0

Ubuntu 20.04's installer points you towards LVM + LUKS if you want your disk encrypted. I do. But I'm not sure what LVM adds.

e.g. I followed the easy option and installed this way. It set up:

  • physical EFI partition (537MB - bit small?)
  • physical extended partition
    • boot partition 1.5GB
    • LUKS
      • LVM
        • 1GB Swap (tiny!)
        • The rest: / (ext4)

Now I want to increase the swap, but there don't seem to be any tools to do this easily? LVM comes with lots of features but it seems that to resize this I still have to boot to rescue USB or such, fiddle around with my fingers crossed. At least in the old days I could use Gparted when needs demanded.

I thought LVM had lots of cool features like live resize, snapshots etc. and I thought it would be supported by a GUI tool (e.g. Gnome Disks) but it does not seem to be the case.

Is there a toolset or reasoning that I'm missing as to why Ubuntu's installer offers this when it seems to just make things less flexible? e.g. it's easier to shrink ext4 if you shrink it from the end not the beginning.

artfulrobot
  • 8,733

1 Answers1

0

The reason for this (I hazard) is that they want you only to need to enter the crypsetup/luks password once. We need some of the disk unencrypted (since the BIOS can't know how to unlock crypto partitions/disks), namely /boot (and the EFI partition if using UEFI).

So LUKS is applied to one partition but this partition must contain several partitions; in Ubuntu (desktop)'s rather limited but simple automated set-up, this would be a swap partition and the main root filesystem.

In order for one partition to be split into several block devices we need to use LVM (or at least LVM is one proven tool that can do this). So LVM.

It's good to have your swap encrypted. The other option would be to use a swap file in your encrypted root file system (which is actually what I did to get around Ubuntu creating a tiny 1GB swap partition).

Finally, for completeness' sake, I wanted a custom set of LVM logical volumes set up within my LUKS partition - one for the OS, one for swap and one for home.

From the live CD I created the LUKS encryption and LVM structures (see elsewhere), then used the installer to specify which to use for what in the normal way. However this created a problem: because the Ubuntu installer did not do its own cryptsetup it was unable to create an initramfs image that knew to offer crypt unlocking before looking for the root partition on the LVM logical volume.

This was solved by mounting the newly installed system, setting up /etc/crypttab with an initramfs parameter like so:

crypto UUID=1111-2222-3333-4444 none luks,discard,initramfs

...and adding CRYPTSETUP=y into /etc/cryptsetup-initramfs/conf-hook (credit for these tips from a unix.SE answer)

artfulrobot
  • 8,733