Install LMDE (Linux Mint Debian Edition) with LVM on LUKS (encryption) & hibernation support

notes-lmde-with-lvm-on-luks.txt

# Title: Install LMDE (Linux Mint Debian Edition) 17 with LVM on LUKS (encryption) & hibernation support
#
# Description: These are very rough notes for installing LMDE with
#   encryption via LVM on top of LUKS.
#     - This includes SWAP being within LUKS
#     - Includes fixing hibernation (which will also apply to Debian Jessie or greater)


########
# 1. Boot from LMDE DVD/USB/...


########
# 2. Wipe the target drive and create partitions
#  - be careful since the primary disk may be detected at a different path than /dev/sda
#  - the following will
#    - create a traditional msdos (not GPT) MBR since my BIOS doesn't work with GPT
#    - create a 300MB /boot partition
#    - use the rest of disk for the LUKS encrypted volume

sudo - su # everything needs to be done as root

dd if=/dev/zero of=/dev/sda iflag=nocache oflag=direct bs=4096

apt-get install parted
parted -a optimal /dev/sda

print
mklabel msdos
unit mib
mkpart primary 1 300
set 1 boot on
mkpart primary 300 -1
print
quit


########
# 3. Encrypt, format, and mount
cryptsetup luksFormat -c aes-xts-plain64 -s 512 -h sha512 -i 5000 -y /dev/sda2
cryptsetup luksDump /dev/sda2 # check your work


cryptsetup luksOpen /dev/sda2 lvmlocal

pvcreate /dev/mapper/lvmlocal
vgcreate lvmlocal /dev/mapper/lvmlocal
lvcreate -L 16G -n swap lvmlocal
lvcreate -L 20G -n root lvmlocal
lvcreate -l 100%FREE -n home lvmlocal

lvs # check your work

mkfs.ext4 /dev/sda1
mkfs.ext4 /dev/mapper/lvmlocal-root
mkfs.ext4 /dev/mapper/lvmlocal-home
mkswap -f /dev/mapper/lvmlocal-swap
swapon /dev/mapper/lvmlocal-swap


mkdir /target
mount /dev/mapper/lvmlocal-root /target
mkdir /target/boot /target/home
mount /dev/mapper/lvmlocal-home /target/home
mount /dev/sda1 /target/boot

# 4. Start installer
# - Click: Menu -> Administration -> Install Linux Mint
# - For the partitioning choose: (Advanced) manually mount
# - After the 1st part of the installer process completes, continue with steps below



# 5. A few extra steps to make the system ready

LANG=C chroot /target /bin/bash

UUID_BOOT_PARTITION=$(blkid /dev/sda1 | sed -n 's/.*UUID=\"\([^\"]*\)\".*/\1/p')
UUID_SWAP_PARTITION=$(blkid /dev/mapper/lvmlocal-swap | sed -n 's/.*UUID=\"\([^\"]*\)\".*/\1/p')
UUID_ROOT_PARTITION=$(blkid /dev/mapper/lvmlocal-root | sed -n 's/.*UUID=\"\([^\"]*\)\".*/\1/p')
UUID_HOME_PARTITION=$(blkid /dev/mapper/lvmlocal-home | sed -n 's/.*UUID=\"\([^\"]*\)\".*/\1/p')
cat > /etc/fstab << "EOF"
# <fs>	<mount point>			<type>	<options>	<dump> <pass>
proc	/proc				proc	defaults	0 0
none	/dev/pts 			devpts	gid=5,mode=620	0 0
#sys	/sys				sysfs	nodev,noexec,nosuid	0 0
EOF
echo "#UUID=${UUID_ROOT_PARTITION} /		ext4 defaults 0 0" >> /etc/fstab
echo "/dev/mapper/lvmlocal-root /		ext4 defaults 0 1" >> /etc/fstab  
echo "#UUID=${UUID_HOME_PARTITION} /		ext4 defaults 0 0" >> /etc/fstab
echo "/dev/mapper/lvmlocal-home /home 	ext4 defaults 0 1" >> /etc/fstab
echo "UUID=${UUID_BOOT_PARTITION} /boot 	ext4 defaults 0 1" >> /etc/fstab
echo "#UUID=${UUID_SWAP_PARTITION} none 	swap sw 0 0" >> /etc/fstab
echo "/dev/mapper/lvmlocal-swap none 		swap sw 0 0" >> /etc/fstab

grep -v swap /etc/fstab >/etc/mtab

apt-get -y update
apt-get -y install tzdata lvm2 cryptsetup initramfs-tools python-software-properties

echo aes-i586 >> /etc/initramfs-tools/modules
echo aes_x86_64 >> /etc/initramfs-tools/modules
echo dm-crypt >> /etc/initramfs-tools/modules
echo dm-mod >> /etc/initramfs-tools/modules
echo xts >> /etc/initramfs-tools/modules

echo "lvmlocal   /dev/sda2   none   luks,tries=3" >> /etc/crypttab

vim /etc/default/grub
# update this line:
# GRUB_CMDLINE_LINUX="cryptdevice=/dev/sda2:lvmlocal root=/dev/mapper/lvmlocal-root resume=/dev/mapper/lvmlocal-swap"

dpkg-reconfigure locales
# I chose en_US.UTF-8


# 6. finish installer
#  - do not reboot

umount /target/boot
umount /target/home
umount /target

reboot

# 7. Fix hibernation
# - this took some time to discover

sudo su -
apt-get install sysfsutils
echo "power/disk = shutdown" >> /etc/sysfs.d/local.conf
cat /sys/power/disk 
# output should look like this: platform [shutdown] reboot suspend 


# 8. All done. Test hibernation if you like
sudo pm-hibernate

Im trying to setup a gtp based hdd with a uefi install on a Hackintosh. I want to run mint encrypted along mac os x. My bootloader is called CLOVER and installed on /dev/sda1. I tried to adapt your instruction but Im unable to boot linux mint. It wont get recognized from CLOVER. Any suggestions?

Copy and pasted line for line in new LMDE2 setup. After installation has finished and rebooted, on boot, the cryptsetup password is not asked for and the error messages state that it cannot find lvmlocal-root.
Tried this procedure twice with same result.
I think you've missed something out.

@davep: Maybe a little late, but since I also stumbled over your issue I wanted to share the related (still open) bug the way to the solution below the very helpful HowTo above – which I found a little too late. :)
https://bugs.launchpad.net/linuxmint/+bug/1000569

@seanorama: just wanted to point out that there is no "LMDE (Linux Mint Debian Edition) 17." There's Linux Mint 17 (based on Ubuntu). Probably what you're referring to is LMDE 2 "Betsy", based on Debian Jessie. ;)
Cheers!

I've made changes to the write-up to work with EFI (and GPT): https://gist.github.com/Nokta-strigo/c13c6fc116b40d0c7a0f87f0b47e72ce