Entries tagged as LVM
Tuesday, May 15. 2007
Full disk encryption with LUKS on new notebook
Maybe most of you know, that I prefer a Unix like system. So it is obvious GNU/Linux find its way on my new notebook as the preferred OS. Nowadays encryption of your data gets more and more important, not only on portable devices but on these they are a must. For me it was clear that I need a full disk encryption for my GNU/Linux system.
Let’s look at the starting position:
Another possibility is to setup a LVM in ”/dev/sda3” and encrypt all filesystems in the logical volumes, but with this setup I loose most of the flexibility of the LVM, so this possibility is not preferred.
But how to achieve the encryption?
There are several possible solutions:
Okay AES-loopback devices are a bit outdated and Truecrypt is usable for partitions or filesystems in files but it is not design for encryption of a root filesystem. LUKS seems to be the right solution for my problem.
I used this HowTo and adopted it to my needs.
At first I filled the partition ”/dev/sda3” which will be encrypted with random data. This makes sense because this way you can not easily assume where the real data ends. The tool I used for the procedure was shred:
Then I created the encrypted device and opened it:
Now I installed the LVM with some logical volumes and filesystem:
Now I installed my GNU/Linux system with a kernel including LVM and crypt support.
Then I needed the possibility to boot this system and I mentioned earlier that I want to use a boot-partition at ”/dev/sda2” for the kernel image (bzImage), the initial ramdisk (initrd) and grub. But it is also possible to use an usb-device to make it even more secure.
Initial ramdisk aka initrd
To install grub and to create the kernel image was not that difficult but we still need the initrd for mounting the encrypted device and activating the LVM. Good to know that my meta-distribution Gentoo offers the tool genkernel which can create initrds with LUKS and LVM support. I only edited the linuxrc because I need a german keymap and added the following section before “startLUKS”:
And I commented “startVolumes” because this is also done by “startLUKS”. Then the initrd was created by genkernel:
At last I created the grub configuration:
That’s it! And it works fine ;-)
Let’s look at the starting position:
- /dev/sda1: Windows partition
- /dev/sda2: /boot
- /dev/sda3: encrypted partition including a LVM with all needed logical volumes for ”/”, ”/home”, swap, etc. pp.
Another possibility is to setup a LVM in ”/dev/sda3” and encrypt all filesystems in the logical volumes, but with this setup I loose most of the flexibility of the LVM, so this possibility is not preferred.
But how to achieve the encryption?
There are several possible solutions:
- a AES-loopback device
- Truecrypt
- and yes: Linux Unified Key Setup (LUKS)
Okay AES-loopback devices are a bit outdated and Truecrypt is usable for partitions or filesystems in files but it is not design for encryption of a root filesystem. LUKS seems to be the right solution for my problem.
I used this HowTo and adopted it to my needs.
At first I filled the partition ”/dev/sda3” which will be encrypted with random data. This makes sense because this way you can not easily assume where the real data ends. The tool I used for the procedure was shred:
shred -v -n 1 /dev/sda3Then I created the encrypted device and opened it:
cryptsetup -c aes-cbc-essiv:sha256 luksFormat /dev/sda3
cryptsetup luksOpen /dev/sda3 decryptedsda3Now I installed the LVM with some logical volumes and filesystem:
# create a physical volume
pvcreate /dev/mapper/decryptedsda3
# create a volume group
vgcreate vg0 /dev/mapper/decryptedsda3
# scan for volume groups and activate them
vgscan --mknodes
vgchange -ay
# create a logical volumes for "/", swap, "/home"
lvcreate -L20G -n root vg0
lvcreate -L256M -n swap vg0
lvcreate -L60G -n home vg0
# create ext3-filesystems and swap
mke2fs -j /dev/vg0/root
mke2fs -j /dev/vg0/home
mkswap /dev/vg0/swapNow I installed my GNU/Linux system with a kernel including LVM and crypt support.
Then I needed the possibility to boot this system and I mentioned earlier that I want to use a boot-partition at ”/dev/sda2” for the kernel image (bzImage), the initial ramdisk (initrd) and grub. But it is also possible to use an usb-device to make it even more secure.
Initial ramdisk aka initrd
To install grub and to create the kernel image was not that difficult but we still need the initrd for mounting the encrypted device and activating the LVM. Good to know that my meta-distribution Gentoo offers the tool genkernel which can create initrds with LUKS and LVM support. I only edited the linuxrc because I need a german keymap and added the following section before “startLUKS”:
# Setup german keymap
good_msg "Loading the ''de'' keymap"
[ ! -e /dev/tty0 ] && ln -s /dev/tty1 /dev/tty0
loadkmap < /lib/keymaps/de.map
mkdir -p /etc/sysconfig
echo "XKEYBOARD=de" > /etc/sysconfig/keyboardAnd I commented “startVolumes” because this is also done by “startLUKS”. Then the initrd was created by genkernel:
genkernel --luks --lvm2 --linuxrc= initrd At last I created the grub configuration:
# For booting GNU/Linux
title Gentoo GNU/Linux
root (hd0,1)
kernel /boot/bzImage root=/dev/ram0 init=/linuxrc ramdisk=8192 crypt_root=/dev/sda3 real_root=/dev/vg0/root nodetect dolvm2
initrd /boot/initrdThat’s it! And it works fine ;-)
Monday, July 31. 2006
LVM2
Inspired by my new Fedora Core 5 Installation on my notebook. I wanted to know what is about LVM.
Okay first have a look at the common way. Normally harddrives are partitioned to one or more parts for e.g. root, swap and home partitions. These partitions are direktly bound to the physical diskspace. But this attempt to organize data on harddrives is not very flexible and it is not easy to resize the partitions if your requirements change.
The short description of LVM (Logical Volume Management) is that LVM provides a logical view of the diskspace and hides how it is really organized under the hood.
How does it work?
First there are Physical Volumes (PV) which are on partitions or hole disks. These PVs are split into many small extents with the same size and are called Physical Extents (PE). Now the PVs are added to a Volume Group (VG). The entire diskspace provided by the PVs are now available in the VG and it is possible to create Logical Volumes (LV). These LVs are also spilt into many small extents with the same size like the PEs and called Logical Extents (LE). The LEs are assigned to PEs but it is possible to move data from one PE to another and then the associated LE will be assigned to the other PE.
Now the LVs can contain filesystems for the system, e.g. for root, swap, home, etc. pp.
Okay, it is obvious that LVM delivers a flexible way to manage the diskspace and it is easy to resize the LVs to the requirements. And if no diskspace is left it is possible to attach a new harddrive and add it to the VG and resize the LVs to the desired size.
And because I liked it, I installed LVM on my desktop
My system is a dual-boot system with Gentoo GNU/Linux and Windows XP and it has two harddrives.
Windows can not work together with LVM, so it got two partitions one for the system and one for files and it is enough space left on that harddrive for another partitions which is used for a PV.
Linux needs the kernel to start and it is needed that the VG is activated before the system can be loaded if the root-filesystem ”/” is also managed by LVM. Okay a small partition for the boot-filesystem ”/boot” (about 100 megabyte) is needed. Further an initial ramdisk for the activation of the VG is needed.
The rest of the disk is partitioned for a PV.
To create a VG and some LVs was easy. But now an initial ramdisk must be created. Because I use Gentoo genkernel does the trick for me.
Conclusion
It works without any problem and I got to know how easy it is to resize LVs because I had to do it.
And LVM has many many features more, like Snapshots etc. pp.
More infos about LVM.
Okay first have a look at the common way. Normally harddrives are partitioned to one or more parts for e.g. root, swap and home partitions. These partitions are direktly bound to the physical diskspace. But this attempt to organize data on harddrives is not very flexible and it is not easy to resize the partitions if your requirements change.
The short description of LVM (Logical Volume Management) is that LVM provides a logical view of the diskspace and hides how it is really organized under the hood.
How does it work?
First there are Physical Volumes (PV) which are on partitions or hole disks. These PVs are split into many small extents with the same size and are called Physical Extents (PE). Now the PVs are added to a Volume Group (VG). The entire diskspace provided by the PVs are now available in the VG and it is possible to create Logical Volumes (LV). These LVs are also spilt into many small extents with the same size like the PEs and called Logical Extents (LE). The LEs are assigned to PEs but it is possible to move data from one PE to another and then the associated LE will be assigned to the other PE.
Now the LVs can contain filesystems for the system, e.g. for root, swap, home, etc. pp.
Okay, it is obvious that LVM delivers a flexible way to manage the diskspace and it is easy to resize the LVs to the requirements. And if no diskspace is left it is possible to attach a new harddrive and add it to the VG and resize the LVs to the desired size.
And because I liked it, I installed LVM on my desktop
My system is a dual-boot system with Gentoo GNU/Linux and Windows XP and it has two harddrives.
Windows can not work together with LVM, so it got two partitions one for the system and one for files and it is enough space left on that harddrive for another partitions which is used for a PV.
Linux needs the kernel to start and it is needed that the VG is activated before the system can be loaded if the root-filesystem ”/” is also managed by LVM. Okay a small partition for the boot-filesystem ”/boot” (about 100 megabyte) is needed. Further an initial ramdisk for the activation of the VG is needed.
The rest of the disk is partitioned for a PV.
To create a VG and some LVs was easy. But now an initial ramdisk must be created. Because I use Gentoo genkernel does the trick for me.
Conclusion
It works without any problem and I got to know how easy it is to resize LVs because I had to do it.
And LVM has many many features more, like Snapshots etc. pp.
More infos about LVM.
(Page 1 of 1, totaling 2 entries)
