Reinstall Trisquel while keeping /home in encrypted partition

3 réponses [Dernière contribution]
Avron

I am a translator!

En ligne
A rejoint: 08/18/2020

I have Trisquel installed with

  • partition 1: unencrypted /boot
  • partition 2: encrypted volume containing
    • LV 1 with swap
    • LV2 with /
    • LV3 with /home

In my recollection, this was what the installer did by default if asking to use encryption and separate home.

With the graphic installer, I can't find a way to reinstall while keeping the contents of /home because the installer is unable to access partition 2 if I don't first manually open the encrypted volume. The problem is not LVM, the problem is encryption.

I tried what is described in https://blog.wohli.org/2016/10/05/Installing-Ubuntu-16-10-on-existing-LUKS-encrypted-LVM/ (I have exactly the same partitioning except for /boot/efi that I don't have as I don't have UEFI), I used grub instead of grub-efi-amd64, yet it did not boot afterwards, but I can't remember exactly what was happening.

Does anyone know how to reinstall while keeping /home in such a setup? If there is no convenient way, I don't see much use of having a separate /home if using encryption.

prospero
Hors ligne
A rejoint: 05/20/2022

Is it not possible to encrypt your /home volume separately? I guess this would most probably result in having to type two passwords at startup, but may solve your dilemma about having a separate, encrypted /home. Resizing a separate /home volume should also be possible with full physical volume encryption.

In your current settings, I would have thought that the graphical installer would ask for your password at some point in the process anyway. If not, what happens if you unlock the volumes before trying to install?

Avron

I am a translator!

En ligne
A rejoint: 08/18/2020

Is it not possible to encrypt your /home volume separately?

Perhaps it is feasible if using "something else" for partitioning, but I have not tried.

What happens if you unlock the volumes before trying to install?

I did that as I followed the instructions from the page I linked in my previous message, the installation completed saying everything was fine. In my recollection, there wasn't any /etc/crypttab on the installed system and I created it according to the instructions and ran update-grub in the chroot.

At reboot, I can't remember what the error was exactly (I think it was not finding the root fs) but Trisquel could not start. That happened to me at a moment I had a single computer available and I needed it to work, so I did a reinstall with overwrite of the whole disk (I had prepared a backup anyway).

I expect that if I just completed the installation and tried rebooting, the root fs would not be found at boot, but I think I have not tried. I could try now as I have a spare computer.

prospero
Hors ligne
A rejoint: 05/20/2022

This answer has a couple of recommendations about /etc/crypttab in a similar situation:

https://askubuntu.com/questions/853078/reinstall-to-existing-encrypted-partitions/868726#868726