Skip to main content

Convincing a fresh Debian Etch with LVM over dm_crypt over RAID 1 to boot

When I tried to first install Debian a few years ago I could not even make the X-Server run which frustrated me and made me stick with Windows at that time. For quite some time I feel that Debian seriously deserves a second chance so I tried one more time a few days ago... and in the end succeeded. So a few days ago I tried to install Debian again which could have been a great experience if there weren't these little things you stumble over everywhere in computing that take you hours to get right... sigh. In this case the command line installer of Debian Etch did a great job on letting me configure my desired not-that-trivial hard disc setup: 2 discs, each with two RAID 1 partitions, a small one for an unencrypted /boot folder and a big one for a single dm_crypt device holding all other partitions managed by LVM. So while the installer made configuring this setup comfortable and fast (much faster than the installgui version, speaking of delays between pages) it failed to make my system boot after. So after hours of trying to figure how to make this work, re-compressing the initrd image again and again I finally got the important hint from a friend of mine which involved adding a /conf/conf.d/cryptsetup file to the image. I found a way now how to achieve the same effect even without touching the initrd image, by adjusting Grub's menu.lst instead. The parameters to add look like this (adjust if copying!):

  • md1_crypt is the basename of the unencrypted device — this will end up as /dev/mapper/md1_crypt
  • keys=none means using Luks
  • one-root is a composition of my volume group "one" and the partition "root" inside

So my current Grub entry (with a testing kernel ater updating) looks like this (adjust if copying!):

title Debian GNU/Linux, kernel 2.6.22-3-686 root (hd0,0)
kernel /vmlinuz-2.6.22-3-686 root=/dev/mapper/one-root
  cryptopts=target=md1_crypt,source=/dev/md1,keys=none,lvm=one-root ro
initrd /initrd.img-2.6.22-3-686 savedefault

PS: There is a article describing how to fix this problem while the installer is running. Contrary to that my fix is useful to people running into this problem after the installer has finished.