I need to move old system (/dev/sda). Ubuntu 16.04 is LUKS partition. I would like to move the system (on /dev/sdb) so that all partitions (including /boot) are encrypted.
I have already copied the system to a new disk. Now I would like to encrypt boot partitions
$ lsblk
NAME MAY: MIN RM SIZE RO TYPE MOUNTPOINT
sda 8: 0 0 10G 0 disk
├─sda1 8: 1 0 500M 0 part /boot
├─sda2 8: 2 0 1K 0 part
└─sda5 8: 5 0 9.5G 0 part
└─lvm 252: 0 0 9.5G 0 crypt
├─MDISK-swap 252: 1 0 500M 0 lvm [SWAP]
└─MDISK-root 252: 2 0 9G 0 lvm /
sr0 11: 0 1 1024M 0 rom –
=================
I'm asking further :)
I created partitions /boot and encrypted. The system starts, but I need to enter the password for the boot twice. Any idea ?
root@ubuntusrv2tmp:~# lsblk
NAME MAJ:MIN RM SIZE RO TYPE MOUNTPOINT
sda 8:0 0 1G 0 disk
└─sda1 8:1 0 1023M 0 part
└─boot 252:3 0 1021M 0 crypt /boot
sdb 8:16 0 10G 0 disk
├─sdb2 8:18 0 1K 0 part
└─sdb5 8:21 0 9.5G 0 part
└─lvm 252:0 0 9.5G 0 crypt
├─MDISK-swap 252:1 0 500M 0 lvm [SWAP]
└─MDISK-root 252:2 0 9G 0 lvm /
sr0 11:0 1 1024M 0 rom
parted
root@ubuntusrv2tmp:~# parted /dev/sda print
Model: ATA VBOX HARDDISK (scsi)
Disk /dev/sda: 1074MB
Sector size (logical/physical): 512B/512B
Partition Table: msdos
Disk Flags:
Number Start End Size Type File system Flags
1 1049kB 1074MB 1073MB primary boot
root@ubuntusrv2tmp:~# parted /dev/sdb print
Model: ATA VBOX HARDDISK (scsi)
Disk /dev/sdb: 10.7GB
Sector size (logical/physical): 512B/512B
Partition Table: msdos
Disk Flags:
Number Start End Size Type File system Flags
2 525MB 10.7GB 10.2GB extended
5 526MB 10.7GB 10.2GB logical
/etc/default/grub
GRUB_DEFAULT=0
GRUB_HIDDEN_TIMEOUT_QUIET=true
GRUB_TIMEOUT=2
GRUB_DISTRIBUTOR=`lsb_release -i -s 2> /dev/null || echo Debian`
GRUB_CMDLINE_LINUX_DEFAULT=""
GRUB_CMDLINE_LINUX=""
GRUB_ENABLE_CRYPTODISK=y
/etc/grub.d/40_custom
menuentry "Other Linux" {
insmod part_msdos
insmod lvm
insmod ext2
insmod luks
insmod cryptodisk
set root='hd0,msdos1'
if [ x$feature_platform_search_hint = xy ]; then
search --no-floppy --fs-uuid --set=root --hint-bios=hd0,msdos1 --hint-efi=hd0,msdos1 --hint-baremetal=ahci0,msdos1 1149241b-eac6-45b6-b926-c1d9ceddd4ae
else
search --no-floppy --fs-uuid --set=root 1149241b-eac6-45b6-b926-c1d9ceddd4ae
fi
echo 'Loading Other Linux TMask ...'
linux /vmlinuz-4.4.0-87-generic root=/dev/mapper/MDISK-root ro
initrd /initrd.img-4.4.0-87-generic
}
blkid
/dev/mapper/lvm: UUID="0HIkKp-s40v-KK61-yn79-Vwwg-sOIO-s4Jgys"
TYPE="LVM2_member"
/dev/mapper/MDISK-root:
UUID="bfe2f433-3249-4309-a13c-a8b1baffa64b" TYPE="ext4"
/dev/sda1:
UUID="11486177-e7ca-4285-a34b-60c557759993" TYPE="crypto_LUKS"
PARTUUID="d08c0112-01"
/dev/sdb5:
UUID="30a2dd4e-9b46-42df-a363-8127372de1f7" TYPE="crypto_LUKS"
/dev/mapper/MDISK-swap: UUID="188b491f-5fdc-4d83-8f08-046becab333e"
TYPE="swap"
/dev/mapper/boot:
UUID="1149241b-eac6-45b6-b926-c1d9ceddd4ae" TYPE="ext4"
/etc/fstab
UUID=1149241b-eac6-45b6-b926-c1d9ceddd4ae /boot ext4 defaults 0 1
UUID=188b491f-5fdc-4d83-8f08-046becab333e none swap defaults 0 0
UUID=bfe2f433-3249-4309-a13c-a8b1baffa64b / ext4 errors=remount-ro 0 2
sudo lsblk -f(instead of justlsblk)? What's the current state of/dev/sdb? Is it empty or do you wish to reformat it entirely (losing all data currently on it)? Also,/bootcan't be encrypted because it contains the instructions for the computer to ask for the decryption key and decrypt the other partitions with it. (Of course you can still encrypt it but you won't be able to boot the system with it.) – David Foerster Feb 20 '18 at 09:32