKS encrypted partition mounted at startup and to have GDM ask for my key so it will decrypt. Now I followed [URL] to the letter. Except for now, I have it just mounted into /mnt/cryptohome so I'm not messing with my system. My problem is the one everyone mentions in the comments, ubuntu isn't asking for the LUKS key in the X display, it's asking in the first terminal (Ctrl-Alt-F1). This will not do. I need it to ask to mount my drive before I'm even asked to login, so eventually I can encrypt my /home.
I'm having a problem auto-mounting a new luks partition. I have crypttab and fstab entries. I already have my primary encrypted partition (root) mounting at boot (from the install), but after creating this one manually, it does not open on boot. It auto-mounts when I run the following command manually after boot: sudo luksOpen /dev/disk/by-uuid/<uuid> mycrypt
I have Ubuntu Karmic 64-bit installed. Update manager tells me there are updates available, but when i try to install them, downloading the updates fail and throws this error:
Code:
Failed to fetch http://security.ubuntu.com/ubuntu/pool/main/e/eglibc/libc6-i386_2.10.1-0ubuntu16_amd64.deb
Consequently, a similar error occurs when I try installing Sun Java 6 Runtime.
Code:
Failed to fetch http://archive.ubuntu.com/ubuntu/pool/multiverse/s/sun-java6/sun-java6-jre_6-15-1_all.deb Connection failed [IP: 91.189.88.31 80]
Ubuntu Restricted Extras stalls when it's time to download the Java package I tried synaptic, update manager, aptitude, apt-get, and they all throw similar errors. Then I also tried connecting to different servers, to no avail. So to check if it's my connection to the net that has problems somehow, I tried downloading the file directly through my web browser, and it works. (But it's not recommended, and it won't let me!, install the updates manually, right?) I tried searching for the errors on the net and in the forums, and they're all somehow related to proxy servers. I then checked if I'm using some inappropriate proxy settings, and everywhere it's all set up to connect to the net directly, which is, well, my setup.
Take note though, that I am able to install other softwares normally, i.e, using synaptic, apt-get etc. The ones I tried include Pidgin and Mplayer. It's just these updates and Java:
Code:
jeanne@jeanne-desktop:~$ sudo sudo aptitude upgrade W: The "upgrade" command is deprecated; use "safe-upgrade" instead. Reading package lists... Done
I'm trying to install a luks enabled grub for full system encryption. What modules are required by grub to load a normal ubuntu linux system and what is the type to use?
sda is what I currently run to write this text, sdb is my former harddrive, connected via USB.
I want to access the root partition on sdb.
The problem is:
Code: Select allcryptsetup luksOpen /dev/sdb5 oldhd Enter passphrase for /dev/sdb5: root@x200s:/home/b# ls /dev/mapper/ control oldhd sda5_crypt x200s--vg-root x200s--vg-swap_1 root@x200s:/home/b# mount /dev/mapper/oldhd /mnt/ [b]mount: unknown filesystem type 'LVM2_member'[/b]
[Code] ..
Before all this, both sda and sdb where in the same volume group. I renamed the volume group of sdb to "oldDisk" using
Code: Select allvgrename <UUID> oldDisk
How I can access the data on the root filesystem of my sdb..
I need to access /etc/modprobe.d on an encrypted LVM LUKS partition. I m not sure how to go about it though. Mount usually handles my mounting needs, do I need to decrypt the physical volume first? LIst of commands need would make my day.
I'm planning a fresh F13 install, with separate partitions for /boot, /home, /tmp, /, and swap. All but /boot will be logical volumes, and I'd like to encrypt all but boot. If I encrypt the underlying partitions, is there any reason to also encrypt the logical volumes themselves?
my system will be: HP dv6-3040us Pavillion laptop AMD Phenon II 4GB DDR3
So I was wondering about the dilemma of how to encrypt the password file on a key card to unlock your harddrive without having to enter any password. I came to the conclusion that that the scripts could do this without storing any passwords in plane text them self. Have a few extra steps to the scripts that would:
1. Read the UUID of any disks coming in.
2. Attempt to use that ID to decrypt a password file stored in the initrd.
3. Use the decrypted password file to unlock the the keycard partition.
4. THEN use the password files on the keycard to decrypt the main partition and boot the system.
However, if somebody stole your key card and didn't know what the unencrypted information was, then it's harmless for them to have it anyway. And if they did know, you wouldn't be any better off with it being encrypted because they probably can gain access to your computer anyway; leaving them to just pop the key card in and automatically decrypt the drive.
I suppose encrypting the keycard would give you extra assurance that the information would be much harder to recover if you destroyed the key card in a hurry. So would this extra security step even be worth it?
I guess the most secure thing would be to only have a password and type it in every time... unless you are concerned about the aliens/government stealing that from your brain which would probably mean they wouldn't need your password anyway.
Root LUKS to be broken by apt-get update? This did happen to me on 3 different laptops, both on previous install (from Debian 8.0), and also on clean installs (Debian 8.1), repeatedly.
When I reboot, grub starts, but then it cannot find the root file system (I end up with the emergency console).
Code: Select allLoading Linux 3.16.0-4-amd64 ... Loading initial ramdisk ... Loading, please wait... [many seconds waiting] ALERT! /dev/mapper/sda2_crypt does not exists. modprobe: modprobe ehci-orion not found in modules.dep
This is the most simple, clean, conservative install ever, no closed driver.
But LUKS on the root file system:
Code: Select allone ext4 partition on /boot one ext4 partition on / (trough LUKS, all defaults)
There is no LVM.
All the 3 laptops killed at different time, when updating. Clean install is fine until the first update.
Booting on the rescue system allows me to see everything.
Code: Select all$ update-grub Generating grub configuration file ... Found background image: /usr/share/images/desktop-base/desktop-grub.png Found linux image: /boot/vmlinuz-3.16.0-4-amd64 Found initrd image: /boot/initrd.img-3.16.0-4-amd64 No volume groups found
Anyone had any experience with unlocking a LUKS encrypted root partition via ssh? It is ok to leave /boot unencrypted.
There are a few pages from google with the debians variants, archived by putting dropbear into initrd.
I like to do that with my fedora/centos remote servers, but struggle to find any resources specific to it. Anyone has any suggestions and thoughts as to what might be a suitable way forward?
I have install a debian jessie in my laptop, i create a lvm volume with /, /home, etc and a /boot partition outside. the i move this partition to the lvm volume and boot from it, everything it´s okay and it works.
The problem is that wen boot it ask me the passphrase to load grub, and then, when grub loads the kernel, it ask me again the passphrase.
I read that i can pass a key file to the initramfs to solve this, but where i see it, he uses mkinitcpio, and i can´´t find this package in the debian repos, it an arch package, also i tried this option [URL] ...
But it asking me the passphrase 3 times, and the third fails, the sistem starts, but i read the fail in the log.
I managed to setup an encrypted partition that's mounted on boot using dm-crypt/LUKS.
The relevant entry from my /etc/fstab:
/dev/mapper/st_crypt /media/st ext4 defaults 0 2
The partition is mounted at boot, and I can write to it as root just fine, but I have no idea how to make it writable by a normal user (i.e the users group).
I have a error when i want to update my system via YUMI execute the next command.sh@ yum -y updateYou could try using --skip-broken to work around the problemYou could try running:package-cleanup --problems package-cleanup --dupes rpm -Va --nofiles --nodigestThe program package-cleanup is found in the yum-utils package.
I'm dual booting Win7 with Ubuntu 10... I just 'shrunk' some disk space in my NTFS partition (about 60gb); and want to assign it to my current Linux partition. In the 'disk utility', I see 60gb 'free' and unformatted. How can I take this 60gb and add it to my current Linux partition (/dev/sda5)?
I need a FREE solution that can image an entire Luks system encrypted volume and the rest of the used HDD, the MBR and /boot partition. Note: MBR and /boot are not encrypted. Note 2: I want to be able to restore entire drive from image with only a couple of steps. Note 3: Destination HDD space is a factor. Image file must be compressed and the image file must be around 40 to 50 GB or less. The smaller the image the better.
I have used clonezilla live cd before but not for encrypted volumes. I know you can install it in Linux. But, I don't know how to configure it after installation. I would be very happy if someone could tell me how to configure clonezilla in Fedora. How to guides are also welcome. I have one more question. If I image the encrypted volumes and all the stuff I mentioned above while logged in to Fedora, and I restore the drive from the image, will the recovered drive still be encrypted?
I have Virtualbox VM with Lenny and I made another hdd copying all files from old drive to new one. But root partition I made to be on LVM and all three partitions are now primary. After using Debian DVD and rescue mode to reinstall grub and reconfigure kernel, the system boots fine, but Xorg fails to start.
