# Title: Install LMDE (Linux Mint Debian Edition) 17 with LVM on LUKS (encryption) & hibernation support # # Description: These are very rough notes for installing LMDE with # encryption via LVM on top of LUKS. # - This includes SWAP being within LUKS # - Includes fixing hibernation (which will also apply to Debian Jessie or greater) ######## # 1. Boot from LMDE DVD/USB/... ######## # 2. Wipe the target drive and create partitions # - be careful since the primary disk may be detected at a different path than /dev/sda # - the following will # - create a traditional msdos (not GPT) MBR since my BIOS doesn't work with GPT # - create a 300MB /boot partition # - use the rest of disk for the LUKS encrypted volume sudo - su # everything needs to be done as root dd if=/dev/zero of=/dev/sda iflag=nocache oflag=direct bs=4096 apt-get install parted parted -a optimal /dev/sda print mklabel msdos unit mib mkpart primary 1 300 set 1 boot on mkpart primary 300 -1 print quit ######## # 3. Encrypt, format, and mount cryptsetup luksFormat -c aes-xts-plain64 -s 512 -h sha512 -i 5000 -y /dev/sda2 cryptsetup luksDump /dev/sda2 # check your work cryptsetup luksOpen /dev/sda2 lvmlocal pvcreate /dev/mapper/lvmlocal vgcreate lvmlocal /dev/mapper/lvmlocal lvcreate -L 16G -n swap lvmlocal lvcreate -L 20G -n root lvmlocal lvcreate -l 100%FREE -n home lvmlocal lvs # check your work mkfs.ext4 /dev/sda1 mkfs.ext4 /dev/mapper/lvmlocal-root mkfs.ext4 /dev/mapper/lvmlocal-home mkswap -f /dev/mapper/lvmlocal-swap swapon /dev/mapper/lvmlocal-swap mkdir /target mount /dev/mapper/lvmlocal-root /target mkdir /target/boot /target/home mount /dev/mapper/lvmlocal-home /target/home mount /dev/sda1 /target/boot # 4. Start installer # - Click: Menu -> Administration -> Install Linux Mint # - For the partitioning choose: (Advanced) manually mount # - After the 1st part of the installer process completes, continue with steps below # 5. A few extra steps to make the system ready LANG=C chroot /target /bin/bash UUID_BOOT_PARTITION=$(blkid /dev/sda1 | sed -n 's/.*UUID=\"\([^\"]*\)\".*/\1/p') UUID_SWAP_PARTITION=$(blkid /dev/mapper/lvmlocal-swap | sed -n 's/.*UUID=\"\([^\"]*\)\".*/\1/p') UUID_ROOT_PARTITION=$(blkid /dev/mapper/lvmlocal-root | sed -n 's/.*UUID=\"\([^\"]*\)\".*/\1/p') UUID_HOME_PARTITION=$(blkid /dev/mapper/lvmlocal-home | sed -n 's/.*UUID=\"\([^\"]*\)\".*/\1/p') cat > /etc/fstab << "EOF" # proc /proc proc defaults 0 0 none /dev/pts devpts gid=5,mode=620 0 0 #sys /sys sysfs nodev,noexec,nosuid 0 0 EOF echo "#UUID=${UUID_ROOT_PARTITION} / ext4 defaults 0 0" >> /etc/fstab echo "/dev/mapper/lvmlocal-root / ext4 defaults 0 1" >> /etc/fstab echo "#UUID=${UUID_HOME_PARTITION} / ext4 defaults 0 0" >> /etc/fstab echo "/dev/mapper/lvmlocal-home /home ext4 defaults 0 1" >> /etc/fstab echo "UUID=${UUID_BOOT_PARTITION} /boot ext4 defaults 0 1" >> /etc/fstab echo "#UUID=${UUID_SWAP_PARTITION} none swap sw 0 0" >> /etc/fstab echo "/dev/mapper/lvmlocal-swap none swap sw 0 0" >> /etc/fstab grep -v swap /etc/fstab >/etc/mtab apt-get -y update apt-get -y install tzdata lvm2 cryptsetup initramfs-tools python-software-properties echo aes-i586 >> /etc/initramfs-tools/modules echo aes_x86_64 >> /etc/initramfs-tools/modules echo dm-crypt >> /etc/initramfs-tools/modules echo dm-mod >> /etc/initramfs-tools/modules echo xts >> /etc/initramfs-tools/modules echo "lvmlocal /dev/sda2 none luks,tries=3" >> /etc/crypttab vim /etc/default/grub # update this line: # GRUB_CMDLINE_LINUX="cryptdevice=/dev/sda2:lvmlocal root=/dev/mapper/lvmlocal-root resume=/dev/mapper/lvmlocal-swap" dpkg-reconfigure locales # I chose en_US.UTF-8 # 6. finish installer # - do not reboot umount /target/boot umount /target/home umount /target reboot # 7. Fix hibernation # - this took some time to discover sudo su - apt-get install sysfsutils echo "power/disk = shutdown" >> /etc/sysfs.d/local.conf cat /sys/power/disk # output should look like this: platform [shutdown] reboot suspend # 8. All done. Test hibernation if you like sudo pm-hibernate