Root filesystem over LVM2, DM-Crypt and RAID

This howto aims to explain how to mix RAID, DM-Crypt and LVM2, and how to boot on it. It is written for users with some experience as it does not get into details about RAID, DM-Crypt or LVM2, check the linked howtos for more informations.

To help with the comprehension, this howto will assume the following target system.

Requirements
You will need : All of this is present on the Gentoo Universal install CD.
 * A kernel with RAID,device-mapper and LVM2 support
 * RAID,DM-Crypt and LVM2 user-space tools (on Gentoo that would be :, and )

Partitions
Create the two partitions on the first disk

Then just copy the partition table to the other disk

RAID
Create the two RAID1 Arrays

Wait for them to sync (optional)

More about RAID here

DM-Crypt
First you need to randomise the disk (optional, really long but recommended for improved security, you may want to look at frandom to speed things up)

Then create the encrypted device

And map the encrypted device

More about DM-Crypt here

LVM2
Create a Physical Volume containing the encrypted device

Create a Volume Group

Create Logical Volumes that will become your final partitions

More about LVM2 here

Formating
Format your partitions with your favorite FS

Installation
You are now all set to install gentoo, refer to the handbook and don't forget to configure your kernel correctly.

Some things you need in the Kernel are: Device Drivers ---> Multiple device drivers -> Device mapper support Device Drivers ---> Multiple device drivers -> Crypt target suport Cryptographic API --->

Packages needed :, and

Access
Commands to regain access to your partitions (in case you need to)

Just for your information, the opposite of these commands are :

Packages
To simplify the rest of the procedure, some packages need the USE flag

Re-emerge them if needed

Hierarchy
An initram is just a small hierarchy compressed in a single file, you won't need a lot of files.

A few directories first

Now you can copy the binaries needed

Now for the devices

Optional Step : If you don't have a qwerty keyboard, you will need a custom keymap.

Optional Step: put a message in ASCII-ART

Optional Step: you can put fbsplash stuff if you follow the steps on the wiki, uncompress that initramfs and mix it with this.

And to finish this initram: an init script. By default, the kernel will start the file.

Make sure the init file is executable:

Now you can create the initramfs file

GRUB
The last thing needed is a bootloader. The configuration file

And the installation on both disks (so you can boot on the second if the first fails)

device (hd0) /dev/sda root (hd0,0) setup (hd0) device (hd0) /dev/sdb root (hd0,0) setup (hd0)

GRUB2
If you use a superblock 1.X for raid (the default is 1.2, check RAID-wiki), then Legacy-GRUB will not see you filesystem on /dev/sda1. You need to use new GRUB2. See GRUB2-wiki.

Emerge GRUB2 Probably: echo "sys-boot/grub:2" >> /etc/portage/package.accept_keywords echo "sys-boot/grub:2" >> /etc/portage/package.unmask emerge -av sys-boot/grub:2 Pls. see the Grub2 Wiki link above. The lines are simply pasted over from there.

Name the initramfs file to help grub-mkconfig to match kernel with initramfs (see /etc/grub.d/10_linux) mv /boot/initramfs /boot/initramfs-${version}.img where ${version} is from file kernel-${version}

Generate grub2 configuration grub-mkconfig -o /boot/grub/grub.cfg check that the generated configuration is ok.

Finally, Install grub grub-install /dev/sda grub-install /dev/sdb

Reboot
You should now be able to boot on your system, the passphrase will be asked just after the kernel finishes initialising and then the normal boot will occur