| 1 |
On Tue, Mar 08, 2016 at 02:03:27PM -0800, Willie Matthews wrote: |
| 2 |
> On 03/08/2016 01:41 PM, Frank Steinmetzger wrote: |
| 3 |
> > Hi folks |
| 4 |
> > |
| 5 |
> > I’m trying to follow an article¹ on setting up a fully encrypted system for |
| 6 |
> > my soon-to-arrive laptop. It and others (e.g. ² in a very condensed form) |
| 7 |
> > simply luksFormat a block device, then luksOpen it and run pvcreate on that. |
| 8 |
> > [...] |
| 9 |
> If I am not mistaken you have to create a partition on the drive before |
| 10 |
> you can use "pvcreate /dev/sda1". |
| 11 |
|
| 12 |
Please look again: I run pvcreate on a LUKS container, not a partition. ;) |
| 13 |
The container itself resides on the first GPT partition of the SSD. |
| 14 |
|
| 15 |
In condensed form, I did what ² in my OP was saying: |
| 16 |
parted -s /dev/sda mklabel msdos |
| 17 |
parted -s /dev/sda mkpart primary 2048s 100% |
| 18 |
cryptsetup luksFormat /dev/sda1 |
| 19 |
cryptsetup luksOpen /dev/sda1 lvm |
| 20 |
pvcreate /dev/mapper/lvm |
| 21 |
-- poof -- |
| 22 |
(only I used GPT instead of MSDOS because of UEFI) |
| 23 |
|
| 24 |
> If you would like to get rid of the /run/lvm/lvmetad.socket error just |
| 25 |
> start lvm with "service lvm start". I still get the error when starting |
| 26 |
> up but it still works. |
| 27 |
|
| 28 |
I noticed that and quickly found /etc/init.d/lvmetad, but since I'm doing |
| 29 |
only the setup on this PC, I don't realler bother. |
| 30 |
|
| 31 |
> I used your first link to do a full encrypted secure boot install of |
| 32 |
> Gentoo. |
| 33 |
> (https://wiki.gentoo.org/wiki/Sakaki%27s_EFI_Install_Guide/Preparing_the_LUKS-LVM_Filesystem_and_Boot_USB_Key). |
| 34 |
> It works like a charm. |
| 35 |
|
| 36 |
Good to know. |
| 37 |
|
| 38 |
> If you don't want to use a USB key to boot every time make sure you make |
| 39 |
> a small partition on the drive to hold all the information for your |
| 40 |
> encryption and secure boot files. I made that mistake and it took a |
| 41 |
> while to fix. |
| 42 |
|
| 43 |
I keep an ESP at the end of the SSD of ~700 megs. That way I can also keep a |
| 44 |
sysrescuecd ISO around. (Sort of the Gentoo way of a recovery partition ^^ ). |
| 45 |
|
| 46 |
Cheers. |
| 47 |
|
| 48 |
-- |
| 49 |
Gruß | Greetings | Qapla’ |
| 50 |
Please do not share anything from, with or about me with any social network. |
| 51 |
|
| 52 |
Shut up, I see something! |
Archives