0

Ubuntu 20.04's installer points you towards LVM + LUKS if you want your disk encrypted. I do. But I'm not sure what LVM adds.

e.g. I followed the easy option and installed this way. It set up:

  • physical EFI partition (537MB - bit small?)
  • physical extended partition
    • boot partition 1.5GB
    • LUKS
      • LVM
        • 1GB Swap (tiny!)
        • The rest: / (ext4)

Now I want to increase the swap, but there don't seem to be any tools to do this easily? LVM comes with lots of features but it seems that to resize this I still have to boot to rescue USB or such, fiddle around with my fingers crossed. At least in the old days I could use Gparted when needs demanded.

I thought LVM had lots of cool features like live resize, snapshots etc. and I thought it would be supported by a GUI tool (e.g. Gnome Disks) but it does not seem to be the case.

Is there a toolset or reasoning that I'm missing as to why Ubuntu's installer offers this when it seems to just make things less flexible? e.g. it's easier to shrink ext4 if you shrink it from the end not the beginning.

artfulrobot
  • 8,543
  • Since this site is manned by volunteers i do not think any one here can answer that. That would be a question for the people that build the OS. – David Mar 28 '22 at 12:29
  • I would love to head from a volunteer / other Ubuntu user who has found this to be super useful (and explains why/how) – artfulrobot Mar 28 '22 at 12:37
  • 1
    Ubuntu can use swapfiles that allow for easy resize, but you've not explained which installer you're talking about, as you've not provided that detail. Ubuntu has multiple installers available for 20.04, the ISO you download & use for install dictates what installer is used (be it ubiquity, subiquity, etc) – guiverc Mar 28 '22 at 12:49
  • @guiverc I did not know that! Which do you get if you go to ubuntu.com and click download? – artfulrobot Mar 28 '22 at 12:58
  • 2
    You are offered a number of choices... The default installer for Ubuntu Desktop 20.04 LTS uses ubiquity, the default installer for Ubuntu Server 20.04 LTS uses subiquity, the default for two flavors is calamares... but you didn't say which ISO you downloaded (flavors are offered too at ubuntu.com) and used of the choices offered. – guiverc Mar 28 '22 at 13:07
  • Does this answer your question? What is LVM and what is it used for? – Artur Meinild Mar 28 '22 at 13:36
  • I don't believe LVM adds that much to a single disk system, but there might be usecases for dynamic resizing and snapshots. However, on my main server with a single SSD, I just installed with one ext4 partition. – Artur Meinild Mar 28 '22 at 13:38

1 Answers1

0

The reason for this (I hazard) is that they want you only to need to enter the crypsetup/luks password once. We need some of the disk unencrypted (since the BIOS can't know how to unlock crypto partitions/disks), namely /boot (and the EFI partition if using UEFI).

So LUKS is applied to one partition but this partition must contain several partitions; in Ubuntu (desktop)'s rather limited but simple automated set-up, this would be a swap partition and the main root filesystem.

In order for one partition to be split into several block devices we need to use LVM (or at least LVM is one proven tool that can do this). So LVM.

It's good to have your swap encrypted. The other option would be to use a swap file in your encrypted root file system (which is actually what I did to get around Ubuntu creating a tiny 1GB swap partition).

Finally, for completeness' sake, I wanted a custom set of LVM logical volumes set up within my LUKS partition - one for the OS, one for swap and one for home.

From the live CD I created the LUKS encryption and LVM structures (see elsewhere), then used the installer to specify which to use for what in the normal way. However this created a problem: because the Ubuntu installer did not do its own cryptsetup it was unable to create an initramfs image that knew to offer crypt unlocking before looking for the root partition on the LVM logical volume.

This was solved by mounting the newly installed system, setting up /etc/crypttab with an initramfs parameter like so:

crypto UUID=1111-2222-3333-4444 none luks,discard,initramfs

...and adding CRYPTSETUP=y into /etc/cryptsetup-initramfs/conf-hook (credit for these tips from a unix.SE answer)

artfulrobot
  • 8,543