Dealing With an Encrypted LVM on an Old Hard Drive

[Like many of my blog entries, this is written as much for me as for you - if it's useful to you, great. I rarely deal with LUKS at the command line, and I rarely use LVM at all. Dealing with both simultaneously was somewhat daunting (but may seem unremarkable to someone familiar with both).]

I recently tried to boot an older machine, only to find the Debian installation caught in some sort of boot loop and never getting to a graphical install. The Debian installation had already been having difficulties - notably the laptop display would go to static and die after a few minutes, forcing me to use an external display ... although I had initially assumed this was a hardware problem but the Fedora Live media proved otherwise. So I decided to install Fedora. But I didn't want to wipe the HD without at least looking at it. Which is where things started to get weird.

I use unimportant laptops (like ones with bad displays) to play around, and I had definitely done something strange on this one: using Fedora Live media, lsblk showed it had one primary partition of 256M on /dev/sda and one logical partition occupying the entire rest of the 640G drive. No OS partition, no swap, no /home/ - very unusual for me. gparted showed that the big partition was LUKS-encrypted, so that helped ... but I still didn't understand why it was one big block.

At this point I ran sudo bash as most of the commands I figured I'd need required root privilege. Starting with:

# cryptsetup luksOpen /dev/sda5 local
Enter passphrase for /dev/sda5:

Happily, I remembered that passphrase. 'local' was an entirely arbitrary name, I could have used anything. But now lsblk showed a sub-entry under /dev/sda5 called 'local' and it had several sub-entries under it, each having a name starting with 'elitebook--vg-...'. The machine is an HP Elite Book, and I finally realized I was dealing with a fully encrypted LVM volume group. From a security point of view this is a good idea, but I haven't done it much (I usually encrypt partitions but don't use LVM). Encrypting everything like this requires a small unencrypted '/boot/' partition, thus the 256M primary partition.

I also found that I now had several devices under '/dev/elitebook-vg/':

  • debianHome
  • home
  • root
  • swap_1

These corresponded to the sub-entries under 'local' in the lsblk output, although they're prefaced there with 'elitebook--vg-...'.

These devices can now be handled like any partition:

# mkdir /mnt/debianHome
# mkdir /mnt/home
# mount /dev/elitebook-vg/debianHome /mnt/debianHome
# mount /dev/elitebook-vg/home /mnt/home

So I found out that 'debianHome' is actually a badly named root partition for a Debian installation, and 'home' is ... well, /home/.

gparted apparently still can't handle LVM, so I used the LVM command line to examine and juggle the logical volumes - deleting an empty partition/volume and adding another to create space for another OS installation.

With the LUKS partition decrypted (as shown above) it took a bit of poking, but the Fedora Live media "Install to Hard Drive" option was fairly easily persuaded to install to a logical volume within the Volume Group rather than having to repartition the whole drive.