[dm-crypt] please HELP - can't acces encrypted LVM after linux reinstallation.

Quentin Lefebvre alto.spam at laposte.net
Mon Oct 31 09:47:40 CET 2011

On 31/10/2011 01:30, Aleksander Swirski wrote :
> I'm pretty sure this warning is only displayed when someone decides to
> create new crypto on some partition or fill encrypted device with random
> data in the next step after setting the password. but just setting the
> password on an existing device makes data unusable without warning. when
> the partitioning is finished there is a list of partitions that will be
> wiped out, and also, during my installation crypto-deviced and /home inside
> LVM was not listed there, but already lost few clicks earlier.
> i understand that it wasn't taken into consideration that someone can
> attach existing encrypted device, but only that a new one will be created.
> this is inconsistent with how it goes with unencrypted partitions, where
> you can reattach them without formatting and keep your data. so i guess
> with encrypted partition this should also work that way. or maybe i miss
> the point? i will try to make the whole scenario clear, and then send my
> proposition, to debian-boot at lists.debian.org


Indeed, it seems that improvements can be done for the Debian installer
to better handle crypto disks and partitions. With the little experience
I have about using encrypted partitions with LUKS/cryptsetup under/over
LVM, I would not have tried to attach an existing encrypted device
through the installer menu, as I know pretty well that few scenarios are
handled at this point.
Hopelessly, what you had to do in your case was to switch to a console
to make changes by hand or, if you could, wait for the reboot of your
fresh install to edit the system files and mount old volumes this way.

I agree on the point you mention, i.e. encryption could be better
integrated in the installer so that assisted mounting of old encrypted
partitions becomes possible.
In my particular case, it would be *very* valuable that other encryption
schemes get integrated in the linux kernel / initrd used by the Debian
installer, because the latter cannot either create or mount my encrypted
partitions (which need the 'xts' module). At least not with additional
work... Installing my system is really complicated by this limitation,
as I have to :

 1) ( *before* launching the installer) find the appropriate kernel
modules and put them on a USB key (I sometimes installed a useless
system just for that)
 2) (during the installation process) manually partition the disks in a
console, with the necessary step of loading the modules I use
 3) (at the end of the installation process, *before* reboot ) 'chroot
/target' to
    a) edit the /etc/cryptab file and add my encrypted devices
    b) edit the /etc/initramfs-tools/modules and add the appropriate modules
    c) *run* 'mkinitramfs -k all -u -v'
    d) check grub and fstab config (no longer necessary ?)
    e) exit
Only after these operations, I can safely switch back to the installer
and reboot the system, with the hope my root filesystem will be
correctly opened.

I would be happy to help Debian developers regarding this kind of
install, but I have always delayed the moment I contact them. If you are
planning to do so, I would be interested to be included in the
discussion and give my feedback too.


More information about the dm-crypt mailing list