I went to install opensuse 13.2 on an existing luks partition. I chose expert partitioner. The partitions shown did not match my actual partitions on my hard disks. I opened up a command line and ran fdisk. It gave the expected results. I noticed that the partition manager was using cylinders and have read that is deprecated. It seems that one of my partitions is not on a cylinder boundary and that might be an issue. But it said that there were partitions which weren’t there. Where the second partition started (not on a cylinder boundary), it saw an extended partition which is not there.
Hello donharter,
some more information would be appreciated:
- Are you running a machine with BIOS or UEFI (details about the motherboard might be useful as well)?
- Is there a MBR or a GPT partition scheme on the disc you are trying to install to?
- Did you create the LUKS partition (to which you are trying to install) with the installer or before hand (if so, how was that archived)?
- Are you using BTRFS (which is the installers default) as file system?
Best regards
susejunky
Dell Studio 17 motherboard.
It has 2 disk drives. Luks partition previously existed. I tried cloning an existing 13.2 partition but ran into problems. I decided an new install would take care of the many issues that I had.
I am using ext type file systems.
Hello donharter,
As far as i can remember the installer offers two options to change the partition setup:
- One will give you a setup as proposed by the installer (which is not on the disk yet!) and allows you to change it.
- The other shows the real partition setup of your disks and you can create your own.
Are you sure, you used the latter and not the first one which shows a (yet) non existing disc partition setup?
Is this a BIOS based machine that uses a MBR partition scheme (no UEFI, no GPT)?
Is that openSUSE 13.2 (or any other OS like MS Windows) still on the machine?
To give us a better understanding of your problem, you should post what you can see in the installer (picture) and the output of “fdisk”.
Best regards
susejunky
LUKS (Linux Unified Key Setup) - fine.
Why did you think that the openSUSE installer could deal with this?
I use an encrypted home partition on my laptop as well (encryption chosen by means of the partitioner of openSUSE during installation).
If I would have to install a newer openSUSE on that PC, I would choose to re-format this partition.
Of course I would like to backup the user contents of this partition before proceeding
There is a button that rereads the disk configuration. I clicked it and it read the correct configuration. When someone chooses a custom config it needs to automatically choose the refresh. I was seeing what was leftover from the suggested changes.
suse 13.2 won’t allow you to install the root partition to a luks drive. It is not that it is not possible; it just won’t allow you to do that.
Sure, it will. That’s how I have done it on all of my installs.
I think your mistake was to click “Expert Partitioner”. I vaguely recall that I tried that, realized it was a mistake, and clicked “Back”.
You should, instead, click “Create partition setup”. On the next screen, select “Custom partitioning” That gives only what is already on the disk, and allows you to choose existing partitions (or create new ones if you want).
I did that and chose a luks partition to be mounted as /. A message box then popped up and said that is not possible.
Pehaps you were doing an upgrade and it behaves differently.
Okay. That has never worked. If you want encrypted root, the only supported method is to use an encrypted LVM, with the root file system inside the LVM.
Personally, I put root, home and swap as logical volumes within the LVM partition. But some people put only root there, so that they have an encrypted root partition except that there a little overhead for the LVM control stuff. I think you have to prepare the LVM before you start the install. It’s a bit tricky to do it during the install.
In addition, I use a small unencrypted “/boot” (500M using “ext2”). I don’t think you can encrypt root without that.
Yes, because the grub stages probably don’t have enough room to hold all the decryption code.
grub2 supports LUKS encryption but I’m not sure if YaST supports this setup. Also using encrypted /boot means that a) you are not able to boot unattended and b) you have to enter passphrase at least twice as there is no official interface to pass it between bootloader and kernel. And we definitely do not want to have it in /proc/cmdline after boot.
I tried that several days ago, and it did not work. I first tried with opensuse 13.2, then with Tumbleweed.
Yast seemed quite happy to install that way. It set “GRUB_ENABLE_CRYPTODISK=y” in “/etc/default/grub”.
However, when I tried booting, it immediately went to a grub shell. Using TAB gave a list of available grub commands, but I did not see anything related to crypto.
I only tried this with UEFI and secure-boot, because I don’t think it makes sense elsewhere. But perhaps it would have worked with an MBR install or without secure-boot. It looked to me as if secure-boot is using a “shim.efi” and “grub.efi” which don’t include any crypto support.
I tried that again. The same problem (grub shell).
So I disabled secure-boot, and I booted from the non-secure NVRAM boot entry. And that works.
I guess I need to file a bug report on this.
Reported as Bug 917427.
I have not been able to get 13.2 to run off a luks root(/) partition. You also get other problems. I ran dracut debug. I t would timeout and then shutdown even though I set rd.timeout=0. I would manually run the cryptsetup command and the system would just hang. I tried to mount a jump drive to save the bug report file. udev saw the jump drive but no device was created. So I could not easily mount it before the timeout. If you look at the dracut man page , the section on accessing the root volume from the dracut shell, the procedure is for LVM. cryptsetup is used in a different way than I have in the past. Before I might type “cryptsetup luksOpen /dev/sdb3 root” and then “mount -t ext4 /dev/mapper/root /”. In the man page /dev/mapper is in the cryptsetup command. There are also command line kernel boot parameters which don’t seem to work such as rd.luks rd.luks.crypttab=0 plymouth.enable=0 rd.auto
And then even if I get the root partition mounted X does not work. Sometimes I get messages about “virtual box” or it does not auto discover my input devices. (udev issue??) or it says there is no screen definition because of some error message.
Someone else had problems with that. I recall seeing a discussion on the opensuse mailing list. It was probably this thread.
Encrypted root file system has never been officially supported, though people have managed. Your easiest alternative would be to convert that LUKS encrypted partition to an LVM, with a single volume inside for root. That is supported.