Customize alternate install CD with UEFI?

Josef Wolf jw at raven.inka.de
Fri Jul 22 12:53:02 UTC 2016


On Fri, Jul 22, 2016 at 01:12:54PM +0200, Liam Proven wrote:

> Re point 5: I do not recommend mixing LVM with other partitioning schemes.

???

Having multiple volumes inside one LVM is the whole point of LVM (umm, not
exaclty, but ...). For Windows (and even for fdisk in linux) this will look
like a partition as any other partition with an unknown filesystem type. Only
LVM-aware tools (e.g. device-mapper) will see the contents that are withhin
the LVM partition.

> When I have used LVM on other OSes, e.g. Windows Server, it is all
> or nothing: whole disk only.

Windows have LVM?!? Didn't know that...

> You want to keep Windows, in GPT partitions, _and_ have LVM. Bad plan, IMHO.

Windows don't care about LVM partitions. LVM is a concept orthogonally to the
partitioning.

> > I'm doing this scheme for many years with no problems.
> On GUID disks?

No. But I don't see why this would be a problem. There's no difference from
LVM partitions and any other linux partitions. The only difference is that
instead of an ext4, it contans an LVM "filesystem" which can be diveded into
multiple "logical" partitions which, in turn can contain encrypted partitions
(with the help of cryptsetup).

> > - Resizing worked, but to move the rescue partitions, I had to reboot into the
> >   live-system and use gparted.
> What's the problem with that?

I could not figure how to move it. There are no menus, no context-menus, and
drag+drop did not work either.

> > - Creating a big "physical volume for encrypted data" worked fine. But it can
> >   hold only one partition?
> Yes. That is correct, normal, desired behaviour. This is, as you have
> said, a GPT disk. (Logical) partitions inside (an extended) partition
> is a feature of the MBR partitioning scheme, the DOS system.

Ummm, please don't confuse primary/logical/extended partitions with LVM.

> GPT replaces this completely. On GPT you cannot have partitions inside
> partitions.

LVM is totally out of scope of MBR/GPT. LVM lives WITHHIN an ordinary linux
partition (type 0x83), which (in turn) doesnt care whether it lives on an
primary/extended/logical/GPT partition.

> > So I decided to delete it and create three
> >   "physical volumes for encrypted data", one for /, one for swap and one for
> >   /data.
> Personally, I advocate /, /home and swap.

I don't use /home for my data, since /home is polluted by the distro.

> Modern bootloaders can load
> a kernel from any point on the disk so there is no need for a separate
> /boot partition any more.

But (AFAIK) you can't keep /boot withhin an encrypted drive. Therefore, if you
want an encrypted root, you need a separete partition for /boot.

> sudo apt-get autoremove -y

Ah! That's what I'm looking for! Thanks!

> > BUT: now way: once created, there's no way to delete this big crypted
> >   volume that I created before. Boot into the live system again to delete it.
> This is one reason I dislike disk encryption. It makes re-partitioning
> a massive pain. Been there, done that.

No! Gparted and the d-i partitioner can remove them just fine! Its the
graphical partitioner from the live-DVD which is broken.

> > - Third attempt:
> >   1. create crypted volume for root, partitioner shows me three additional
> >      entries: one at the original place, one at the very top, and one appended
> >      with "crypt". I create / within the entry appended with "crypt"
> >   2. create crypted volume for swap, same procedure as in (1.)
> >   3. create crypted volume for data: The two additional entries won't
> >      appear. How that?
> 
> I suspect that, with such a complicated scheme, you need to reboot
> after removing any partition, so the system registers that it has
> really gone.

Gparted and the d-i partitioner play fine with this.

> >   4. Now I'm getting a warning that a non-crypted swap was found. I
> >      double-checked three times: swap is within the crypted volume an no other
> >      swap exists.
> 
> If your system is reasonably specified, why have swap at all? Why not
> just use ZRAM or the ``swapspace'' command?

???

I have swap (withhin an encrypted partition), just in case the system runs out
of RAM.

The warning, that the installer found un-encrypted swap although the swap
partition is inside an encrypted partition looks strange to me.

> > At that point I stopped using the live-installer and went back to the
> > alternate/server-CD, which worked fine.
> 
> The reboot might be key here.

No reboot did not help.

-- 
Josef Wolf
jw at raven.inka.de



More information about the ubuntu-users mailing list