Installing Debian to an existing dm-crypt container
For my new work notebook I am aiming for a setup with Debian and Gentoo side
by side. I installed Gentoo first and went for adding Debian today. For a
notebook I want full disk encyrption of course and my plans were to use one
big dm-crypt container for everything except /boot
. Interestingly, the
installer of Debian testing/wheezy does not support installing into an
existing crypt container out of the box, not even when run in expert mode.
There is an outstanding grave functionality bug titled "allow to 'reuse'
encrypted volumes"
about it where Frans Pop states:
It is actually possible to reuse existing encrypted LVM volumes by following the procedure documented on [1] just before starting the partitioner. [1] http://wiki.debian.org/DebianInstaller/Rescue/Crypto
The hint about "before starting the partitioner" is the most helpful bit about
it. The guide he points to is not specific to the Debian installer, misses to
mention vgscan
and is an immutable page so i cannot improve it easily. To
summarize, this is what worked for me (no warrenties!):
- When it comes to disk partitioning before picking "manual" switch to another terminal, e.g. <Ctrl>+<Alt>+<F2>, <Return>.
- Open the Luks container using
cryptsetup luksOpen /dev/ foo foo_crypt
- Run
vgscan
to detect the LVM volume group inside (lvdisplay
alone will not do) - Run
vgchange -a y foo_crypt
to activate all logical volumes - Switch back to the installer terminal by pressing
+ + (which will list LVM your current LVM volumes now) - Follow the installtion as usual but stop before rebooting
- On the second shell edit
/etc/crypttab
to have a line/dev/foo foo_crypt none hash=sha1
so the crypt container is actually opened by the initramfs. Rather than "sha1" you may want to pick whatevercryptsetup luksDump /dev/foo | fgrep -i hash
produced.
That's it. Got any corrections or extensions to this post? Please comment below.