4 01 2017
Elementary OS: properly mounting an encrypted clonezilla/dd backup with LUKS + LVM (changing identical UUIDs)
During extensive configuration of my new system i did a f***up and ended up having a system that doesn’t boot but holding all data, and luckily – i’ve had a several days old bootable system (without the most recent data). So i ended up restoring the bootable system and then trying to mount the 1:1 clone (dd/clonezilla) of the broken system that holds all recent data. So here is how i solved it. I’m NOT claiming this is the best/nicest/cleanest/preferred way of doing it. It just works for me + solved my problem.
This is my system after booting and the BACKUP connected via USB to /dev/sdb:
root@t450s:~# lsblk NAME MAJ:MIN RM SIZE RO TYPE MOUNTPOINT sda 8:0 0 931,5G 0 disk ├─sda1 8:1 0 487M 0 part /boot ├─sda2 8:2 0 1K 0 part └─sda5 8:5 0 931G 0 part └─sda5_crypt 252:0 0 931G 0 crypt ├─elementary--vg-root 252:1 0 919,3G 0 lvm / └─elementary--vg-swap_1 252:2 0 11,7G 0 lvm └─cryptswap1 252:3 0 11,7G 0 crypt [SWAP] sdb 8:16 0 1,8T 0 disk ├─sdb1 8:17 0 487M 0 part ├─sdb2 8:18 0 1K 0 part └─sdb5 8:21 0 931G 0 part
Because of the 1:1 clone (dd/clonezilla) the UUID are equal:
root@t450s:~# blkid | grep /dev/sd.5 /dev/sda5: UUID="6974b4f3-f50d-4ad8-ad07-0652dd5359f2" TYPE="crypto_LUKS" PARTUUID="7b90aef6-05" /dev/sdb5: UUID="6974b4f3-f50d-4ad8-ad07-0652dd5359f2" TYPE="crypto_LUKS" PARTUUID="7b90aef6-05"
So when i tried mounting the LUKS on /dev/sdb5, this is what happened:
root@t450s:~# lsblk NAME MAJ:MIN RM SIZE RO TYPE MOUNTPOINT sda 8:0 0 931,5G 0 disk ├─sda1 8:1 0 487M 0 part /boot ├─sda2 8:2 0 1K 0 part └─sda5 8:5 0 931G 0 part sdb 8:16 0 1,8T 0 disk ├─sdb1 8:17 0 487M 0 part ├─sdb2 8:18 0 1K 0 part └─sdb5 8:21 0 931G 0 part └─sda5_crypt 252:0 0 931G 0 crypt ├─elementary--vg-root 252:1 0 919,3G 0 lvm / └─elementary--vg-swap_1 252:2 0 11,7G 0 lvm └─cryptswap1 252:3 0 11,7G 0 crypt [SWAP]
That sucks. Obviously mounting the backup will mask my booted root system. But that makes sense. I assume this is happening because the UUID is fixed to sda5_crypt in /etc/crypttab:
root@t450s:~# cat /etc/crypttab | grep _crypt sda5_crypt UUID=6974b4f3-f50d-4ad8-ad07-0652dd5359f2 none luks,discard
Besides the UUIDs being equal, the LVM volumegroup inside the LUKS will also be identical (elementary-vg). But lets first change the UUID of our encrypted backup disk LUKS partition:
root@t450s:~# cryptsetup luksUUID /dev/sda5 6974b4f3-f50d-4ad8-ad07-0652dd5359f2 root@t450s:~# cryptsetup luksUUID /dev/sdb5 6974b4f3-f50d-4ad8-ad07-0652dd5359f2 root@t450s:~# cryptsetup luksUUID /dev/sdb5 --uuid 6974b4f3-f50d-4ad8-ad07-0652dd5359f3 WARNING! ======== Wollen Sie wirklich die UUID des Geräts ändern? Are you sure? (Type uppercase yes): YES root@t450s:~# cryptsetup luksUUID /dev/sdb5 6974b4f3-f50d-4ad8-ad07-0652dd5359f3 root@t450s:~#
Now we have changed the 2 at the end of UUID for /dev/sdb5 into a 3. It won’t be masking our / system. However, the volume group names are still identical.
To solve the problem i’ve bootet up a GParted Live system from a USB stick, mounted the encrypted LUKS and renamed the volumegroup name. I’ve also assigned new UUIDs to both physical and logical volume.
1) Boot Gparted LIVE USB System
2) Enter shell, then lets mount the LUKS on /dev/sdb5 (sda5 = system disk, sdc = usb stick, sdb = USB backup disk):
gparted$ sudo su - gparted# cryptsetup luksOpen /dev/sdb5 sdb5_crypt # LUKS password has to be entered here ... vgrename elementary-vg elementary-vg-backup vgchange -an vgchange --uuid elementary-vg-backup pvchange --uuid /dev/mapper/sdb5_crypt
Then reboot the system and … finally:
root@t450s:~# cryptsetup luksOpen /dev/sdb5 sdb5_crypt Geben Sie die Passphrase für »/dev/sdb5« ein: root@t450s:~# lsblk NAME MAJ:MIN RM SIZE RO TYPE MOUNTPOINT sda 8:0 0 931,5G 0 disk ├─sda1 8:1 0 487M 0 part /boot ├─sda2 8:2 0 1K 0 part └─sda5 8:5 0 931G 0 part └─sda5_crypt 252:0 0 931G 0 crypt ├─elementary--vg-root 252:1 0 919,3G 0 lvm / └─elementary--vg-swap_1 252:2 0 11,7G 0 lvm └─cryptswap1 252:3 0 11,7G 0 crypt [SWAP] sdb 8:16 0 1,8T 0 disk ├─sdb1 8:17 0 487M 0 part ├─sdb2 8:18 0 1K 0 part └─sdb5 8:21 0 931G 0 part └─sdb5_crypt 252:4 0 931G 0 crypt ├─elementary--vg--backup-root 252:5 0 919,3G 0 lvm └─elementary--vg--backup-swap_1 252:6 0 11,7G 0 lvm root@t450s:~#
GNU/Linux: optimizing system settings for SSD disks Elementary OS: disable ecryptfs home folder encryption, or: manually mounting ecryptfs encrypted homedir (e.g. from backup)
Comments are currently closed.