On Tue, Mar 08, 2016 at 02:03:27PM -0800, Willie Matthews wrote: > On 03/08/2016 01:41 PM, Frank Steinmetzger wrote: > > Hi folks > > > > I’m trying to follow an article¹ on setting up a fully encrypted system for > > my soon-to-arrive laptop. It and others (e.g. ² in a very condensed form) > > simply luksFormat a block device, then luksOpen it and run pvcreate on that. > > [...] > If I am not mistaken you have to create a partition on the drive before > you can use "pvcreate /dev/sda1".
Please look again: I run pvcreate on a LUKS container, not a partition. ;) The container itself resides on the first GPT partition of the SSD. In condensed form, I did what ² in my OP was saying: parted -s /dev/sda mklabel msdos parted -s /dev/sda mkpart primary 2048s 100% cryptsetup luksFormat /dev/sda1 cryptsetup luksOpen /dev/sda1 lvm pvcreate /dev/mapper/lvm -- poof -- (only I used GPT instead of MSDOS because of UEFI) > If you would like to get rid of the /run/lvm/lvmetad.socket error just > start lvm with "service lvm start". I still get the error when starting > up but it still works. I noticed that and quickly found /etc/init.d/lvmetad, but since I'm doing only the setup on this PC, I don't realler bother. > I used your first link to do a full encrypted secure boot install of > Gentoo. > (https://wiki.gentoo.org/wiki/Sakaki%27s_EFI_Install_Guide/Preparing_the_LUKS-LVM_Filesystem_and_Boot_USB_Key). > It works like a charm. Good to know. > If you don't want to use a USB key to boot every time make sure you make > a small partition on the drive to hold all the information for your > encryption and secure boot files. I made that mistake and it took a > while to fix. I keep an ESP at the end of the SSD of ~700 megs. That way I can also keep a sysrescuecd ISO around. (Sort of the Gentoo way of a recovery partition ^^ ). Cheers. -- Gruß | Greetings | Qapla’ Please do not share anything from, with or about me with any social network. Shut up, I see something!
signature.asc
Description: Digital signature
