Looking to install Fedora with LVM on LUKS

+----------------+ +---------------------------------------------------------------------------+
|                | |Logical volume1        | Logical volume2        | Logical volume3          |
| Boot partition | |/dev/mapper/lvolsnap   | /dev/mapper/volroot    | /dev/mapper/lvolhome     |
|    (systemd    | |_ _ _ _ _ _ _ _ _ _ _ _|_ _ _ _ _ _ _ _ _ _ _ _ |_ _ _ _ _ _ _ _ _ _ _ _ _ |
|      boot)     | |                                                                           |
|                | |                        LUKS encrypted partition                           |
| /dev/vda1      | |                          /dev/vda2                                        |
+----------------+ +---------------------------------------------------------------------------+ 

I’m looking into a Fedora 34 set up with the entire /root /home and snapshot volumes to be inside a LUKS container. The installer is not much help on this. Does anyone have any tips? I have created a LUKS container, and have no problem with a vfat boot partition using systemd-boot. I guess i’m stuck at passing kernel parameters, fstab, dracut? Any help is appreciated !

I did something very similiar recently except I did btrfs on luks instead of lvm on luks. That being said, I think the process would be the same.

The blivet partitioning tool in the installer can pretty easily handle the luks partition, lvm and the efi partition. The challenge I had was that it wants an unencrypted /boot for grub.

I created a small partition for /boot formatted to ext4. Then I let the installer complete the installation as normal.

After install, I removed grub, installed systemd-boot and deleted /boot partition. I have done this quite a few times and I saved all the commands I used to do that if you want them.

2 Likes

I have frequently removed grub from my installs because of my setups. So I’m fairly comfortable with that.

I’ll give it a try ! Thanks for the tip, I’ve had a “iffy” relationship with blivet constantly crashing during the process. I’ll give it a go and post my results !

1 Like

If that road doesn’t work out for some reason another random tip I would give you(you may already know this) is that you can put all your kernel options in /etc/kernel/cmdline. kernel-install will normally grab your running kernel options when building the systemd-boot entries for you. However, if you are in a chroot or changing your config that doesn’t really work. In this case you can edit /etc/kernel/cmdline and it will get picked up from there.

1 Like

I’m considering getting this to work first, then switching to systemd-boot. Here is what I have so far… :

Here is what I want :

Instead of selecting xfs as the filesystem for the luks partition, select “LVM Physical Volume”, click the encrypt button.

Then you will have this:

Then you can right-click on that and select new and give the volume group a name. Then you will get this:

If you click on your volume group, you can then add as many volume as you want.

Be sure not to choose to encrypt those as they are already in an encrypted container.

2 Likes

We shared a brain !

and

i’ll give this a try ! Thanks for taking the time out to create a vm for this !

The free space is for a snapshot partition… thats the next step.

P.S :

I guess my only concern left is that the drive will only have a visible LUKS and the boot partitons. and not that it’s a boot artition + a Volume Group encrypted with LUKS. I’ll post updates later.

Thanks again :exclamation:

2 Likes

@dalto

Looks great and ready for a deep inspection.

Thanks again :exclamation: :+1:

2 Likes

Here is a pic of tree /boot and a side by side with gparted for a very small bootloader (systemd-boot)

2 Likes