| 1 |
On 03/08/2016 03:02 PM, Frank Steinmetzger wrote: |
| 2 |
> On Tue, Mar 08, 2016 at 02:03:27PM -0800, Willie Matthews wrote: |
| 3 |
>> On 03/08/2016 01:41 PM, Frank Steinmetzger wrote: |
| 4 |
>>> Hi folks |
| 5 |
>>> |
| 6 |
>>> I’m trying to follow an article¹ on setting up a fully encrypted system for |
| 7 |
>>> my soon-to-arrive laptop. It and others (e.g. ² in a very condensed form) |
| 8 |
>>> simply luksFormat a block device, then luksOpen it and run pvcreate on that. |
| 9 |
>>> [...] |
| 10 |
>> If I am not mistaken you have to create a partition on the drive before |
| 11 |
>> you can use "pvcreate /dev/sda1". |
| 12 |
> |
| 13 |
> Please look again: I run pvcreate on a LUKS container, not a partition. ;) |
| 14 |
> The container itself resides on the first GPT partition of the SSD. |
| 15 |
> |
| 16 |
> In condensed form, I did what ² in my OP was saying: |
| 17 |
> parted -s /dev/sda mklabel msdos |
| 18 |
> parted -s /dev/sda mkpart primary 2048s 100% |
| 19 |
> cryptsetup luksFormat /dev/sda1 |
| 20 |
> cryptsetup luksOpen /dev/sda1 lvm |
| 21 |
> pvcreate /dev/mapper/lvm |
| 22 |
> -- poof -- |
| 23 |
> (only I used GPT instead of MSDOS because of UEFI) |
| 24 |
> |
| 25 |
>> If you would like to get rid of the /run/lvm/lvmetad.socket error just |
| 26 |
>> start lvm with "service lvm start". I still get the error when starting |
| 27 |
>> up but it still works. |
| 28 |
> |
| 29 |
> I noticed that and quickly found /etc/init.d/lvmetad, but since I'm doing |
| 30 |
> only the setup on this PC, I don't realler bother. |
| 31 |
> |
| 32 |
>> I used your first link to do a full encrypted secure boot install of |
| 33 |
>> Gentoo. |
| 34 |
>> (https://wiki.gentoo.org/wiki/Sakaki%27s_EFI_Install_Guide/Preparing_the_LUKS-LVM_Filesystem_and_Boot_USB_Key). |
| 35 |
>> It works like a charm. |
| 36 |
> |
| 37 |
> Good to know. |
| 38 |
> |
| 39 |
>> If you don't want to use a USB key to boot every time make sure you make |
| 40 |
>> a small partition on the drive to hold all the information for your |
| 41 |
>> encryption and secure boot files. I made that mistake and it took a |
| 42 |
>> while to fix. |
| 43 |
> |
| 44 |
> I keep an ESP at the end of the SSD of ~700 megs. That way I can also keep a |
| 45 |
> sysrescuecd ISO around. (Sort of the Gentoo way of a recovery partition ^^ ). |
| 46 |
> |
| 47 |
> Cheers. |
| 48 |
> |
| 49 |
|
| 50 |
What does pvdisplay printout? |
| 51 |
|
| 52 |
-- |
| 53 |
|
| 54 |
Willie Matthews |
| 55 |
matthews.willie80@×××××.com |
| 56 |
(702) 659-9966 |
Archives