Install of (32bit) LXLE 14.04 onto encrypted partition - LXLE OS Help and Support Threads on LXLE forums

lxlerty

Dear group,

I would like to ask whether there is someone who could successfully install (32bit) LXLE 14.04 (revisited) onto encrypted partition. If you could, then would you kindly inform me the instruction of the way you did?

I could not succeed; after installation, LXLE boot-up (initramfs) is blocked before prompting the passphrase for decrypting encrypted partition at splash screen as complaining like having not been able to find volume mapper path to root volume of installed 32bit LXLE 14.04 system.

On the same machine, I COULD SUCCESSFULLY install 32bit "Lubuntu" 14.04 to encrypted partition (then boot-up and use it of course). But with 32bit LXLE 12.04.4 installer (what comes in 32 bit LXLE 14.04 Live DVD), I could not find a way. (I have not tried to install Lubuntu 12.04.)

The followings are the "BRIEF" description about how I have tried to install (due to bug 1311551):
1. Boot up by LXLE 14.04 Live DVD.
2. With GParted, create a new partition table (/dev/sda), a boot partition (let's say /dev/sda5), and a partition for rest of disk space (let's say /dev/sda6).

In a terminal window as root:
3. apt-get install cryptsetup lvm2
4. modprobe dm_crypt (and do modprobe for other required ones like sha512 or aes)
5. Make /dev/sda6 LUKS partition by cryptsetup's luksFormat option, and open it by cryptsetup's luksOpen option.
6. Create physical volume, volume group, and logical volumes (root, home, swap) by appropriate lvm commands.
7. mkswap on swap logical volume.
8. mkfs on boot partition, root logical volume, and home logical volume.

Launch LXLE 12.04.4 installer:
9. Proceed to the "Installation type" titled window, select the "Something else" option, and click on the "Contiue" button.
10. Select each of boot partition, root volume, and home volume, then make changes (such as file system type and mount point) appropriately.
11. Click on the "Install Now" button, and proceed to the end of installation.

In a terminal window as root:
12. mount root volume (let's say mounted it to /mnt/lxle14).
13. mount home volume, boot partition, dev directory, sys directory, and proc directory at appropriate directories under /mnt/lxle14.
14. chroot /mnt/lxle14
15. create /etc/crypttab.
16. update-initramfs -u (or you may try update-initramfs -k all -c -v)
17. You may run update-grub
18. exit chroot, dismounts, and reboot system.

Warm regards,
lxlerty

lxle

Selecting and or checking encrypt home during install proves troublesome and encrypting home after install works best. If you are having initramfs issues during boot of the live media more than likely its a bad burn or a flaky usb stick, which strangely is almost always solved with formatting your usb to fat16, odd but works, outside of that the installers are exactly the same as Lubuntu and should perform as such. One rule of thumb I always practice with any install of any OS is limit the number of variables. In other words I check nothing, no updates, no media codecs (not needed anyway), no encryption, no automatic login, nada, nothing. I found this works best with any OS and then I configure as I see fit once I have a successful install.

famewolf

I can see that working in most cases but how do you encrypt the whole drive AFTER install?

lxle

http://askubuntu.com/questions/257339/installing-ubuntu-with-full-disk-encryption-including-encrpyted-boot-on-i-usb-pe

http://askubuntu.com/questions/131704/im-so-confused-about-full-disk-encryption-help

https://duckduckgo.com/?q=encrypt+drive+after+install+site:ubuntuforums.org,forums.linuxmint.com,kubuntuforums.net,askubuntu.com,forum.backbox.org,trisquel.info,lxle.net,zoringroup.com,forums.bodhilinux.com,forum.pinguyos.com,peppermintos.net,linuxdistrocommunity.com,pearlinux.org,wiki.ubuntu.com,launchpad.net,help.ubuntu.com&t=lxle&kp=-1

lxlerty

Thank you for the links as reference.

As I wrote, I could install and use Lubuntu 14 onto encrypted partition by the same way on the same machine. Also, I have succesfully installed different distro (SolydX) by the same way on the different machine before, and have been using it.

I have just compared files under /usr/share/initramfs-tools between LXLE 14.04 and Lubuntu 14.04. And found (interest) differences especially on /usr/share/initramfs-tools/scripts/local-top/cryptroot file, /usr/share/initramfs-tools/hooks/cryptroot file, and /usr/share/initramfs-tools/hooks/udev file. I am aware that those can be not legitimate differences because comparing different versions. But, I think that it may be the start to solve this issue. I will try to dig a little further before giving up and try the way of encrypting partitions after installation as its instruction is found in the link lxle sent.

lxle

If you solve it please post the solution, I'm sure many would benefit from your findings. I am not always able to track down every solution to every problem and need everyones help as much as many of you need mine. :)

famewolf

I'd just like to clarify that the 32 bit version of lxle is 12.04 "revisited" as opposed to lubuntu's 14.04. You might have a closer match comparing lxle 12.04 to lubuntu 12.04. Unless things have changed in last few weeks there is no "lxle 14.04 32 bit" due to issues lxle encountered (something to do with the kernel I believe).

famewolf

I went to the links provided ...bottom line:

Simple answer: No.

Complicated answer:

Encrypting a disk or partition will erase everything currently on
that disk or partition, so to encrypt a disk you also should remove the
contents of the disk. You should make appropriate data backups prior to
starting. Obviously, this means that you should reinstall the system to
use full disk encryption, no other way around. This is because random
data will be written over the entire disk to make more difficult the
recovering of the data.

If you want full volume encryption you either have to have a 2nd hard drive..set it up manually and then transfer the data or do a backup of your lxle root partition, use a lubuntu disc to setup encryption and then restore the lxle data Oddly enough I see plenty of indicators that ubuntu's alternate install disk can be used to setup an encrypted drive but that's not an option for us. At least a few of the posts indicate lubuntu's discs DO work with whole disc encryption while my personal tests seem to indicate lxle's do not. I only recall seeing the whole disc option on lxle's 14.04 though and not on the 12.04.

lxlerty

Time flies! From then, I succeeded to find a way to make 32bit LXLE14 boot up from the (LUKS) encrypted partition, though the hibernation with encrypted swap partition on my machine is not working unfortunately (I think that most likely I need to make change to use swap file rather than swap partition to support secure hibernation with LXLE14 what is based on Lubuntu 12).

> If you solve it please post the solution, I'm sure many would benefit from your findings.
I wrote the brief instructions below with my hope that these might become useful info/help for someone:
1. Boot up system from 32bit LXLE14 revisited LIVE DVD.

In a terminal window:
2. Become root:

sudo -i

3. Create partitions.

Let's say that I have the next partitions:
/dev/sda5: boot partition
/dev/sda6: luks encrypted partition to create logical volumes in order to install 32bit LXLE14.
UUID's of /dev/sda6 : 66666666-6666-6666-6666-666666666666
Additionally let's say I gave the mapping name "crypt_sda6" to the /dev/sda luks encrypted partition

4. Create logical volumes for the system directory, swap area (and the home diectory).

At this point, let's say that the parts of the lsblk command result is appeared like:
└─sda6
└─crypt_sda6 (dm-0)         252:0    0 240G 0 crypt
    ├─volumes-swap (dm-1)   252:1    0     3G 0 lvm   [SWAP]
    ├─volumes-home (dm-2)   252:2    0    30G 0 lvm   /home
    └─volumes-lxle14 (dm-3) 252:3    0    30G 0 lvm   /
(As I wrote above, please note that the hibernation with encrypted swap partition on my machine does not work.)

Minimize all opened windows and click on the icon for LXLE14 installation at desktop.
5. Install lxle 14 to the volumes-lxle14 logical volume.

Just normal stuff; also don't forget to specify volumes-swap and volumes-home logical volumes.
At the end of the installation, do not allow to reboot.

Back to the opened terminal window:
6. Mount the /dev/mapper/volumes-lxle14 logical volume (where the LXLE14 system was installed onto) to /mnt/lxle14 directory.

Then mount the followings:
/dev/sda5 to /mnt/lxle14/boot
/dev/mapper/volumes-home to /mnt/lxle14/home
/dev to /mnt/lxle14/dev
/proc to /mnt/lxle14/proc
/sys to /mnt/lxle14/sys

7. Create /etc/crypttab file with content like:

crypt_sda6 UUID=66666666-6666-6666-6666-666666666666 none luks

8. Create /usr/share/initramfs-tools/conf-hooks.d/forcecryptsetup file with next content:

export CRYPTSETUP=y

9. Create /usr/share/initramfs-tools/conf.d/cryptroot file with content like:

target=crypt_sda6,source=UUID=66666666-6666-6666-6666-666666666666,key=none,rootdev,lvm=volumes-lxle14
target=crypt_sda6,source=UUID=66666666-6666-6666-6666-666666666666,key=none,lvm=volumes-swap
target=crypt_sda6,source=UUID=66666666-6666-6666-6666-666666666666,key=none,lvm=volumes-home

10. chroot /mnt/lxle14
11. apt-get install -y cryptsetup lvm2
(12. update-initramfs -u
The execution of the apt-get install command at the step 11 above also performs running update-initramfs; so this is not necessary if the cryptsetup and the lvm2 packages have not been installed on the installed LXLE14 system and if you do not change neither of /etc/crypttab, /usr/share/initramfs-tools/conf-hooks.d/forcecryptsetup, nor /usr/share/initramfs-tools/conf.d/cryptroot files after you run the apt-get install command.)
13. exit from root.

14. reboot system.

Howdy, Stranger!

Categories