Posted on • Edited on • Originally published atmrkc.me
Encryption with a Funky Partition Layout
Note: to see how I setup LVM with caching, check out myprevious post.
I recently ran into some trouble with the system while mucking around and decided to take the opportunity to restructure my partitioning layout and do a full OS reinstall; this time with full disk encryption (except/boot
). Suffice it to say, the Fedora installer is fairly flexible, but not nearly enough to support a mix of mdadm, LUKS, and LVM.
Before I tell you–roughly–how I did it, here are the results:
NAME MAJ:MIN RM SIZE RO TYPE MOUNTPOINTsda 8:0 0 447.1G 0 disk├─sda1 8:1 0 512M 0 part /boot└─sda2 8:2 0 446.6G 0 part ├─vg_SIIIKE-root 253:0 0 59.6G 0 lvm │ └─luks-SIIIIIIIIIIIIIIIIIIIIIIIIIIIIIIIIIKE 253:3 0 59.6G 0 crypt / ├─vg_SIIIKE-lv_swap 253:1 0 14.9G 0 lvm │ └─luks-SIIIIIIIIIIIIIIIIIIIIIIIIIIIIIIIIIKE 253:2 0 14.9G 0 crypt [SWAP] └─vg_SIIIKE-home 253:4 0 372.1G 0 lvm └─luks-SIIIIIIIIIIIIIIIIIIIIIIIIIIIIIIIIIKE 253:9 0 372.1G 0 crypt /homesdb 8:16 0 119.2G 0 disk└─sdb1 8:17 0 119.2G 0 part ├─vg_SIIIKE-lv_var_cache_cdata 253:5 0 115G 0 lvm │ └─vg_SIIIKE-lv_var 253:8 0 1.8T 0 lvm │ └─luks-SIIIIIIIIIIIIIIIIIIIIIIIIIIIIIIIIIKE 253:10 0 1.8T 0 crypt /var └─vg_SIIIKE-lv_var_cache_cmeta 253:6 0 1G 0 lvm └─vg_SIIIKE-lv_var 253:8 0 1.8T 0 lvm └─luks-SIIIIIIIIIIIIIIIIIIIIIIIIIIIIIIIIIKE 253:10 0 1.8T 0 crypt /varsdc 8:32 0 1.8T 0 disk└─md0 9:0 0 1.8T 0 raid1 └─vg_SIIIKE-lv_var_corig 253:7 0 1.8T 0 lvm └─vg_SIIIKE-lv_var 253:8 0 1.8T 0 lvm └─luks-SIIIIIIIIIIIIIIIIIIIIIIIIIIIIIIIIIKE 253:10 0 1.8T 0 crypt /varsdd 8:48 0 1.8T 0 disk└─md0 9:0 0 1.8T 0 raid1 └─vg_SIIIKE-lv_var_corig 253:7 0 1.8T 0 lvm └─vg_SIIIKE-lv_var 253:8 0 1.8T 0 lvm └─luks-SIIIIIIIIIIIIIIIIIIIIIIIIIIIIIIIIIKE 253:10 0 1.8T 0 crypt /var
To clarify, I have an SSD with/
,/home
, andswap
on it and a software RAID-1 set with an SSD as a caching layer in front of it. The partitions (sda2
,sdb1
, andmd0
) are all physical volumes in the same volume group. I simply created logical volumes in that volume group and directed that they reside on certain physical volumes (such a handy feature). Then it was simply a matter of encrypting them with LUKS, configuringcrypttab
, and configuringfstab
.
Unfortunately, you can accomplish very few of these tasks in the Fedora Desktop installer. I initially tried to configure everything outside of the installer hoping that it would get the hint and leave everything alone. The problem there is that the Workstation version doesn't know how to handle software RAID sets properly. I tried using the Server version but it did its own munging of things by making certain assumptions about how I wanted to do LVM.
In the end, since really only/var
was going to be special, I decided to install everything on the primary SSD then after the installation configure the/var
volumes and migrate the newly installed/var
over to its new home. This worked better than expected and other than having to bootsingle
to fix a fat-fingeredfstab
everything booted right up.
While I don't think the Fedora installers need the ability to generate arbitrary partitioning schemes, it would be nice to have some sort of "I know what I'm doing please leave my partitions alone" mode.
Top comments(0)
For further actions, you may consider blocking this person and/orreporting abuse