Never give up – “Final Round”
And eventually I was able to achieve it, I extended my root partition across two disks encrypted through LVM!
The process was a total pain in the heck just because, so far I saw, the Elementary Installer (POP!_OS 19.04) has a bug that makes impossible to unlock two disks or two partitions during the advance setup, hence you have to do everything manually.
The main issue is the following one: after you added the second disk and extended the root partition you have also to add the new disk on the
crypttab file in order to unlock it at boot time; unfortunately you can't do that simply restarting the OS because it won't unlock the second disk, hence you have to go in live mode and
CHROOT your system to activate your changes.
To realize this guide, which is essentially a memorandum for myself, I used a Virtual Machine, however the abbreviations of the disks may change based on your machine hardware configuration. For example I used two virtual SATA disks but someone else may have a NVM disk and a SATA SSD so you must adapt these abbreviations accordingly with your real setup. You can run
sudo fdisk -lto see what kind of disks you have on your hardware.
This guide is divided in three parts: one related with the partitioning and the installation, a second one related with the changes on the LVM, a last one were I fixed the
crypttab file, the
initramfs and the
1.1 Disks preparation
To begin I wiped out everything from my two disks creating for each disk a new GPT Table with
Preparing the disk with GPARTED
Then I created entropy on the first disk with this command from the Terminal:
sudo dd if=/dev/urandom of=/dev/sda status=progress
34355495424 bytes (34 GB, 32 GiB) copied, 2721 s, 12.6 MB/s dd: writing to '/dev/sda': No space left on device 67108865+0 records in 67108864+0 records out 34359738368 bytes (34 GB, 32 GiB) copied, 2722.3 s, 12.6 MB/s
1.2 Initial disk partition
I came back to
GPARTED to organize the partitions. I assigned 512MB for
/boot/efi, 4GB for
/recovery and the rest of the disk for
Disk 1 partitioning
- I didn't create intentionally the
Swappartition because I will setup later a
- The second disk will be kept unformatted.
So far was possible I tried to use the same abbreviations used by the regular installation.
1.3 Encrypting the “disk 1”
sudo cryptsetup -y -v luksFormat /dev/sda3
WARNING: Device /dev/sda3 already contains a 'ext4' superblock signature. WARNING! ======== This will overwrite data on /dev/sda3 irrevocably. Are you sure? (Type uppercase yes): YES Enter passphrase for /dev/sda3: Verify passphrase: Existing 'ext4' superblock signature on device /dev/sda3 will be wiped. Key slot 0 created. Command successful.
sudo cryptsetup open /dev/sda3 cryptdata
Adding the device:
sudo pvcreate /dev/mapper/cryptdata
Physical volume “/dev/mapper/cryptdata” successfully created.
Create the group:
sudo vgcreate data /dev/mapper/cryptdata
Volume group “data” successfully created
Create the logical volume:
sudo lvcreate -l 100%FREE data -n root
Logical volume “root” created.
Create the filesystem:
sudo mkfs.ext4 /dev/data/root
mke2fs 1.44.6 (5-Mar-2019) Creating filesystem with 7203840 4k blocks and 1802240 inodes Filesystem UUID: 9ac199af-43d2-4d4f-9a02-e70385f350d7 Superblock backups stored on blocks: 32768, 98304, 163840, 229376, 294912, 819200, 884736, 1605632, 2654208, 4096000 Allocating group tables: done Writing inode tables: done Creating journal (32768 blocks): done Writing superblocks and filesystem accounting information: done
The disk was ready and I proceed with the advanced installation:
This is an idea on how it should appear (I used two virtual drives of 32GB each for this guide) the status of the disks after this first round of tweaking. I added only
root on the
POP! partitioning: boot
POP! partitioning: recovery
POP! partitioning: decrypting
POP! partitioning: root
When everything was ready I launched the installation.
The installation began
Debian you create your user during the installation time with
POP! (and other distro) you will create your user during first boot time, once I finished I turned off the
Virtual Machine for the second part.
Installation finished, just restart
That is the part were I extended the partition, in the real installation I suppose I may use the recovery partition but I just rebooted the Virtual Machine with the Live CD inside.
Also now the first step is adding entropy to the disk:
2.1 “Disk 2” preparation
sudo dd if=/dev/urandom of=/dev/sdb status=progress
34349953536 bytes (34 GB, 32 GiB) copied, 2463 s, 13.9 MB/s dd: writing to '/dev/sdb1': No space left on device 67104769+0 records in 67104768+0 records out 34357641216 bytes (34 GB, 32 GiB) copied, 2464.2 s, 13.9 MB/s
2.2 Create the partition
I quickly created an
EXT4 partition with
GPARTED and I continued on the Terminal.
2.3 Encrypt the “disk 2”
sudo cryptsetup -y -v luksFormat /dev/sdb1
WARNING: Device /dev/sdb1 already contains a 'crypto_LUKS' superblock signature. WARNING! ======== This will overwrite data on /dev/sdb1 irrevocably. Are you sure? (Type uppercase yes): YES Enter passphrase for /dev/sdb1: Verify passphrase: Existing 'cryptoLUKS' superblock signature on device /dev/sdb1 will be wiped. Existing 'cryptoLUKS' superblock signature on device /dev/sdb1 will be wiped. Key slot 0 created. Command successful.
sudo cryptsetup open /dev/sdb1 cryptextra
Enter passphrase for /dev/sdb1:
Create the filesystem:
sudo mkfs.ext4 /dev/mapper/cryptextra
mke2fs 1.44.6 (5-Mar-2019) Creating filesystem with 8384000 4k blocks and 2097152 inodes Filesystem UUID: 58e80e88-a379-4ad6-8c90-0ae782db6e18 Superblock backups stored on blocks: 32768, 98304, 163840, 229376, 294912, 819200, 884736, 1605632, 2654208, 4096000, 7962624 Allocating group tables: done Writing inode tables: done Creating journal (32768 blocks): done Writing superblocks and filesystem accounting information: done
2.4 Make changes on the LVM – Phase 1
Unlock the current LVM partition
sudo cryptsetup luksOpen /dev/sda3 cryptdata
Enter passphrase for /dev/sda3:
Check its status:
inactive '/dev/data/root' [27.48 GiB] inherit
Activate the LVM:
sudo vgchange -ay
1 logical volume(s) in volume group “data” now active
2.4.2 Make changes on the LVM – Phase 2
Adding the partition:
sudo pvcreate /dev/mapper/cryptextra
Physical volume “/dev/mapper/cryptextra” successfully created.
Extending the partition:
sudo vgextend data /dev/mapper/cryptextra
Volume group “data” successfully extended
Check the status:
—– Volume group —- VG Name data System ID Format lvm2 Metadata Areas 2 Metadata Sequence No 3 VG Access read/write VG Status resizable MAX LV 0 Cur LV 1 Open LV 0 Max PV 0 Cur PV 2 Act PV 2 VG Size 59.46 GiB PE Size 4.00 MiB Total PE 15222 Alloc PE / Size 7035 / 27.48 GiB Free PE / Size 8187 / 31.98 GiB VG UUID enJDSc-V1Pt-jcZm-oG7n-W4qD-M2Qn-3tb22c
PV VG Fmt Attr PSize PFree /dev/mapper/cryptdata data lvm2 a— 27.48g 0 /dev/mapper/cryptextra data lvm2 a— 31.98g 31.98g
2.4.3 Make changes on the LVM – Final Phase
Extending the partition:
sudo lvm lvextend -l +100%FREE /dev/mapper/data-root
Size of logical volume data/root changed from 27.48 GiB (7035 extents) to 59.46 GiB (15222 extents). Logical volume data/root successfully resized.
Check and fix the integrity of the filesystem:
sudo e2fsck -f /dev/mapper/data-root
e2fsck 1.44.6 (5-Mar-2019) Pass 1: Checking inodes, blocks, and sizes Pass 2: Checking directory structure Pass 3: Checking directory connectivity Pass 4: Checking reference counts Pass 5: Checking group summary information /dev/mapper/data-root: 189206/1802240 files (0.1% non-contiguous), 1491499/7203840 blocks
Resize properly the free space:
sudo resize2fs -p /dev/mapper/data-root
resize2fs 1.44.6 (5-Mar-2019) Resizing the filesystem on /dev/mapper/data-root to 15587328 (4k) blocks. The filesystem on /dev/mapper/data-root is now 15587328 (4k) blocks long.
Check the result:
Filesystem Size Used Avail Use% Mounted on udev 959M 0 959M 0% /dev tmpfs 200M 1.4M 198M 1% /run /dev/sr0 2.1G 2.1G 0 100% /cdrom /dev/loop0 2.0G 2.0G 0 100% /rofs /cow 996M 21M 975M 3% / tmpfs 996M 0 996M 0% /dev/shm tmpfs 5.0M 0 5.0M 0% /run/lock tmpfs 996M 0 996M 0% /sys/fs/cgroup tmpfs 996M 4.0K 996M 1% /tmp tmpfs 200M 44K 199M 1% /run/user/999
The filesystem was properly extended however I needed to reboot the Virtual Machine to enable these changes. The Virtual Machine won't boot because I made changes that need further general fixing.
All the following commands are provided by the System76 website, I reported those for convenience; since the moment I used the same abbreviations as a regular installation the commands are pretty the same.
I were again on a
Live Session to do the last operations to make the system fully functional. Just went into
Try Mode and opened a
3 Unlocking the disks and enabling the LVM
sudo cryptsetup luksOpen /dev/sda3 cryptdata && sudo cryptsetup luksOpen /dev/sdb1 cryptextra
Enter passphrase for /dev/sda3: Enter passphrase for /dev/sdb1:
Check the status:
inactive '/dev/data/root' [59.46 GiB] inherit
Activate the LVM:
sudo vgchange -ay
1 logical volume(s) in volume group "data" now active
Mount the LVM:
sudo mount /dev/mapper/data-root /mnt
Now the real root is mounted and available in the system folder
3.1 Check the
UUID of the disk and update the
As first thing we need to know the
UUID of the second disk partition:
sudo blkid | grep /dev/sdb1
/dev/sdb1: UUID="3cdd9690-a7b1-40a4-ab12-c16cee0c99da" TYPE="crypto_LUKS" PARTUUID="7afdb43b-696a-4217-b284-6663d253b84a"
Then I updated the
sudo echo 'cryptextra UUID=3cdd9690-a7b1-40a4-ab12-c16cee0c99da none luks' >> /mnt/etc/crypttab
The headache config file! If you don't update it never will work!
Verify the changes:
cryptdata UUID=4f9334bd-c029-4e7b-8a80-4ae053685257 none luks cryptextra UUID=3cdd9690-a7b1-40a4-ab12-c16cee0c99da none luks
3.2 Repair the system
Prepare the system:
sudo mount /dev/sda1 /mnt/boot/efi
for i in /dev /dev/pts /proc /sys /run; do sudo mount -B $i /mnt$i; done
sudo cp /etc/resolv.conf /mnt/etc/ cp: '/etc/resolv.conf' and '/mnt/etc/resolv.conf' are the same file
sudo chroot /mnt
3.2 Repair the
Some operation with
apt update && apt install --reinstall linux-generic linux-headers-generic -y
update-initramfs -c -k all
update-initramfs: Generating /boot/initrd.img-5.0.0-21-generic kernelstub.Config : INFO Looking for configuration... kernelstub : INFO System information: OS:..................Pop!_OS 19.04 Root partition:....../dev/dm-2 Root FS UUID:........5b6e096f-ade6-421c-adec-04b88409df86 ESP Path:............/boot/efi ESP Partition:......./dev/sda1 ESP Partition #:.....1 NVRAM entry #:.......-1 Boot Variable #:.....0000 Kernel Boot Options:.quiet loglevel=0 systemd.show_status=false splash Kernel Image Path:.../vmlinuz Initrd Image Path:.../initrd.img Force-overwrite:.....False kernelstub.Installer : INFO Copying Kernel into ESP kernelstub.Installer : INFO Copying initrd.img into ESP kernelstub.Installer : INFO Setting up loader.conf configuration kernelstub.Installer : INFO Making entry file for Pop!_OS kernelstub.Installer : INFO Backing up old kernel kernelstub.Installer : INFO Making entry file for Pop!_OS update-initramfs: Generating /boot/initrd.img-5.0.0-15-generic kernelstub.Config : INFO Looking for configuration... kernelstub : INFO System information: OS:..................Pop!_OS 19.04 Root partition:....../dev/dm-2 Root FS UUID:........5b6e096f-ade6-421c-adec-04b88409df86 ESP Path:............/boot/efi ESP Partition:......./dev/sda1 ESP Partition #:.....1 NVRAM entry #:.......-1 Boot Variable #:.....0000 Kernel Boot Options:.quiet loglevel=0 systemd.show_status=false splash Kernel Image Path:.../vmlinuz Initrd Image Path:.../initrd.img Force-overwrite:.....False kernelstub.Installer : INFO Copying Kernel into ESP kernelstub.Installer : INFO Copying initrd.img into ESP kernelstub.Installer : INFO Setting up loader.conf configuration kernelstub.Installer : INFO Making entry file for Pop!_OS kernelstub.Installer : INFO Backing up old kernel kernelstub.Installer : INFO Making entry file for Pop!_OS
Exit from the
3.3 Repair the
sudo bootctl --path=/mnt/boot/efi install
Copied "/usr/lib/systemd/boot/efi/systemd-bootx64.efi" to "/mnt/boot/efi/EFI/systemd/systemd-bootx64.efi". Copied "/usr/lib/systemd/boot/efi/systemd-bootx64.efi" to "/mnt/boot/efi/EFI/BOOT/BOOTX64.EFI". Created EFI boot entry "Linux Boot Manager".
The filesystem was been repaired now I rebooted the Virtual Machine crossing the finger: 🤞🤞🤞🤞
Unlock the first disk
Unlock the second disk
GOT IT! IT WORKED!!! 👍
Final Consideration for a Final Round
As a matter of fact all the changes were applied properly on the Virtual Machine and it will be the same on my Serval WS9 Laptop.
All of it was been clearly a useless heroic feat due a very bad design approach by the Elementary Team and consequentially from the System76 Guys who decided to adopt its installer.
This is a typical one way approach where all the other possible alternatives are excluded intentionally; as a matter of fact the Elementary OS has a very nice Desktop Environment which is almost impossible to customize, because this is the philosophy behind the Elementary Desktop. But it came out that the Elementary installer on
POP! has a BUG that makes impossible to unlock more than one
LUKS partition in advanced mode, probably no one noticed it because when you target just the newbye and exclude all the others you lose proper testing and what you get at the end is an article were someone, like me, discover your negligence and become upset.
I am trying to do all the best to refrain myself with my usual behavior but, from my point of view, if you target only newbies it will end up to be a wrong decision: because eventually someone will write an article like this where these newbies will read negative comments about you, as you can see it is no smart at all.
I am totally agreed to help new comers but don't exclude others groups of users for the sake of the
UI/UX because this is a total BULLSHIT, this has been for me the worst user experience I have ever had on Linux since the last ten years... You see?