Skip to content
Menu
Barely Walking
  • Home
  • Robotics
  • SD, LLMs
  • One shot projects
  • 3d printers
  • About me
Barely Walking
22/10/2023

Problematic LUKS LVM on Slackware 15.0, 14.2, current

Setting up LUKS + LVM on a UEFI laptop

Update 2023/10/22

Slackware 15, on a laptop

If you have 2 drives, one with Windows 11, as I do – remove the Windows drive for now, EFI partition tends to take priority if a new one is not formatted right away. Just easier.

cgdisk /dev/nvme0n1

set up partitions:

100M - code EF00, name it EFI   (so it's /dev/nvme0n1p1 in my case)
500M - default, name it boot  (yes, 100M is not enough when redoing initrd)  (that's /dev/nvme0n1p2)
the rest - one big partition (aaand /dev/nvme0n1p3)

Why do I use name cryptlaptop instead of cryptvg? I have multiple drives, so I use unique names in case I need to pop a drive between devices, otherwise it will throw a warning/error when using same names

cryptsetup -y luksFormat /dev/nvme0n1p3
cryptsetup luksOpen /dev/nvme0n1p3 lukspartition
pvcreate /dev/mapper/lukspartition
vgcreate cryptlaptop /dev/mapper/lukspartition
lvcreate -L 450G -n root cryptlaptop
lvcreate -L 26G -n swap cryptlaptop
mkswap /dev/cryptlaptop/swap

now do a setup

setup

add root /dev/cryptlaptop/root partition, when asked for more add the other:

/dev/nvme0n1p2  /boot

and when EFI comes agree to format /dev/nvme0n1p1 as EFI, so you end with

/dev/nvme0n1p1 /EFI
/dev/nvme0n1p2 /boot
/dev/cryptlaptop/root /

go through everything, including elilo, but drop down to shell when the setup ends. All the necessary binds (/dev, /proc, /sys) are already done, so just drop into chroot

chroot /mnt /bin/bash
/usr/share/mkinitrd/mkinitrd_command_generator.sh -r > /root/cmd.sh
chmod +x /root/cmd.sh
/root/cmd.sh
eliloconfig
exit
reboot

And that’s it

—

Older version:

IF YOU ALREADY HAVE EVERYTHING and only want to erase old system / you are doing a recovery / fixing your 51st trial of getting LUKS to work:
cryptsetup luksOpen /dev/sda2 lukssda2
vgchange -ay
mount /dev/cryptvg/root /mnt
mount /dev/sda1 /mnt/boot
mount –bind /dev /mnt/dev
mount –bind /proc /mnt/proc
mount –bind /sys /mnt/sys
chroot /mnt /bin/bash

/usr/share/mkinitrd/mkinitrd_command_generator.sh -r

and be sure to add -C /dev/sda2 or else you will probably get:
mount: mounting /dev/cryptvg/root on /mnt failed: No such file or directory
ERROR: No /sbin/init found on rootdev (or not mounted). Trouble ahead.

Now, cryptsetup requires at least n/libgcrypt and n/libgpg or something like that – you cannot install barebone a/ packages and do it, will not boot with:
LUKS device ‘/dev/sda2’ unavailable for unlocking!

either manually launch the mkinitrd, or do:
/usr/share/mkinitrd/mkinitrd_command_generator.sh -r > /root/cmd.sh
chmod +x /root/cmd.sh
/root/cmd.sh

Then with lilo:
boot = /dev/sda
image = /boot/vmlinuz-generic-smp-3.10.17-smp
initrd = /boot/initrd.gz

label = Slackware
read-only

you don’t really need root = /dev/cryptvg/root, it is encoded together with mkinitrd

and
lilo

—

Update 2021:

So my current disk setup is:
/dev/nvme0n1 – my disk

/dev/nvme0n1p1 – EFI
/dev/nvme0n1p2 – /boot
/dev/nvme0n1p3 – my encrypted disk (root + swap)

If I pop out the disk for testing, the boot entry may get lost, so the shortest recovery path for it is:

Grab any bootable slackware install usb stick. boot it

cryptsetup luksOpen /dev/nvme1n1p3 luks
mount /dev/cryptvg/root /mnt
mount /dev/nvme1n1p2 /mnt/boot
mount /dev/nvme1n1p1 /mnt/boot/EFI
mount –bind /dev /mnt/dev
mount –bind /proc /mnt/proc
mount –bind /sys /mnt/sys
chroot /mnt /bin/bash
eliloconfig

And choose to add the entry. Done.

—

Update 2021/12/10:

Open and close an encrypted LUKS+LVM:

cryptsetup luksOpen /dev/sda2 lukssda2  # adds into /dev/mapper
vgchange -ay   # will open all
vgchange -a y lukssda2  # only opens lukssda2

then to close:
umount /mnt/...    # unmount them all
vgchange -a n lukssda2   # volume out
cryptsetup luksClose lukssda2

—

©2025 Barely Walking | Powered by WordPress and Superb Themes!