Encrypted Trisquel 10 on RAID1

16 replies [Last post]
amuza
Offline
Joined: 02/12/2018

Hello!

I am trying to have a computer running a full-disk encryption Trisquel 10 on top of RAID1. (Well, I guess I could also be happy without having the boot partition encrypted.)

I don't mind how the mirror is done (mdadm, ZFS, BTRFS...).

I found the following instructions for Ubuntu 20.04, I liked them and started to follow them:
https://mutschler.eu/linux/install-guides/ubuntu-btrfs-raid1-20-04/

I have successfully completed steps 1 and 2 of that guide. On step 3 I am supposed to edit the following files:

/usr/lib/partman/mount.d/70btrfs
/usr/lib/partman/fstab.d/btrfs

but I cannot find them. I cannot find their parent or grandparent directories either. Why?

I'd be happy to get some help to go on with the mentioned guide or to follow any other step-by-step method to have an encrypted Trisquel 10 on RAID1.

Thank you!

amuza
Offline
Joined: 02/12/2018

I found the files and edited them, but they were no into /usr but directly at

/lib/partman/mount.d/70btrfs
/lib/partman/fstab.d/btrfs

Now I am at Step 4. I run the installer (ubiquity --no-bootloader), I edit the partition options at "Something Else". When I am done I click the "Install Now" button and get the following weird error:

"Identical mount points for two file systems (as superuser)

Two file systems are assigned the same mount point (/): Encrypted volume (crypt_sda) and Encrypted volume (crypt_sda).

Please correct this by changing mount points."

As the message says, I only have one mount point (/) for crypt_sda. I don't understand what the problem is, it looks like a bug.

Avron

I am a translator!

Offline
Joined: 08/18/2020

Can you show the partition tables and volume details of both disks, with sudo fdisk -l and lsblk?

Also, perhaps ubiquity in Trisquel 10 iso does not work exactly like in Ubuntu 20.04 iso. You could try making the btrfs file system from ubiquity to see what happens.

amuza
Offline
Joined: 02/12/2018

Thank you.

I have tree disks: sda, sdb, sdc.
I do not want to use sda for the time being.
I am running Trisquel10 from a live USB.
I want to do RAID1 with sdb and sdc. I want to install encrypted Trisquel there (as the root partition).

In my previous message, please replace "crypt_sda" for "crypt_sdb" in the error message.

root@trisquel:~# lsblk
NAME MAJ:MIN RM SIZE RO TYPE MOUNTPOINT
loop0 7:0 0 2.6G 1 loop /rofs
sda 8:0 0 111.8G 0 disk
sdb 8:16 0 465.8G 0 disk
├─sdb1 8:17 0 512M 0 part
├─sdb2 8:18 0 4G 0 part
└─sdb3 8:19 0 461.3G 0 part
└─crypt_sdb 253:0 0 461.3G 0 crypt
sdc 8:32 0 477G 0 disk
├─sdc1 8:33 0 512M 0 part
├─sdc2 8:34 0 4G 0 part
└─sdc3 8:35 0 461.3G 0 part
└─crypt_sdc 253:1 0 461.3G 0 crypt
sdd 8:48 1 7.2G 0 disk
├─sdd1 8:49 1 2.7G 0 part /cdrom
├─sdd2 8:50 1 1M 0 part
└─sdd3 8:51 1 4.6G 0 part /var/log

root@trisquel:~# mkfs.btrfs /dev/mapper/crypt_sdb
btrfs-progs v5.4.1
See http://btrfs.wiki.kernel.org for more information.
Detected a SSD, turning off metadata duplication. Mkfs with -m dup if you want to force metadata duplication.
Label: (null)
UUID: 1a322821-64d5-4578-8199-18601b1d9342
Node size: 16384
Sector size: 4096
Filesystem size: 461.70GiB
Block group profiles:
Data: single 8.00MiB
Metadata: single 8.00MiB
System: single 4.00MiB
SSD detected: yes
Incompat features: extref, skinny-metadata
Checksum: crc32c
Number of devices: 1
Devices:
ID SIZE PATH
1 461.70GiB /dev/mapper/crypt_sdb

root@trisquel:~# fdisk -l
Disk /dev/loop0: 2.59 GiB, 2764759040 bytes, 5399920 sectors
Units: sectors of 1 * 512 = 512 bytes
Sector size (logical/physical): 512 bytes / 512 bytes
I/O size (minimum/optimal): 512 bytes / 512 bytes
Disk /dev/sda: 111.81 GiB, 120034123776 bytes, 234441648 sectors
Disk model: BT58SSD07S
Units: sectors of 1 * 512 = 512 bytes
Sector size (logical/physical): 512 bytes / 512 bytes
I/O size (minimum/optimal): 512 bytes / 512 bytes
Disklabel type: gpt
Disk identifier: 8782CD44-FD18-8C4E-AD3A-4DE84885935B
Disk /dev/sdb: 465.78 GiB, 500107862016 bytes, 976773168 sectors
Disk model: WDC WDS500G2B0A
Units: sectors of 1 * 512 = 512 bytes
Sector size (logical/physical): 512 bytes / 512 bytes
I/O size (minimum/optimal): 512 bytes / 512 bytes
Disklabel type: gpt
Disk identifier: AE739F27-C6DD-438C-B19C-A9B2C3E0C704
Device Start End Sectors Size Type
/dev/sdb1 2048 1050623 1048576 512M Linux filesystem
/dev/sdb2 1050624 8388607 7337984 3.5G Linux filesystem
/dev/sdb3 8388608 976643685 968255078 461.7G Linux filesystem
Disk /dev/sdc: 476.96 GiB, 512110190592 bytes, 1000215216 sectors
Disk model: DOGFISH SSD 512G
Units: sectors of 1 * 512 = 512 bytes
Sector size (logical/physical): 512 bytes / 512 bytes
I/O size (minimum/optimal): 512 bytes / 512 bytes
Disklabel type: gpt
Disk identifier: 9CF9A8A8-F744-4A4C-9353-9D5F74AED037
Device Start End Sectors Size Type
/dev/sdc1 2048 1050623 1048576 512M Linux filesystem
/dev/sdc2 1050624 8388607 7337984 3.5G Linux filesystem
/dev/sdc3 8388608 976643685 968255078 461.7G Linux filesystem
Disk /dev/sdd: 7.23 GiB, 7759462400 bytes, 15155200 sectors
Disk model: TransMemory
Units: sectors of 1 * 512 = 512 bytes
Sector size (logical/physical): 512 bytes / 512 bytes
I/O size (minimum/optimal): 512 bytes / 512 bytes
Disklabel type: dos
Disk identifier: 0x58893fb2
Device Boot Start End Sectors Size Id Type
/dev/sdd1 * 0 5608575 5608576 2.7G 0 Empty
/dev/sdd2 332 2379 2048 1M ef EFI (FAT-12/16/32)
/dev/sdd3 5611520 15155199 9543680 4.6G 83 Linux
Disk /dev/mapper/crypt_sdb: 461.71 GiB, 495744502784 bytes, 968250982 sectors
Units: sectors of 1 * 512 = 512 bytes
Sector size (logical/physical): 512 bytes / 512 bytes
I/O size (minimum/optimal): 512 bytes / 512 bytes
Disk /dev/mapper/crypt_sdc: 461.71 GiB, 495744502784 bytes, 968250982 sectors
Units: sectors of 1 * 512 = 512 bytes
Sector size (logical/physical): 512 bytes / 512 bytes
I/O size (minimum/optimal): 512 bytes / 512 bytes

I tried your suggestion. I could only create a logical volume (crypt_sdb1) inside crypt_sdb, I could not change it directly (as crypt_sdb). I proceeded and, when I clicked the "Install Now" button, I got the same error saying that I have identical mount points for two file systems, this time it was mentioning the logical volume.

Avron

I am a translator!

Offline
Joined: 08/18/2020

Everything looks ok.

I'll try to find time tomorrow to try what you did, with an external disk since it would be sufficient for the step where you are having a problem.

As a funny thing, I found nearly the same article at https://reckoning.dev/blog/ubuntu-btrfs-guide/.

The explanations on LUKS version might by the reason why my fully encrypted installs of Trisquel 10 and Debian 11 failed to boot with Grub from osboot.

amuza
Offline
Joined: 02/12/2018

Nice. Thank you!

Oh, yes, I read that luks 1 and 2 thing too.

Avron

I am a translator!

Offline
Joined: 08/18/2020

I have a single USB port that I am sure is reliable and I already have a running Trisquel 10 on my internal SSD that I don't want to trash. So I boot my Trisquel 10 system, install ubiquity using apt on it, and try with an external SSD.

On my external SSD, using parted with the indicated sizes made parted complain that the sizes are not aligned. I ignored the warning and proceeded, when I launched ubiquity, ubiquity showed free space between each partition, which does not look good. I searched how to find good partition sizes, I could not find any proper tool to do the calculations.

Moreover, my current system made by Trisquel 10 installer has a "bios space" and an "efi" partition, size 1MB and 512MB. So I decided to do the initial partitioning from ubiquity (as it probably can calculate proper partition sizes for my disk) and created a new partition table, a 1MB partition as bios space and a 512 MB "efi" partition, then created the swap partition and the partition for the encrypted volume (I declared it as encrypted volume). Then I quit ubiquity and used command line as in the page you linked starting from "cryptsetup luksFormat", before launching ubiquity again.

In ubiquity, I set the btrfs file system as /, the other partitions are already set automatically. I proceeded, ubiquity just warned that I am not "formatting" the btrfs volmue and existing files may create problems (I put quotes because to me, making a file system is not "formatting") but it got to the timezone setting and user info. I had no more time today so I stopped here. But apparently, I don't have the error you had, so perhaps you could try partionning like I did. I'll check tomorrow if I can make a booting system that way.

Stallman rules
Offline
Joined: 08/10/2019

"my current system made by Trisquel 10 installer has a "bios space" and an "efi" partition, size 1MB and 512MB."

mine to.. so i deleted them and made one incrypted partition..

but now.. the boot time is 2,5 minuts..

how can i some how remap the partitions.. so the boot time become faster.. ?

and by the way.. im a complete nob..

can anybody help.. i have been surfing after the solution

but i didn't find it.. :(

disks 1_3_4.png
Magic Banana

I am a member!

I am a translator!

Offline
Joined: 07/24/2010

You can (re)create the partitions using Gparted (a graphical interface to GNU parted) from a live system such as Trisquel's, where Gparted is present by default. I do not know if that will lower your boot time.

Before using GParted, backup the user data (for instance with Back In Time, by default in Trisquel)!

Stallman rules
Offline
Joined: 08/10/2019

thank's magic banana and avron for the tip :)

but the system failed, so i will reinstall..

Avron

I am a translator!

Offline
Joined: 08/18/2020

You can try to recreate the partitions you deleted as suggested by Magic Banana, or just reinstall the whole system. In both cases, backup your data first.

I recommend not to try anything discussed in this thread unless loosing all data on your disk and having to reinstall is not a problem for you.

I don't know any detail of the usage of "bios space" and "efi" partitions but, with such names, they might be essential to the boot process. A reasonable attitude would be to never touch them. Unless you are experimenting and have no problem that everything is lost in your disk and the system on your disk does not boot anymore. More generally, I don't recall I ever deleted any partition, don't do that unless you are sure about what you are doing.

Stallman rules
Offline
Joined: 08/10/2019

i will reinstall ..

but.. why is there a FAT partition in trisQuel 10

in trisQuel 8 there is no FAT partition..

and my machine is librebooted x200

anyway... reinstall :)

Avron

I am a translator!

Offline
Joined: 08/18/2020

I wonder about the same like you. Besides, I tried installing Trisquel 10 on Libreboot with full disk encryption, using the same method as I did with Trisquel 9, then boot fails as Grub fails to decrypt, while it worked with Trisquel 9.

Based on this discussion, the reason could be because the installer uses LUKSv2 for the encrypted partition, which is not supported by Grub. When I have more time (may not be before 3 weeks), I will try again. If I manage to make this work, I will provide a detailed description.

That said, on my laptop with Trisquel, Libreboot and full disk encryption (installed using Trisquel 9 iso), when I try the passphrase to decrypt, I have to wait for some time, so total boot time is a bit long.

Magic Banana

I am a member!

I am a translator!

Offline
Joined: 07/24/2010

A FAT32 filesystem is on the EFI partition, yes. I had also deleted it on my latest computer and could not install Debian 11. That is why I recreated it and the installation went fine.

amuza
Offline
Joined: 02/12/2018

I'm not sure whether I was doing everything right in the first place, but I tried your way (making partitions with the graphical installer) and I could proceed with the installation! Thank you!

(By the way, regarding sizes, I saw the graphical installer uses decimal prefixes instead of binary prefixes, that is, MB instead of MiB.)

Unfortunately I have met another problem:

Now I am stuck at the "Install the EFI Bootloader" section (https://mutschler.eu/linux/install-guides/ubuntu-btrfs-raid1-20-04/#install-the-efi-bootloader)

And I cannot proceed because I cannot find the package grub-efi-amd64-signed

How could I solve it?

Avron

I am a translator!

Offline
Joined: 08/18/2020

And I cannot proceed because I cannot find the package grub-efi-amd64-signed

Did you check that your computer is using UEFI? I have no computer using UEFI, so I cannnot test anything about UEFI, all what is below are guessed based on reading docs.

grub-efi-amd64-signed might be some Ubuntu package that puts a signature for Secure Boot (I am not familiar with the details) but I see Trisquel does not have it. In Trisquel repository, I see grub-efi-amd64 and grub-efi-amd64-signed-template that says it contains template files for grub-efi-amd64-signed.

There is probably some way to put some key and do the signing but I cannot help on that.

If your computer does not have Secure Boot or if you can disable it, you could try just installing grub-efi (this is a dummy package that will install grub-efi-amd64) and proceed, perhaps it will work.

If you can boot in BIOS mode, you could just not install any package and proceed (the grub without UEFI wil be used).

Good luck with that.

amuza
Offline
Joined: 02/12/2018

Now I have Trisquel 10 with RAID1, luks and automatic snapshots, and it works great :)

Thank you very much for your patient explanations and the time you spent!

I followed your suggestion, installed grup-efi and it worked.

I believe my previous problem about identical mount points was a mistake of mine.

If anyone wants to use that guide (https://mutschler.eu/linux/install-guides/ubuntu-btrfs-raid1-20-04/), there is a little thing to be fixed, I have just explained it here:
https://github.com/wmutschl/mutschler.eu/issues/30
I guess soon the guide will be fixed and that issue will be closed.

Thanks again Avron!