8. Oktober 2011

Dual-booting Arch and Ubuntu with LVM on top of LUKS

Encrypting your hard drive is generally a good idea. Yet, the encryption renders dual-booting a little more difficult. Here I briefly sketch how I installed Ubuntu in parallel to an existing Arch installation on a LUKS-encrypted drive.

The initial setup consists of an Arch installation on separate logical volumes for the home partition, root partition, and the swap partition. The volume group is placed within a LUKS-encrypted partition (here, this is /dev/sda2). Here is the partition table before installing Ubuntu:

  Name Flags  Part Type  FS Type      [Label]   Size (MB)
  ---------------------------------------------------------
  sda1  Boot   Primary   ext4         [boot]       246.76
  sda2         Primary   crypto_LUKS            319823.57
               Pri/Log   Free Space                  2.62*

Here is the layout of the LVM volume group contained in /dev/sda2
before installing Ubuntu:

  home        vgroup      268.45g
  root        vgroup       25.00g
  swap        vgroup        2.20g

The challenge is now to find out how to install Ubuntu into newly created logical volumes in this LUKS-encrypted volume group. This burns down to two major problems that need to be solved: First, how can one install Ubuntu into already encrypted volumes? Second, how can one make sure that the encrypted volumes are mounted correctly at booting time?

The first step is to set up the logical volumes. Here, one can resize the file systems and the logical volumes to obtain enough space for the Ubuntu root partition and Ubuntu home partition.

The crucial step is to install Ubuntu using the recovery option on the alternate installation CD, as described here: http://ubuntuforums.org/showthread.php?t=1034910. This permits one to install Ubuntu into already encrypted logical volumes. Just follow the installation process, but make sure you do the partitioning manually such that you can choose to use the logical volumes for the Ubuntu installation.

Later in the installation process, it is probably best to leave the master boot record as it is, and skip this step. Editing the Arch grub menu afterwards is enough. Unfortunately, after installing Ubuntu, it cannot yet be booted. After loading the initramfs, the system will abort the booting process because the root partition is encrypted and cannot be mounted. One needs to tell the system that there is an encryption in place and how to open the encrypted partition. Also here, follow the advice on http://ubuntuforums.org/showthread.php?t=1034910 to edit the /etc/crypttab file in the BusyBox shell. Later this should be made permanent in Ubuntu, and the initramfs newly created.

Here is the final partition table:

  Name    Flags  Part Type  FS Type      [Label]        Size (MB)
  ---------------------------------------------------------------
  sda1    Boot    Primary   ext4         [boot]            139.83                                 
  sda3            Primary   ext2         [boot-ubuntu]     106.93
  sda2            Primary   crypto_LUKS                 319823.57
                  Pri/Log   Free Space                       2.62*

Final layout of volume group vgroup in /dev/sda2:

  home        vgroup      210.65g                                      
  home-ubuntu vgroup       47.80g                                      
  root        vgroup       25.00g
  root-ubuntu vgroup       10.00g                                      
  swap        vgroup        2.20g

Now both Arch and Ubuntu coexist peacefully on a LUKS-encrypted LVM-controlled partition.