Find the answer to your Linux question:
Results 1 to 4 of 4
The following is how I have encrypted the /root, /home, and swap partitions on a disk already containing Windows 8.1 and only require a single passphrase entry on boot: Create ...
Enjoy an ad free experience by logging in. Not a member yet? Register.
  1. #1
    Just Joined!
    Join Date
    Apr 2014
    Posts
    2

    Question Auto boot mounted encrypted data LV shared no write access


    The following is how I have encrypted the /root, /home, and swap partitions on a disk already containing Windows 8.1 and only require a single passphrase entry on boot:

    Create 500 MiB ext4 sda5 partition that will later be assigned as /boot

    Code:
    sudo dd if=/dev/urandom of=/dev/sda6
    12 hours elapse.

    Code:
    dd: writing to ‘/dev/sda6’: No space left on device
    660092929+0 records in
    660092928+0 records out
    337967579136 bytes (338 GB) copied, 39571.4 s, 8.5 MB/s
    Code:
    modprobe dm-crypt
    modprobe aes-x86_64
    modprobe sha256
    When I do this over I will run crptysetup benchmark first to see which aes and sha works best for my system.

    Code:
    sudo cryptsetup luksFormat /dev/sda6
    
    WARNING!
    ========
    This will overwrite data on /dev/sda6 irrevocably.
    
    Are you sure? (Type uppercase yes): YES
    Enter passphrase:
    Verify passphrase:
    sudo cryptsetup luksOpen /dev/sda6 enc-pv
    Enter passphrase for /dev/sda6:
    
    sudo pvcreate /dev/mapper/enc-pv
     Physical volume "/dev/mapper/enc-pv" successfully created
    sudo vgcreate vg /dev/mapper/enc-pv
     Volume group "vg" successfully created
    sudo lvcreate -L 8.5G -n swap vg
     Logical volume "swap" created
    sudo lvcreate -L 20G -n ubuntu-root vg
     Logical volume "ubuntu-root" created
    sudo lvcreate -L 50G -n ubuntu-home vg
     Logical volume "ubuntu-home" created
    sudo lvcreate -L 140G -n shared vg
     Logical volume "shared" created
    
    sudo lvdisplay
     --- Logical volume ---
     LV Path                /dev/vg/swap
     LV Name                swap
     VG Name                vg
     LV UUID                EMSdc1-yTSS-FF9W-5vcv-jEwF-OeF7-5oOoEI
     LV Write Access        read/write
     LV Creation host, time ubuntu, 2014-04-23 12:57:17 +0000
     LV Status              available
     # open                 0
     LV Size                8.50 GiB
     Current LE             2176
     Segments               1
     Allocation             inherit
     Read ahead sectors     auto
     - currently set to     256
     Block device           252:1
    
     --- Logical volume ---
     LV Path                /dev/vg/ubuntu-root
     LV Name                ubuntu-root
     VG Name                vg
     LV UUID                TCPIIE-fGv0-3tz8-XP3R-1c9Z-E18R-XTbcOd
     LV Write Access        read/write
     LV Creation host, time ubuntu, 2014-04-23 12:58:41 +0000
     LV Status              available
     # open                 0
     LV Size                20.00 GiB
     Current LE             5120
     Segments               1
     Allocation             inherit
     Read ahead sectors     auto
     - currently set to     256
     Block device           252:2
    
     --- Logical volume ---
     LV Path                /dev/vg/shared
     LV Name                shared
     VG Name                vg
     LV UUID                dPHDeT-52zj-7bAx-xjzP-p4yC-kXoo-aw7Eac
     LV Write Access        read/write
     LV Creation host, time ubuntu, 2014-04-23 12:59:50 +0000
     LV Status              available
     # open                 0
     LV Size                140.00 GiB
     Current LE             35840
     Segments               1
     Allocation             inherit
     Read ahead sectors     auto
     - currently set to     256
     Block device           252:4
    
     --- Logical volume ---
     LV Path                /dev/vg/ubuntu-home
     LV Name                ubuntu-home
     VG Name                vg
     LV UUID                pWFs3D-MXrh-bMez-68r0-4yPc-zMTo-MGhNF1
     LV Write Access        read/write
     LV Creation host, time ubuntu, 2014-04-23 13:06:11 +0000
     LV Status              available
     # open                 0
     LV Size                50.00 GiB
     Current LE             12800
     Segments               1
     Allocation             inherit
     Read ahead sectors     auto
     - currently set to     256
     Block device           252:3
    
    sudo vgdisplay | grep -i free
     Free  PE / Size       24641 / 96.25 GiB
    Code:
    sudo mkfs.ext4 /dev/mapper/vg-shared
    
    mke2fs 1.42.9 (4-Feb-2014)
    Filesystem label=
    OS type: Linux
    Block size=4096 (log=2)
    Fragment size=4096 (log=2)
    Stride=0 blocks, Stripe width=0 blocks
    9175040 inodes, 36700160 blocks
    1835008 blocks (5.00%) reserved for the super user
    First data block=0
    Maximum filesystem blocks=4294967296
    1120 block groups
    32768 blocks per group, 32768 fragments per group
    8192 inodes per group
    Superblock backups stored on blocks:
       32768, 98304, 163840, 229376, 294912, 819200, 884736, 1605632, 2654208,
       4096000, 7962624, 11239424, 20480000, 23887872
    
    Allocating group tables: done                            
    Writing inode tables: done                            
    Creating journal (32768 blocks): done
    Writing superblocks and filesystem accounting information: done
    There was similar output for:

    Code:
    sudo mkfs.ext4 /dev/mapper/vg-ubuntu-root
    sudo mkfs.ext4 /dev/mapper/vg-ubuntu-home
    I may have needed to add an extra hyphen, like vg-ubuntu--root

    Next I opened the Ubuntu 14.04 installer and selected 'something else'. I assigned /boot to the 500 MiB partition on sda5 and then /root, /home, and swap to the logical /dev/mapper/vg volumes.

    After Ubuntu installs, before rebooting from the live USB I entered the following:

    Code:
    sudo cryptsetup luksOpen /dev/sda6 enc-pv
    Enter passphrase for /dev/sda6:
    sudo mount /dev/vg/ubuntu-root /mnt
    sudo chroot /mnt mount /proc
    sudo mount --bind /dev /mnt/dev
    sudo chroot /mnt mount /boot
    sudo echo "enc-pv UUID=`sudo blkid -s UUID -o value /dev/sda6` none luks" | sudo tee -a /mnt/etc/crypttab
    enc-pv UUID=ad8b8a32-95ea-4add-abe6-326d151e30fa none luks
    sudo chroot /mnt update-initramfs -u
    update-initramfs: Generating /boot/initrd.img-3.13.0-24-generic
    sudo umount /mnt/proc /mnt/dev /mnt/boot /mnt
    On reboot Ubuntu boots asking for only one entry of the passphrase instead of three, one for each encrypted volume.

    ================================================== ================

    The only problem remaining now is that although the /dev/mapper/vg-shared volume appears like any other partitionin /media/dusf/, and although I can open it without having to enter the passphrase again, I cannot create files on it.

    I have tried replacing the command 'sudo mount /dev/vg/ubuntu-root /mnt' with 'sudo mount /dev/vg/shared /mnt' but then when i go onto the next command 'sudo chroot /mnt mount /proc' it gives me the error 'chroot: failed to run command ‘mount’: No such file or directory'.

    Can anyone tell me how I should edit the following commands so that /dev/vg/-shared not only mounts at boot, but I can also write to it?

    Code:
    sudo cryptsetup luksOpen /dev/sda6 enc-pv
    Enter passphrase for /dev/sda6:
    sudo mount /dev/vg/ubuntu-root /mnt
    sudo chroot /mnt mount /proc
    sudo mount --bind /dev /mnt/dev
    sudo chroot /mnt mount /boot
    sudo echo "enc-pv UUID=`sudo blkid -s UUID -o value /dev/sda6` none luks" | sudo tee -a /mnt/etc/crypttab
    enc-pv UUID=ad8b8a32-95ea-4add-abe6-326d151e30fa none luks
    sudo chroot /mnt update-initramfs -u
    update-initramfs: Generating /boot/initrd.img-3.13.0-24-generic
    sudo umount /mnt/proc /mnt/dev /mnt/boot /mnt
    Last edited by dusf; 04-26-2014 at 11:20 AM. Reason: Title

  2. #2
    Linux Enthusiast
    Join Date
    Jan 2005
    Location
    Saint Paul, MN
    Posts
    630
    You only have one encrypted device. On that encrypted device, you have created other devices. They are encrypted because they are created from the encrypted device.

  3. #3
    Just Joined!
    Join Date
    Apr 2014
    Posts
    2
    Quote Originally Posted by alf55 View Post
    You only have one encrypted device. On that encrypted device, you have created other devices. They are encrypted because they are created from the encrypted device.
    Thank you for the reply, but you are telling me something I already know. If you can, please answer the question I have asked, re the shared volume automatically mounting like /home, /root, and swap at boot after entering the passphrase once but my not being able to write to it like those other volumes.

  4. #4
    Linux Enthusiast
    Join Date
    Jan 2005
    Location
    Saint Paul, MN
    Posts
    630
    You did not say are you "root" or another user attempting to write. What there permissions and ownership (both user and group) for the directories that you are attempting to write into?

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •