For my new work notebook I am aiming for a setup with Debian and Gentoo side
by side. I installed Gentoo first and went for adding Debian today. For a
notebook I want full disk encyrption of course and my plans were to use one
big dm-crypt container for everything except
/boot. Interestingly, the
installer of Debian testing/wheezy does not support installing into an
existing crypt container out of the box, not even when run in expert mode.
There is an outstanding grave functionality bug titled "allow to 'reuse'
about it where Frans Pop states:
It is actually possible to reuse existing encrypted LVM volumes by following the procedure documented on  just before starting the partitioner.  http://wiki.debian.org/DebianInstaller/Rescue/Crypto
The hint about "before starting the partitioner" is the most helpful bit about
it. The guide he points to is not specific to the Debian installer, misses to
vgscan and is an immutable page so i cannot improve it easily. To
summarize, this is what worked for me (no warrenties!):
- When it comes to disk partitioning before picking "manual" switch to another terminal, e.g. <Ctrl>+<Alt>+<F2>, <Return>.
- Open the Luks container using
cryptsetup luksOpen /dev/ foo foo_crypt
vgscanto detect the LVM volume group inside (
lvdisplayalone will not do)
vgchange -a y foo_cryptto activate all logical volumes
- Switch back to the installer terminal by pressing
+ + (which will list LVM your current LVM volumes now)
- Follow the installtion as usual but stop before rebooting
- On the second shell edit
/etc/crypttabto have a line
/dev/foo foo_crypt none hash=sha1so the crypt container is actually opened by the initramfs. Rather than "sha1" you may want to pick whatever
cryptsetup luksDump /dev/foo | fgrep -i hashproduced.
That's it. Got any corrections or extensions to this post? Please comment below.