Rootfs over encrypted lvm over raid-1 on GPT

From Funtoo Linux
Revision as of 19:24, 19 November 2010 by Init 6 (Talk)

(diff) ← Older revision | Latest revision (diff) | Newer revision → (diff)
Jump to: navigation, search

This howto describes how to setup LVM and rootfs with cryptoLUKS-encrypted raid-1 over drive with GPT

Contents

Rootfs over encrypted lvm over raid-1 on GPT

To start read Rootfs over encrypted lvm

How to prepare the hard disk for GPT read Funtoo GPT Partition and GRUB Boot Guide For example, installing a new system on /dev/sdb Be careful ;) I warned you! 

[root@localhost ~]# gdisk -l /dev/sdb
GPT fdisk (gdisk) version 0.6.13

Partition table scan:
  MBR: protective
  BSD: not present
  APM: not present
  GPT: present

Found valid GPT with protective MBR; using GPT.
Disk /dev/sdb: 625142448 sectors, 298.1 GiB
Logical sector size: 512 bytes
Disk identifier (GUID): 67AC0F92-E033-4B53-B6C5-D99DD8F49D90
Partition table holds up to 128 entries
First usable sector is 34, last usable sector is 625142414
Partitions will be aligned on 2048-sector boundaries
Total free space is 3038 sectors (1.5 MiB)

Number  Start (sector)    End (sector)  Size       Code  Name
   1            2048          206847   100.0 MiB   0700  Linux/Windows data
   2          206848          207871   512.0 KiB   EF02  BIOS boot partition
   3          208896       625142414   298.0 GiB   FD00  Linux RAID

If you plan to use a raid-1 for installing only one partichion (/dev/sdb3 in example) and, if successful, add to the mirror more so make 

mdadm --create /dev/md0 --level=1 --raid-devices=2 missing /dev/sdb3

Or 

mdadm --create /dev/md0 --level=1 --raid-devices=2 /dev/sda3 /dev/sdb3

Encrypting the raid-1 

cryptsetup -c aes-xts-plain luksFormat /dev/md0
cryptsetup luksOpen /dev/md0 dmcrypt_root

Further, all the same as here… The differences begin with the "Initramfs setup and configuration"

To activate the raid-1 during boot to perform: 

echo "Activating RAID device."
if [ ! -e '/etc/mdadm.conf' ]
then
	echo "DEVICE /dev/sda[0-9] /dev/sdb[0-9] /dev/md[0-9]" > /etc/mdadm.conf
	mdadm --examine --scan --config=/etc/mdadm.conf  >> /etc/mdadm.conf
	mdadm --assemble --scan
fi

Or use better-initramfs fork with raid-1 mdadm support 

git clone git://github.com/init6/initramfs.git

Grub2 configuration

Importantly do not forget 
enc_root=/dev/md0

Additional links

Retrieved from "http://www.funtoo.org/index.php?title=Rootfs_over_encrypted_lvm_over_raid-1_on_GPT&oldid=2673"
Personal tools
Namespaces

Variants
Actions
Categories
Toolbox
Stuff