baumi's blog

baumi's personal blog … Linux, OS X, Windows, Random things, …

Elementary OS: properly mounting an encrypted clonezilla/dd backup with LUKS + LVM (changing identical UUIDs)

During extensive configuration of my new system i did a f***up and ended up having a system that doesn’t boot but holding all data, and luckily – i’ve had a several days old bootable system (without the most recent data). So i ended up restoring the bootable system and then trying to mount the 1:1 clone (dd/clonezilla) of the broken system that holds all recent data. So here is how i solved it. I’m NOT claiming this is the best/nicest/cleanest/preferred way of doing it. It just works for me + solved my problem.

This is my system after booting and the BACKUP connected via USB to /dev/sdb:

root@t450s:~# lsblk
NAME                        MAJ:MIN RM   SIZE RO TYPE  MOUNTPOINT
sda                           8:0    0 931,5G  0 disk  
├─sda1                        8:1    0   487M  0 part  /boot
├─sda2                        8:2    0     1K  0 part  
└─sda5                        8:5    0   931G  0 part  
  └─sda5_crypt              252:0    0   931G  0 crypt 
    ├─elementary--vg-root   252:1    0 919,3G  0 lvm   /
    └─elementary--vg-swap_1 252:2    0  11,7G  0 lvm   
      └─cryptswap1          252:3    0  11,7G  0 crypt [SWAP]
sdb                           8:16   0   1,8T  0 disk  
├─sdb1                        8:17   0   487M  0 part  
├─sdb2                        8:18   0     1K  0 part  
└─sdb5                        8:21   0   931G  0 part  

Because of the 1:1 clone (dd/clonezilla) the UUID are equal:

root@t450s:~# blkid | grep /dev/sd.5
/dev/sda5: UUID="6974b4f3-f50d-4ad8-ad07-0652dd5359f2" TYPE="crypto_LUKS" PARTUUID="7b90aef6-05"
/dev/sdb5: UUID="6974b4f3-f50d-4ad8-ad07-0652dd5359f2" TYPE="crypto_LUKS" PARTUUID="7b90aef6-05"

So when i tried mounting the LUKS on /dev/sdb5, this is what happened:

root@t450s:~# lsblk
NAME                        MAJ:MIN RM   SIZE RO TYPE  MOUNTPOINT
sda                           8:0    0 931,5G  0 disk  
├─sda1                        8:1    0   487M  0 part  /boot
├─sda2                        8:2    0     1K  0 part  
└─sda5                        8:5    0   931G  0 part  
sdb                           8:16   0   1,8T  0 disk  
├─sdb1                        8:17   0   487M  0 part  
├─sdb2                        8:18   0     1K  0 part  
└─sdb5                        8:21   0   931G  0 part  
  └─sda5_crypt              252:0    0   931G  0 crypt 
    ├─elementary--vg-root   252:1    0 919,3G  0 lvm   /
    └─elementary--vg-swap_1 252:2    0  11,7G  0 lvm   
      └─cryptswap1          252:3    0  11,7G  0 crypt [SWAP]

That sucks. Obviously mounting the backup will mask my booted root system. But that makes sense. I assume this is happening because the UUID is fixed to sda5_crypt in /etc/crypttab:

root@t450s:~# cat /etc/crypttab | grep _crypt
sda5_crypt UUID=6974b4f3-f50d-4ad8-ad07-0652dd5359f2 none luks,discard

Besides the UUIDs being equal, the LVM volumegroup inside the LUKS will also be identical (elementary-vg). But lets first change the UUID of our encrypted backup disk LUKS partition:

root@t450s:~# cryptsetup luksUUID /dev/sda5
6974b4f3-f50d-4ad8-ad07-0652dd5359f2

root@t450s:~# cryptsetup luksUUID /dev/sdb5
6974b4f3-f50d-4ad8-ad07-0652dd5359f2

root@t450s:~# cryptsetup luksUUID /dev/sdb5 --uuid 6974b4f3-f50d-4ad8-ad07-0652dd5359f3

WARNING!
========
Wollen Sie wirklich die UUID des Geräts ändern?

Are you sure? (Type uppercase yes): YES

root@t450s:~# cryptsetup luksUUID /dev/sdb5
6974b4f3-f50d-4ad8-ad07-0652dd5359f3

root@t450s:~# 

Now we have changed the 2 at the end of UUID for /dev/sdb5 into a 3. It won’t be masking our / system. However, the volume group names are still identical.

To solve the problem i’ve bootet up a GParted Live system from a USB stick, mounted the encrypted LUKS and renamed the volumegroup name. I’ve also assigned new UUIDs to both physical and logical volume.

1) Boot Gparted LIVE USB System
2) Enter shell, then lets mount the LUKS on /dev/sdb5 (sda5 = system disk, sdc = usb stick, sdb = USB backup disk):

gparted$ sudo su -
gparted# cryptsetup luksOpen /dev/sdb5 sdb5_crypt
# LUKS password has to be entered here ...
vgrename elementary-vg elementary-vg-backup
vgchange -an
vgchange --uuid elementary-vg-backup
pvchange --uuid /dev/mapper/sdb5_crypt

Then reboot the system and … finally:

root@t450s:~# cryptsetup luksOpen /dev/sdb5 sdb5_crypt
Geben Sie die Passphrase für »/dev/sdb5« ein: 
root@t450s:~# lsblk
NAME                                MAJ:MIN RM   SIZE RO TYPE  MOUNTPOINT
sda                                   8:0    0 931,5G  0 disk  
├─sda1                                8:1    0   487M  0 part  /boot
├─sda2                                8:2    0     1K  0 part  
└─sda5                                8:5    0   931G  0 part  
  └─sda5_crypt                      252:0    0   931G  0 crypt 
    ├─elementary--vg-root           252:1    0 919,3G  0 lvm   /
    └─elementary--vg-swap_1         252:2    0  11,7G  0 lvm   
      └─cryptswap1                  252:3    0  11,7G  0 crypt [SWAP]
sdb                                   8:16   0   1,8T  0 disk  
├─sdb1                                8:17   0   487M  0 part  
├─sdb2                                8:18   0     1K  0 part  
└─sdb5                                8:21   0   931G  0 part  
  └─sdb5_crypt                      252:4    0   931G  0 crypt 
    ├─elementary--vg--backup-root   252:5    0 919,3G  0 lvm   
    └─elementary--vg--backup-swap_1 252:6    0  11,7G  0 lvm   
root@t450s:~# 

Comments are currently closed.