5 comments on “Gentoo full disk encryption with LUKS and LVM2

  1. very usefull guide, thank you 🙂
    I just wondering why I need to mount in separated script my crypt lvhome part and activate swap;

    • If you’re referring to the initramfs setup its due to the fact that you need to decrypt the rootfs before the kernel can continue its boot up process. Anytime the kernel cannot simply run the init script off the rootfs you’ll most likely need to embed or include an initramfs. For an encrypted rootfs or if we were using software RAID we need to create an initramfs.

      Hope that answers your question.

  2. No, I understand the initramfs purpose of decrypt etc.
    I asking about the post boot script to manually scan nodes and mount other decryptem FS — 40_fixlvmnodes.start

    I notified that after succesfull boot, I’ve only main ‘/’ FS mounted and for example my second encrypted part ‘lvhome, and lvswap’ is not available and I need to active scan nodes, activate rootvg and mount -a ;
    Or use after-startup script like in above example – 40_fixlvmnodes.start.

    • Ah right. So I’m not sure why the devices seem to disappear after the initramfs is done (except rootfs). I assume adding lvm2 via rc-update (or whatever startup script adding tool you might use) to automatically scan for lvm devices and add them to the device path would work just as well but never got around to trying as my own script did just that.

      If there is a way to make the devices created in initramfs persistent or communicate them to real rootfs I’m not aware of it. At some point I replaced the init script lines:

      /sbin/lvm lvchange -aly vg/swap
      /sbin/lvm lvchange -aly vg/root


      /sbin/lvm lvchange -a y vg

      but my start script is still there so I assume (thanks to not documenting) that it didn’t make a difference. If you’re interested in trying that I’d be interested in knowing how it works for you.

Leave a Reply

Your email address will not be published. Required fields are marked *