Never give up – “Final Round”

And eventually I was able to achieve it, I extended my root partition across two disks encrypted through LVM!

The process was a total pain in the heck just because, so far I saw, the Elementary Installer (POP!_OS 19.04) has a bug that makes impossible to unlock two disks or two partitions during the advance setup, hence you have to do everything manually.

The main issue is the following one: after you added the second disk and extended the root partition you have also to add the new disk on the crypttab file in order to unlock it at boot time; unfortunately you can't do that simply restarting the OS because it won't unlock the second disk, hence you have to go in live mode and CHROOT your system to activate your changes.

To realize this guide, which is essentially a memorandum for myself, I used a Virtual Machine, however the abbreviations of the disks may change based on your machine hardware configuration. For example I used two virtual SATA disks but someone else may have a NVM disk and a SATA SSD so you must adapt these abbreviations accordingly with your real setup. You can run sudo fdisk -l to see what kind of disks you have on your hardware.

References:

This guide is divided in three parts: one related with the partitioning and the installation, a second one related with the changes on the LVM, a last one were I fixed the crypttab file, the initramfs and the bootloader.

PART ONE

1.1 Disks preparation

To begin I wiped out everything from my two disks creating for each disk a new GPT Table with GPARTED.

Preparing the disk with GPARTEDPreparing the disk with GPARTED

Then I created entropy on the first disk with this command from the Terminal:

sudo dd if=/dev/urandom of=/dev/sda status=progress

the output:

34355495424 bytes (34 GB, 32 GiB) copied, 2721 s, 12.6 MB/s
dd: writing to '/dev/sda': No space left on device
67108865+0 records in
67108864+0 records out
34359738368 bytes (34 GB, 32 GiB) copied, 2722.3 s, 12.6 MB/s

1.2 Initial disk partition

I came back to GPARTED to organize the partitions. I assigned 512MB for /boot/efi, 4GB for /recovery and the rest of the disk for /root.

Disk 1 partitioningDisk 1 partitioning

So far was possible I tried to use the same abbreviations used by the regular installation.

1.3 Encrypting the “disk 1”

First command:

sudo cryptsetup -y -v luksFormat /dev/sda3

the output:

WARNING: Device /dev/sda3 already contains a 'ext4' superblock signature.

WARNING!
========
This will overwrite data on /dev/sda3 irrevocably.

Are you sure? (Type uppercase yes): YES
Enter passphrase for /dev/sda3:
Verify passphrase:
Existing 'ext4' superblock signature on device /dev/sda3 will be wiped.
Key slot 0 created.
Command successful.

Last command:

sudo cryptsetup open /dev/sda3 cryptdata

1.4 LVM

Adding the device:

sudo pvcreate /dev/mapper/cryptdata

the output:

  Physical volume “/dev/mapper/cryptdata” successfully created.

Create the group:

sudo vgcreate data /dev/mapper/cryptdata

the output:

  Volume group “data” successfully created

Create the logical volume:

sudo lvcreate -l 100%FREE data -n root

the output:

  Logical volume “root” created.

Create the filesystem:

sudo mkfs.ext4 /dev/data/root

the output:

mke2fs 1.44.6 (5-Mar-2019)
Creating filesystem with 7203840 4k blocks and 1802240 inodes
Filesystem UUID: 9ac199af-43d2-4d4f-9a02-e70385f350d7
Superblock backups stored on blocks:
    32768, 98304, 163840, 229376, 294912, 819200, 884736, 1605632, 2654208,
    4096000

Allocating group tables: done

Writing inode tables: done

Creating journal (32768 blocks): done
Writing superblocks and filesystem accounting information: done

The disk was ready and I proceed with the advanced installation:

Advance modeAdvance mode

This is an idea on how it should appear (I used two virtual drives of 32GB each for this guide) the status of the disks after this first round of tweaking. I added only boot/efi; /recovery and root on the luks partition:

POP! partitioning: boot

POP! partitioning: recovery

POP! partitioning: decrypting

POP! partitioning: root

When everything was ready I launched the installation.

The installation beganThe installation began

While in Debian you create your user during the installation time with POP! (and other distro) you will create your user during first boot time, once I finished I turned off the Virtual Machine for the second part.

Installation finished, just restartInstallation finished, just restart

PART TWO

That is the part were I extended the partition, in the real installation I suppose I may use the recovery partition but I just rebooted the Virtual Machine with the Live CD inside.

Also now the first step is adding entropy to the disk:

2.1 “Disk 2” preparation

sudo dd if=/dev/urandom of=/dev/sdb status=progress

the output:

34349953536 bytes (34 GB, 32 GiB) copied, 2463 s, 13.9 MB/s
dd: writing to '/dev/sdb1': No space left on device
67104769+0 records in
67104768+0 records out
34357641216 bytes (34 GB, 32 GiB) copied, 2464.2 s, 13.9 MB/s

2.2 Create the partition

I quickly created an EXT4 partition with GPARTED and I continued on the Terminal.

2.3 Encrypt the “disk 2”

First command:

sudo cryptsetup -y -v luksFormat /dev/sdb1

the output:

WARNING: Device /dev/sdb1 already contains a 'crypto_LUKS' superblock signature.

WARNING!
========
This will overwrite data on /dev/sdb1 irrevocably.

Are you sure? (Type uppercase yes): YES
Enter passphrase for /dev/sdb1:
Verify passphrase:
Existing 'cryptoLUKS' superblock signature on device /dev/sdb1 will be wiped.
Existing 'cryptoLUKS' superblock signature on device /dev/sdb1 will be wiped.
Key slot 0 created.
Command successful.

Last command:

sudo cryptsetup open /dev/sdb1 cryptextra

the output:

Enter passphrase for /dev/sdb1:

Create the filesystem:

sudo mkfs.ext4 /dev/mapper/cryptextra

the output:

mke2fs 1.44.6 (5-Mar-2019)
Creating filesystem with 8384000 4k blocks and 2097152 inodes
Filesystem UUID: 58e80e88-a379-4ad6-8c90-0ae782db6e18
Superblock backups stored on blocks:
    32768, 98304, 163840, 229376, 294912, 819200, 884736, 1605632, 2654208,
    4096000, 7962624

Allocating group tables: done

Writing inode tables: done

Creating journal (32768 blocks): done
Writing superblocks and filesystem accounting information: done

2.4 Make changes on the LVM – Phase 1

Unlock the current LVM partition

sudo cryptsetup luksOpen /dev/sda3 cryptdata

the output:

Enter passphrase for /dev/sda3:

Check its status:

sudo lvscan

the output:

  inactive          '/dev/data/root' [27.48 GiB] inherit

Activate the LVM:

sudo vgchange -ay

the output:

  1 logical volume(s) in volume group “data” now active

2.4.2 Make changes on the LVM – Phase 2

Adding the partition:

sudo pvcreate /dev/mapper/cryptextra

the output:

  Physical volume “/dev/mapper/cryptextra” successfully created.

Extending the partition:

sudo vgextend data /dev/mapper/cryptextra

the output:

  Volume group “data” successfully extended

Check the status:

sudo vgdisplay

the output:

  —– Volume group —-
  VG Name               data
  System ID

  Format                lvm2
  Metadata Areas        2
  Metadata Sequence No  3
  VG Access             read/write
  VG Status             resizable
  MAX LV                0
  Cur LV                1
  Open LV               0
  Max PV                0
  Cur PV                2
  Act PV                2
  VG Size               59.46 GiB
  PE Size               4.00 MiB
  Total PE              15222
  Alloc PE / Size       7035 / 27.48 GiB
  Free  PE / Size       8187 / 31.98 GiB
  VG UUID               enJDSc-V1Pt-jcZm-oG7n-W4qD-M2Qn-3tb22c
sudo pvs

the output:

  PV                     VG   Fmt  Attr PSize  PFree
  /dev/mapper/cryptdata  data lvm2 a—  27.48g     0
  /dev/mapper/cryptextra data lvm2 a—  31.98g 31.98g

2.4.3 Make changes on the LVM – Final Phase

Extending the partition:

sudo lvm lvextend -l +100%FREE /dev/mapper/data-root

the output:

  Size of logical volume data/root changed from 27.48 GiB (7035 extents) to 59.46 GiB (15222 extents).
  Logical volume data/root successfully resized.

Check and fix the integrity of the filesystem:

sudo e2fsck -f /dev/mapper/data-root

the output:

e2fsck 1.44.6 (5-Mar-2019)
Pass 1: Checking inodes, blocks, and sizes
Pass 2: Checking directory structure
Pass 3: Checking directory connectivity
Pass 4: Checking reference counts
Pass 5: Checking group summary information
/dev/mapper/data-root: 189206/1802240 files (0.1% non-contiguous), 1491499/7203840 blocks

Resize properly the free space:

sudo resize2fs -p /dev/mapper/data-root

the output:

resize2fs 1.44.6 (5-Mar-2019)
Resizing the filesystem on /dev/mapper/data-root to 15587328 (4k) blocks.
The filesystem on /dev/mapper/data-root is now 15587328 (4k) blocks long.

Check the result:

df -h

the output:

Filesystem      Size  Used Avail Use% Mounted on
udev            959M     0  959M   0% /dev
tmpfs           200M  1.4M  198M   1% /run
/dev/sr0        2.1G  2.1G     0 100% /cdrom
/dev/loop0      2.0G  2.0G     0 100% /rofs
/cow            996M   21M  975M   3% /
tmpfs           996M     0  996M   0% /dev/shm
tmpfs           5.0M     0  5.0M   0% /run/lock
tmpfs           996M     0  996M   0% /sys/fs/cgroup
tmpfs           996M  4.0K  996M   1% /tmp
tmpfs           200M   44K  199M   1% /run/user/999

The filesystem was properly extended however I needed to reboot the Virtual Machine to enable these changes. The Virtual Machine won't boot because I made changes that need further general fixing.

PART THREE

All the following commands are provided by the System76 website, I reported those for convenience; since the moment I used the same abbreviations as a regular installation the commands are pretty the same.

I were again on a Live Session to do the last operations to make the system fully functional. Just went into Try Mode and opened a Terminal:

3 Unlocking the disks and enabling the LVM

sudo cryptsetup luksOpen /dev/sda3 cryptdata && sudo cryptsetup luksOpen /dev/sdb1 cryptextra

the output:

Enter passphrase for /dev/sda3: 
Enter passphrase for /dev/sdb1: 

Check the status:

 sudo lvscan

the output:

  inactive          '/dev/data/root' [59.46 GiB] inherit

Activate the LVM:

sudo vgchange -ay

the output:

  1 logical volume(s) in volume group "data" now active

Mount the LVM:

sudo mount /dev/mapper/data-root /mnt

Now the real root is mounted and available in the system folder /mnt.

3.1 Check the UUID of the disk and update the CYPTTAB file

As first thing we need to know the UUID of the second disk partition:

sudo blkid | grep /dev/sdb1

the output:

/dev/sdb1: UUID="3cdd9690-a7b1-40a4-ab12-c16cee0c99da" TYPE="crypto_LUKS" PARTUUID="7afdb43b-696a-4217-b284-6663d253b84a"

Then I updated the CRYPTTAB file

sudo echo 'cryptextra UUID=3cdd9690-a7b1-40a4-ab12-c16cee0c99da none luks' >> /mnt/etc/crypttab

The headache config file! If you don't update it never will work!The headache config file! If you don't update it never will work!

Verify the changes:

cat /mnt/etc/crypttab 

the output:

cryptdata UUID=4f9334bd-c029-4e7b-8a80-4ae053685257 none luks
cryptextra UUID=3cdd9690-a7b1-40a4-ab12-c16cee0c99da none luks

3.2 Repair the system

Prepare the system:

sudo mount /dev/sda1 /mnt/boot/efi
for i in /dev /dev/pts /proc /sys /run; do sudo mount -B $i /mnt$i; done
sudo cp /etc/resolv.conf /mnt/etc/
cp: '/etc/resolv.conf' and '/mnt/etc/resolv.conf' are the same file

Mount CHROOT environment

sudo chroot /mnt

3.2 Repair the INITRAMFS

Some operation with APT

apt update && apt install --reinstall linux-generic linux-headers-generic -y

Update the INITRAMFS:

update-initramfs -c -k all

the output:

update-initramfs: Generating /boot/initrd.img-5.0.0-21-generic
kernelstub.Config    : INFO     Looking for configuration...
kernelstub           : INFO     System information: 

    OS:..................Pop!_OS 19.04
    Root partition:....../dev/dm-2
    Root FS UUID:........5b6e096f-ade6-421c-adec-04b88409df86
    ESP Path:............/boot/efi
    ESP Partition:......./dev/sda1
    ESP Partition #:.....1
    NVRAM entry #:.......-1
    Boot Variable #:.....0000
    Kernel Boot Options:.quiet loglevel=0 systemd.show_status=false splash
    Kernel Image Path:.../vmlinuz
    Initrd Image Path:.../initrd.img
    Force-overwrite:.....False

kernelstub.Installer : INFO     Copying Kernel into ESP
kernelstub.Installer : INFO     Copying initrd.img into ESP
kernelstub.Installer : INFO     Setting up loader.conf configuration
kernelstub.Installer : INFO     Making entry file for Pop!_OS
kernelstub.Installer : INFO     Backing up old kernel
kernelstub.Installer : INFO     Making entry file for Pop!_OS
update-initramfs: Generating /boot/initrd.img-5.0.0-15-generic
kernelstub.Config    : INFO     Looking for configuration...
kernelstub           : INFO     System information: 

    OS:..................Pop!_OS 19.04
    Root partition:....../dev/dm-2
    Root FS UUID:........5b6e096f-ade6-421c-adec-04b88409df86
    ESP Path:............/boot/efi
    ESP Partition:......./dev/sda1
    ESP Partition #:.....1
    NVRAM entry #:.......-1
    Boot Variable #:.....0000
    Kernel Boot Options:.quiet loglevel=0 systemd.show_status=false splash
    Kernel Image Path:.../vmlinuz
    Initrd Image Path:.../initrd.img
    Force-overwrite:.....False

kernelstub.Installer : INFO     Copying Kernel into ESP
kernelstub.Installer : INFO     Copying initrd.img into ESP
kernelstub.Installer : INFO     Setting up loader.conf configuration
kernelstub.Installer : INFO     Making entry file for Pop!_OS
kernelstub.Installer : INFO     Backing up old kernel
kernelstub.Installer : INFO     Making entry file for Pop!_OS

Exit from the CHROOT environment:

exit

3.3 Repair the BOOTLOADER

sudo bootctl --path=/mnt/boot/efi install

the output:

Copied "/usr/lib/systemd/boot/efi/systemd-bootx64.efi" to "/mnt/boot/efi/EFI/systemd/systemd-bootx64.efi".
Copied "/usr/lib/systemd/boot/efi/systemd-bootx64.efi" to "/mnt/boot/efi/EFI/BOOT/BOOTX64.EFI".
Created EFI boot entry "Linux Boot Manager".

The filesystem was been repaired now I rebooted the Virtual Machine crossing the finger: 🤞🤞🤞🤞

Unlock the first diskUnlock the first disk

Unlock the second diskUnlock the second disk

GOT IT! IT WORKED!!! 👍

Final Consideration for a Final Round

As a matter of fact all the changes were applied properly on the Virtual Machine and it will be the same on my Serval WS9 Laptop.

All of it was been clearly a useless heroic feat due a very bad design approach by the Elementary Team and consequentially from the System76 Guys who decided to adopt its installer.

This is a typical one way approach where all the other possible alternatives are excluded intentionally; as a matter of fact the Elementary OS has a very nice Desktop Environment which is almost impossible to customize, because this is the philosophy behind the Elementary Desktop. But it came out that the Elementary installer on POP! has a BUG that makes impossible to unlock more than one LUKS partition in advanced mode, probably no one noticed it because when you target just the newbye and exclude all the others you lose proper testing and what you get at the end is an article were someone, like me, discover your negligence and become upset.

I am trying to do all the best to refrain myself with my usual behavior but, from my point of view, if you target only newbies it will end up to be a wrong decision: because eventually someone will write an article like this where these newbies will read negative comments about you, as you can see it is no smart at all.

I am totally agreed to help new comers but don't exclude others groups of users for the sake of the UI/UX because this is a total BULLSHIT, this has been for me the worst user experience I have ever had on Linux since the last ten years... You see?

#Linux #System76 #PopOs #LVM #Partitioning #Installation #LinuxDesktop #Ubuntu #Foss #Floss #OpenSource #Encryption

if you want comment this article add me on Diaspora, Friendica or Mastodon: gnuserland@social.isurf.ca