Install LMDE (Linux Mint Debian Edition) with LVM on LUKS (encryption) & hibernation support

notes-lmde-with-lvm-on-luks.txt

# Title: Install EFI-enabled LMDE (Linux Mint Debian Edition) 2 "Betsy" with LVM on LUKS (encryption) & hibernation support on GPT disk 
#
# Description: These are very rough notes for installing LMDE with
#   encryption via LVM on top of LUKS.
#     - This includes SWAP being within LUKS
#     - Includes fixing hibernation (which will also apply to Debian Jessie or greater)


########
# 1. Boot from LMDE DVD/USB/...


########
# 2. Wipe the target drive and create partitions
#  - be careful since the primary disk may be detected at a different path than /dev/sda
#  - the following will
#    - create a GPT
#    - create a 100MB /boot/efi partition
#    - create a 300MB /boot partition
#    - use the rest of disk for the LUKS encrypted volume

sudo - su # everything needs to be done as root

dd if=/dev/zero of=/dev/sda iflag=nocache oflag=direct bs=4096

apt-get install parted
parted -a optimal /dev/sda

print
mklabel gpt
unit mib
mkpart primary 1 100
mkpart primary 100 400
mkpart primary 400 -1
set 1 boot on
print
quit


########
# 3. Encrypt, format, and mount
cryptsetup luksFormat -c aes-xts-plain64 -s 512 -h sha512 -i 5000 -y /dev/sda3
cryptsetup luksDump /dev/sda3 # check your work


cryptsetup luksOpen /dev/sda3 lvmlocal

pvcreate /dev/mapper/lvmlocal
vgcreate lvmlocal /dev/mapper/lvmlocal
lvcreate -L 16G -n swap lvmlocal
lvcreate -L 20G -n root lvmlocal
lvcreate -l 100%FREE -n home lvmlocal

lvs # check your work

mkfs.fat -F 32 /dev/sda1
mkfs.ext4 /dev/sda2
mkfs.ext4 /dev/mapper/lvmlocal-root
mkfs.ext4 /dev/mapper/lvmlocal-home
mkswap -f /dev/mapper/lvmlocal-swap
swapon /dev/mapper/lvmlocal-swap


mkdir /target
mount /dev/mapper/lvmlocal-root /target
mkdir /target/boot /target/home
mount /dev/mapper/lvmlocal-home /target/home
mount /dev/sda2 /target/boot
mkdir /target/boot/efi
mount /dev/sda1 /target/boot/efi

# 4. Start installer
# - Click: Menu -> Administration -> Install Linux Mint
# - For the partitioning choose: (Advanced) manually mount
# - After the 1st part of the installer process completes, continue with steps below



# 5. A few extra steps to make the system ready
# Actually, it didn't work for me properly. I had to change the disk UUIDs in /etc/fstab manually after install (live boot from USB drive, get the UUIDs with gparted and put them into /etc/fstab)

LANG=C chroot /target /bin/bash

UUID_UEFI_PARTITION=$(blkid /dev/sda1 | sed -n 's/.*UUID=\"\([^\"]*\)\".*/\1/p')
UUID_BOOT_PARTITION=$(blkid /dev/sda2 | sed -n 's/.*UUID=\"\([^\"]*\)\".*/\1/p')
UUID_SWAP_PARTITION=$(blkid /dev/mapper/lvmlocal-swap | sed -n 's/.*UUID=\"\([^\"]*\)\".*/\1/p')
UUID_ROOT_PARTITION=$(blkid /dev/mapper/lvmlocal-root | sed -n 's/.*UUID=\"\([^\"]*\)\".*/\1/p')
UUID_HOME_PARTITION=$(blkid /dev/mapper/lvmlocal-home | sed -n 's/.*UUID=\"\([^\"]*\)\".*/\1/p')
cat > /etc/fstab << "EOF"
# <fs> <mount point>   <type> <options> <dump> <pass>
proc /proc    proc defaults 0 0
none /dev/pts    devpts gid=5,mode=620 0 0
#sys /sys    sysfs nodev,noexec,nosuid 0 0
EOF
echo "#UUID=${UUID_ROOT_PARTITION} /  ext4 defaults 0 0" >> /etc/fstab
echo "/dev/mapper/lvmlocal-root /  ext4 defaults 0 1" >> /etc/fstab  
echo "#UUID=${UUID_HOME_PARTITION} /  ext4 defaults 0 0" >> /etc/fstab
echo "/dev/mapper/lvmlocal-home /home  ext4 defaults 0 1" >> /etc/fstab
echo "UUID=${UUID_BOOT_PARTITION} /boot  ext4 defaults 0 1" >> /etc/fstab
echo "UUID=${UUID_UEFI_PARTITION} /boot/efi  vfat defaults 0 1" >> /etc/fstab
echo "#UUID=${UUID_SWAP_PARTITION} none  swap sw 0 0" >> /etc/fstab
echo "/dev/mapper/lvmlocal-swap none   swap sw 0 0" >> /etc/fstab

grep -v swap /etc/fstab >/etc/mtab

apt-get -y update
apt-get -y install tzdata lvm2 cryptsetup initramfs-tools python-software-properties

echo aes-i586 >> /etc/initramfs-tools/modules
echo aes_x86_64 >> /etc/initramfs-tools/modules
echo dm-crypt >> /etc/initramfs-tools/modules
echo dm-mod >> /etc/initramfs-tools/modules
echo xts >> /etc/initramfs-tools/modules

echo "lvmlocal   /dev/sda3   none   luks,tries=3" >> /etc/crypttab

vim /etc/default/grub
# update this line:
# GRUB_CMDLINE_LINUX="cryptdevice=/dev/sda3:lvmlocal root=/dev/mapper/lvmlocal-root resume=/dev/mapper/lvmlocal-swap"

dpkg-reconfigure locales
# I chose en_US.UTF-8


# 6. finish installer
#  - do not reboot

exit # exit chroot
umount /target/boot/efi
umount /target/boot
umount /target/home
umount /target

#reboot into newly installed system
reboot

# 7. Fix hibernation
# - this took some time to discover

sudo su -
apt-get install sysfsutils
echo "power/disk = shutdown" >> /etc/sysfs.d/local.conf
cat /sys/power/disk 
# output should look like this: platform [shutdown] reboot suspend 


# 8. All done. Test hibernation if you like
sudo pm-hibernate

A couple of nits:

• vim is not installed at the point where you suggest using it.
• After reboot, you presumably are in the new system, but perhaps should specify that. If you reboot onto the USB again you need to repeat the chroot.

More serious:

• If you paste stuff with tabs in it into bash, you don't get the tabs in the commands. Suggest replacing all tabs with spaces in this listing

Thx, @mc0e!
I've replaced tabs with spaces, if someone still need it.

Thanks @mc0e, we implemented LUKS and LVM support in LMDE 4 and this helped us :)