Re-install / upgrade to Ubuntu 9.10 and keep encrypted data from previous version
When Ubuntu first started with encrypted hard drive support, I made a LVM system inside the encrypted system. I do not like to upgrade Ubuntu from one version to another, and I do not want to copy all my data for each installation. My LVM system therefore have root, swap and home, so that home can survive the re-installation.
Unfortunately, the installer (the alternative one) do not recognise the encrypted hard drive, and is therefore not able to use it. This little guide helps you to reuse your LVM layout - and your data!
NB: Use this guide at your own risk!
Encrypted home partition, using LUKS in Ubuntu Feisty Fawn
This guide will very briefly describe how to setup an encrypted LUKS partition and mount it on log in.
Preparation
Start by installing the software needed:
sudo apt-get install libpam-mount cryptsetup
Add these line to /etc/initramfs-tools/modules
dm_mod
dm_crypt
sha256
aes_i586
and update the initrd-image with
sudo update-initramfs -u all
Making the encrypted partition
Remember to take BACKUP, because all data at /dev/sda6 will be lost!!!
Now we have to make the encrypted partition, in this example the devices name is /dev/sda6. First we load the needed modules
sudo modprobe dm_crypt
sudo modprobe sha256
sudo modprobe aes_i586
and the make the LUKS-partiton (use your log-in password):
sudo cryptsetup luksFormat /dev/sda6
Now /dev/sda6 has the LUKS format, and can be attached to /dev/mapper:
sudo cryptsetup luksOpen /dev/sda6 encrypted_home
And then we can make a file system on it, here ext3
sudo mkfs.ext3 -j -O dir_index -m 0 -v /dev/mapper/encrypted_home
Finally we can mount the partition, to see if it works
sudo mount /dev/mapper/encrypted_home /mnt
Unmount and close the LUKS partition:
sudo umount /mnt
sudo cryptsetup luksClose encrypted_home
Setting up pam_mount
Insert
auth optional /lib/security/pam_mount.so use_first_pass
into /etc/pam.d/common-auth
and
session optional /lib/security/pam_mount.so
into /etc/pam.d/common-session
Now create a mount point for the LUKS partition
sudo mkdir /encrypted_home
sudo chmod 777 /encrypted_home
And add
volume foo crypt - /dev/sda6 /encrypted_home cipher=aes - -
into /etc/security/pam_mount.conf
This means that every time the user foo logs in, the LUKS partition will be mounted on /encrypted_home, using the password foo entered. Therefor the LUKS password has to be the same as the log in password.
Log out, log in and see if it works :)
This is inspirited by:
http://thomasdamgaard.dk/blog/article/krypteret-swap-og-root-filsystem-med-luks-og-ubuntu
Tags
Change is comming…
Calender
| M | T | W | T | F | S | S |
|---|---|---|---|---|---|---|
| « Jan | ||||||
| 1 | 2 | 3 | 4 | 5 | ||
| 6 | 7 | 8 | 9 | 10 | 11 | 12 |
| 13 | 14 | 15 | 16 | 17 | 18 | 19 |
| 20 | 21 | 22 | 23 | 24 | 25 | 26 |
| 27 | 28 | 29 | ||||
Blogroll
Recent Comments
- Kristina V. Pedersen on Solbærflødeboller
- Christoffer Kjølbæk on Rugbrød lavet på surdej
- Michael Alsted on Rugbrød lavet på surdej
- Christoffer Kjølbæk on Rugbrød lavet på surdej
- charlotte Undall on Rugbrød lavet på surdej
Archives
- January 2012 (1)
- December 2011 (1)
- November 2011 (1)
- July 2011 (3)
- April 2011 (1)
- March 2011 (1)
- October 2010 (2)
- August 2010 (1)
- July 2010 (2)
- June 2010 (4)
- May 2010 (1)
- April 2010 (8)
- March 2010 (3)
- February 2010 (2)
- January 2010 (7)
- December 2009 (5)
- November 2009 (11)
- September 2009 (4)
- August 2009 (6)
- July 2009 (8)
- June 2009 (1)
- May 2009 (1)
- April 2009 (1)
- March 2009 (4)
- February 2009 (3)
- January 2009 (5)
- December 2008 (1)
- November 2008 (4)
- October 2008 (4)
- September 2008 (4)
- August 2008 (3)
- June 2008 (3)
- May 2008 (5)
- April 2008 (11)
- March 2008 (1)
- December 2007 (2)
- November 2007 (2)
- October 2007 (1)
- September 2007 (3)
- May 2007 (4)
- April 2007 (3)
- March 2007 (1)
- February 2007 (3)
- January 2007 (5)