3

Related to this question, it seems the only way I can access one encrypted boot drive from another encrypted boot drive (both using the default encryption options when installing Ubuntu) is if the two drives have different volume group (VG) names. By default, Ubuntu uses the volume group name "ubuntu-vg" and if you have two volume groups with the same name, lvm2 has a problem.

A bigger problem was when I read this and decided to rename my active boot drive's VG to something different. Then I rebooted and cryptsetup would no longer recognize my password. It gave me the error

unknown fstype, bad password or options?

Using a LiveUSB I renamed the VG on that boot drive back to ubuntu-vg and it booted again (relief).

Now, if the VG names must be unique but they also cannot change, then there is a problem. I did not see an option when I installed Ubuntu to set the VG name. I guess it is either hard-coded or in a config file somewhere. I checked the smaller (unencrypted) boot area on the drive and I see in

/grub/grub.cfg

There are some references to this "ubuntu-vg" which makes me think I can change it.

However, I am still fairly new to Ubuntu so before I go being a creative person with another non-bootable drive, I would love some input from the experts here.

Can I rename the VG using vgrename then change /grub/grug.cfg by doing a find-and-replace all of the old VG name to the new VG name and magically everything will work?

John
  • 996

2 Answers2

1

I actually managed to do this from a live system like this:

OLDVG=old-vg-name
NEWVG=new-vgname
vgrename $OLDVG NEWVG
OLDVG=$(echo $OLDVG | sed 's/-/--/g') # if the vg-name contains a dash, replace by double dashes as that is used for the device-name
sed -i "s/$OLDVG/$NEWVG/g" /etc/fstab
sed -i "s/$OLDVG/$NEWVG/g" /etc/initramfs-tools/conf.d/resume

/proc/mounts is used by update-initramfs and update-grub to set the root device. unfortunately, /proc/mounts does NOT get updated when changing the vg name.

therefore, we need to fake the /proc/mounts file. doing mount --bind mounts /proc/mounts does NOT work. we need to fake the whole /proc dir.

mkdir proc
find /proc -type f -or -type l -maxdepth 1 |grep -Ev '(kmsg|kcore|sysrq-trigger)'  | xargs -I {} sh -c 'echo {} && cp {} proc'
sed -i "s/$OLDVG/$NEWVG/g" proc/mounts
# we could perhaps 'unshare --mount' to create a mount namespace for the current shell. however, this did not seem neccessary.
mount --bind proc /proc
update-initramfs -u -k all
update-grub
umount /proc
rm -r proc
reboot
Zulakis
  • 149
  • 1
    This worked for me - I couldn't find this info anywhere else and I needed to do it on a live system as it is headless. Thanks! – John Hawthorne Jan 09 '21 at 22:13
1

After reading George's link (and several others), I wanted to post this here as an answer.

If you need to rename the volume group of an encrypted boot drive, these are the steps you should take. At least they seem to work well on 16.04.

  1. Unplug all other drives and only have a LiveUSB (or similar) and your encrypted boot drive plugged in. Note, do not boot from another encrypted boot drive because both boot drives have the same volume group name (ubuntu-vg).
  2. Boot from the LiveUSB, not from the encrypted boot drive
  3. After the LiveUSB is running the active system, make sure lvm2 is installed (although the 16.04.2 LiveUSB does already lvm2 installed).

sudo apt install lvm2

  1. Mount the encrypted drive. Then, verify the name of the volume group (there should only be one because no other drives besides the LiveUSB should be connected). The default for 16.04 (and it seems 18.04) is "ubuntu-vg" (the following will assume that is the case).

sudo vgscan

  1. Rename the volume group to something unique

sudo vgrename ubuntu-vg my_new_volume_group_name

  1. You should receive confirmation that the volume group was renamed.
  2. At this point, your encrypted boot drive will not boot because grub can no longer find the volume group named ubuntu-vg. So, you need to update grub. On the encrypted boot drive, go to the grub folder and see the file grub.cfg. If you try to open it from a LiveUSB, it will be read only so open a terminal and type:

sudo gedit

  1. From within gedit, open the grub.cfg file (which will be on the unencrypted part, in the grub folder.
  2. Save a copy of this file as backup-grub.cfg just in case something goes wrong in the next few steps.
  3. Find and replace ubuntu--vg with your new volume group name (ctrl+H, Find:ubuntu--vg Replace with:my_new_volume_group_name). That find text is correct. You should find "ubuntu--vg" (notice there are two dashes between "ubuntu" and "vg" because when you use a dash here, grub needs a double-dash.
  4. Save the file back to grup.cfg
  5. Reboot, removing the LiveUSB

Now, when grub loads, it will see the volume group name it expects and you will be able to load your encrypted boot drive.

John
  • 996