Monday, August 31, 2009

Slackware 13.0 With LVM and LUKS

This post is contributed by Winlesky Burham and if you have any corrections, please contact him and CC it to me so i can update this post as well.

Hello slackers! My name is Winlesky Burham and on August 30, 2009, I managed to install Slackware 13.0 on my laptop. I would like to share my experience on installing this wonderful distro with LVM + LUKS support for better security and protection of computer's data by writing in the steps I took.

Before I continue, I would like to thank Willy Sudiarto Raharjo for his immense patience by filling me in the difference between KDE 3.5.X and KDE 4.2.x, for making me aware of the great possibilities that Linux in general, and Slackware in particular, has to offer, and also for the time he willingly sets aside to discuss the obstacles that present to me when I am dealing with Slackware, and also I would like to thank the people of the open source community that make such a wonderful system.

Now, I will begin with my laptop brand and specifications. The complete specs is not necessary, because we only need to know processor, memory and hdd to fully understand the steps (for people that have other brands of laptop, just use your imagination big grin) :

Laptop brand : Acer TravelMate 6291
Specifications : Intel(R) Core(TM) 2 Duo Processor T5500 (1.66 Ghz, 667 MHz FSB, 2MB L2 cache)

* First, we will insert Slackware 13.0 installation DVD into the DVD drive and reboot the laptop. The laptop will then perform its usual BIOS process. Press F12 to summon the "boot from other device" feature and choose the "boot from CD/DVD drive" option, wait until it needs your input.

* Slackware will now ask you to choose kernels it provides to boot the DVD, we will press 'enter' to use the default huge.smp.s kernel to begin the installation and wait until Slackware tells you to log-in by typing root, followed by pressing enter.

* We are now logged in :), we continue by partitioning the hard drive into 2 partitions. a /dev/sda1 100MB to hold /boot and the rest for /dev/sda2 to hold LVM partition. Use fdisk to split the hard drive. DON'T forget to set partition's system id to '83' for /dev/sda1 and '8e' for /dev/sda2 (read fdisk help pages to know how to split the hard drive)

* We are going to fill these partitions with random data to block any security experts efforts to determine where your encrypted data resides in those partitions: dd if=/dev/urandom of=/dev/sda1 ; dd if=/dev/urandom of=/dev/sda2. For a 80GB, my computer needs 6 hours and 25 minutes.

* Now we encrypt /dev/sda2 with cryptsetup:

# cryptsetup -y --cipher aes-xts-plain --key-size 512 luksFormat /dev/sda2 ( DON'T encrypt /dev/sda1 because we need /dev/sda1 unencrypted).

* Open the encrypted partition and also name it to 'acerluks':

# cryptsetup luksOpen /dev/sda2 acerluks

* Next we are going to create a physical volume '/dev/mapper/acerluks', a volume group called 'acercryptvg', three logical volumes; one swap 2GB partition, one / (root) 25 GB partition, and one /home '40ish' GB partition. You must be wondering why '40ish', it is because you have to keep the sum of the logical volumes sizes less than the total size of the physical volume. On my system, 44GB, but on your computer, who knows....

# pvcreate /dev/mapper/acerluks
# vgcreate acercryptvg /dev/mapper/acerluks
# lvcreate -L 2G -n swap acercryptvg
# lvcreate -L 25G -n root acercryptvg
# lvcreate -L 44G -n home acercryptvg

* Create the device nodes before activating the volumes:

# vgscan --mknodes

And activate the the volumes:

# vgchange -ay

* Run 'mkswap' so that the 'setup' program can identify the 'swap' logical volume as a valid swap partition.

# mkswap /dev/acercryptvg/swap

* Now run 'setup' by typing setup on the command prompt, and match swap, / (root), /home, /boot with respect to /dev/mapper/swap, /dev/mapper/root, /dev/mapper/home, /dev/sda1 (for /boot), and let Slackware install packages into your computer. (make sure you install generic.smp and huge.smp kernel packages and choose ext4 as the default filesystem).

* After Slackware has finished installing packages, Slackware will need you to install LILO. At LILO configuration screen, choose 'expert lilo configuration', and install LILO to Master Boot Record (MBR). Select '/dev/acercryptvg/root' as the / (root) partition to boot and select 'install LILO'.

* After the installation completed, exit to command prompt. DON'T reboot the system! We are going to fix the lilo.conf, but before that, we're going to chroot our new Slackware system: chroot /mnt.

* Create initrd.gz with LVM, Crypt, and Hibernation support so that Slackware can pass the boot process and also Slackware can perform the hibernation feature.

# mkinitrd -c -k -m ext4 -f ext4 -h /dev/acercryptvg/swap -r /dev/acercryptvg/root -C /dev/sda2 -L -o /boot/initrd.gz

* Make sure for the last time that your lilo.conf contains the following:

append="vt.default_utf8=0 resume=/dev/acercryptvg/swap" (so that Slackware knows that you're using it as a hibernation partition)


image = /boot/vmlinuz-generic-smp-
root = /dev/acercryptvg/root
initrd = /boot/initrd.gz

* Finally, run 'lilo' to update the lilo configuration you just set and make sure there are no problems.

* Reboot the laptop, and enjoy your new and shiny Slackware 13.0 with LVM + LUKS support!