On 03/08/2016 03:02 PM, Frank Steinmetzger wrote: > On Tue, Mar 08, 2016 at 02:03:27PM -0800, Willie Matthews wrote: >> On 03/08/2016 01:41 PM, Frank Steinmetzger wrote: >>> Hi folks >>> >>> I’m trying to follow an article¹ on setting up a fully encrypted system for >>> my soon-to-arrive laptop. It and others (e.g. ² in a very condensed form) >>> simply luksFormat a block device, then luksOpen it and run pvcreate on that. >>> [...] >> If I am not mistaken you have to create a partition on the drive before >> you can use "pvcreate /dev/sda1". > > Please look again: I run pvcreate on a LUKS container, not a partition. ;) > The container itself resides on the first GPT partition of the SSD. > > In condensed form, I did what ² in my OP was saying: > parted -s /dev/sda mklabel msdos > parted -s /dev/sda mkpart primary 2048s 100% > cryptsetup luksFormat /dev/sda1 > cryptsetup luksOpen /dev/sda1 lvm > pvcreate /dev/mapper/lvm > -- poof -- > (only I used GPT instead of MSDOS because of UEFI) > >> If you would like to get rid of the /run/lvm/lvmetad.socket error just >> start lvm with "service lvm start". I still get the error when starting >> up but it still works. > > I noticed that and quickly found /etc/init.d/lvmetad, but since I'm doing > only the setup on this PC, I don't realler bother. > >> I used your first link to do a full encrypted secure boot install of >> Gentoo. >> (https://wiki.gentoo.org/wiki/Sakaki%27s_EFI_Install_Guide/Preparing_the_LUKS-LVM_Filesystem_and_Boot_USB_Key). >> It works like a charm. > > Good to know. > >> If you don't want to use a USB key to boot every time make sure you make >> a small partition on the drive to hold all the information for your >> encryption and secure boot files. I made that mistake and it took a >> while to fix. > > I keep an ESP at the end of the SSD of ~700 megs. That way I can also keep a > sysrescuecd ISO around. (Sort of the Gentoo way of a recovery partition ^^ ). > > Cheers. >
What does pvdisplay printout? -- Willie Matthews matthews.willi...@gmail.com (702) 659-9966
signature.asc
Description: OpenPGP digital signature
