“Update”: it’s been ages since this was first posted, but I still use a system that’s configured as described below. The hardware under it has changed, and it’s seen some distribution upgrades, but I’m quite happy with this old disk layout. It’s good news then, that Ahmad, Niels, and Matt report that you can still do the same on Ubuntu 10.04 LTS. Thanks guys, means I still don’t have to write anything new!
This is a brief walk-through of installing Ubuntu Hardy Heron (I used the release candidate, see the previous post) with a LUKS encrypted LVM partition, and preparing it for snapshot backup (explained below). You will need the “alternate” installer for this (ie. not the “desktop” Live CD).
A couple of months ago I did the same thing for my other machine using the Debian 4.0 (Etch) installer and as far as I can remember it was exactly the same procedure. At the time I was planning to run this installation again in a virtual machine and take screenshots, but actually it is really simple (cheers to the team that wrote the installer!) and if you’re attempting this you probably don’t appreciate such hand-holding anyway. So I didn’t bother to make neat virtual-machine screenshots, but to lighten up the text I did put in some crufty digital-camera screenshots here and there.
Why would you want this?
For a home user like me, I think it makes most sense to have this on a laptop. While even strong encryption can’t guarantee that no one will ever read your data, the real-world scenario is of course that you don’t really have anything to hide. Encryption is rather an extra convenience: if someone steals your laptop, you’ll worry a lot less about them getting access to your email and other important accounts (think browser cookies…). In case you’re wondering why the user login won’t protect you: anyone with physical access to the machine – like a thief – can just reboot and start in single-user mode, thereby getting root user privileges. Not so with an encrypted disk.
An objection here is that your CPU will have to do some extra crypto-exercise whenever you read or write to disk, and that will cost some battery life. I haven’t quantitated this but it doesn’t seem to make a huge difference (sorry, that’s a worthless statement indeed). I didn’t notice any slowdown either, using a 1.8GHz Turion64 (more worthless subjectiveness).
What about the LVM stuff? The whole logical volume management thing was mainly designed to give you flexible storage options (eg. add a hard disk and simply expand your existing partitions onto it), and of course that’s not really important for a home user. Heh, in a laptop you’re certainly not very likely to add a new disk. However there’s one feature of LVM that I think is useful to us: snapshots. An LVM snapshot gives special access to your file system as if frozen at some point in time. That means you can run a backup using the snapshot and you can continue working at the same time, without worrying that the backup will catch files in some inconsistent state because you were writing to them.
That’s not a big advantage, because it’s not a big problem most of the time. But as it’s so easy to set up now, why not do it? One downside I can see is that it makes it a bit trickier to access your file system from a recovery disk. Any recovery tool understands plain ext3 partitions (even MS Windows can access those), but if you want to open an (encrypted) LVM partition you might need to check the feature page of the recovery tool, and jump through a few more hoops. In the end, of course, you set this up to enable snapshot backups – so you shouldn’t need recovery tools to begin with ;)
Enough talking, let’s get on with it
All rise please :)
What follows below is really confusing, because everything is referred to as a “partition”. The traditional partitions on your physical hard disk are called partitions, but then inside your encrypted volume you’ll also create an LVM partition, and as far as the installer is concerned the logical volumes you’ll create inside the LVM are also called partitions. There’s probably a more formal lingo for this but I don’t know it. Besides, calling all these things partitions also shows the elegance and transparancy of the system: despite the fancy stuff all your encrypted logical volumes eventually appear to be plain partitions.
One more note: on my laptop, I had to disable the frame buffer (see yesterday’s post). The crufty camera shots below may look slightly different than what you’ll get served.
Ok, so you have the alternate install cd. Boot it and answer some basic stuff (keyboard layout etc) until you get to the disk partitioner. The partitioner has an automatic option “set up encrypted LVM”, which uses the entire disk, creates a small unencrypted boot partition, fills the rest of the disk with an encrypted LVM partition, and creates two volumes within it: one for swap space and one that holds your root file system.
For our purposes, we’ll have to opt out of the automatic option: it doesn’t leave free space for snapshots, and I also really prefer a separate volume for /home. Manual partitioning it is, then.
We start with creating a plain partition to mount as /boot later. I think 100MB has always been more than enough for that, but the automatic partitioner took 250MB: good if you want to be on the safe side. All you need to do is specify the mount point – the standard options for an ext3 file system are fine I think.
I took one big partition to cover the rest of the disk. Here, we choose to use it as “physical volume for encryption”. Again, all the standard dm-crypt options are just fine as far as I’m concerned. But never trust a lame blogger: you can read more about your choices in the Debian Installation manual – currently, section 18.104.22.168 covers encrypted volume options. After that, you’re “Done setting up the partition”.
The partitions overview by now
At this point, the main partitioner menu becomes a little bit unintuitive (it’s just a layout problem really): the option to Configure encrypted volumes appears at the top, where you may not expect it because you’ve been configuring partitions in the lines below. This prompts you to commit your partition changes and wait for the secure erase of the partition to be encrypted (this fills the partition with random bits and takes quite a while). When that’s done, you’ll need to choose a passphrase that unlocks the partition.
You’ll be typing this passphrase quite often (unless you suspend rather than hibernate or shut-down most of the time – note that disk encryption doesn’t protect your suspended system in any way) so my advice is not to pick something too secure ;) If you want to be fancy, you can later create a key file to unlock the system disk using a USB key. Here’s a description that works for Debian Etch; I didn’t try on Ubuntu Hardy yet, but I believe there have been alterations to the boot process which may change the details slightly.
Note the new entry
Now, when you get back to the main partitioner menu, “Encrypted volume” should show up as a new disk. There’s one partition inside it, marked #1, which we’ll use as “physical volume for LVM”. Back in the main menu, again a new option appears at the top – Configure the logical volume manager.
Create a volume group, using your one LVM partition (this seems a bit silly in this context but it would make sense if we had many disks to manage). Now you can create logical volumes within that volume group. I took a generous 10GB to configure as / later, a 1GB swap partition (note: take more if you have more RAM installed and want to write a hibernation file to it), and most of the rest of the disk to mount as /home later. At this point I left a few GB free to be able to create snapshot volumes later.
The LVM config menu
Configuration details: note the bit of free space left. Volume names are arbitrary.
You don’t need much space for a snapshot volume: it only stores reverse changes of your main file system from the time point where you created the snapshot. Unless you leave your snapshot around for days, “a few GB” is in fact far too much. If you’re getting curious how the snapshot backups will work, see this guide from the LVM HOWTO.
Back in the main menu…
So now you’re finished configuring LVM, and you get back to the main partitioner menu. It’s really crowded now: the LVM logical volumes show up as separate disks in addition to the physical disks and the encrypted volume. This is where you configure the partitions on the logical volumes, which are again marked #1. I’m only deviating from the default options in one case: for /home I chose to reserve 0% reserved blocks – I don’t think a full /home can bring the system down (but correct me if I’m wrong! update: it seems I am, see this comment below).
What else? Nothing. Scroll all the way down to find the “Finish partitioning” option and wait while your system gets installed. Unlike with the “desktop” installer you don’t have a live system that allows you to browse the internet while the install is running, so bring out your knitting kit now… (you’ll have to do speed-knitting though, the installer is pretty fast).
How simple was that? I’d say: another cheer for the installer team!