Fedora Linux Support Community & Resources Center
  #1  
Old 28th May 2012, 08:12 PM
rurikc Offline
Registered User
 
Join Date: Jan 2010
Posts: 65
linuxfirefox
Question Migrating rootfs to a LUKS setup

Hi,

I'd like to migrate my current F16 install to an encrypted rootfs.
(I want to avoid a time consuming fresh install followed by a reconfiguration)

Assuming I have a spare disk to play with is there a how-to move an installation from a non-encrypted disk/partition to an encrypted disk/partition ?
(in a future upgrade safe mode, i.e. I want to duplicate the installer work)

Thanks,

Cheers.
Reply With Quote
  #2  
Old 29th May 2012, 07:02 PM
Gareth Jones Offline
Official Gnome 3 Sales Rep. (and Adminstrator)
 
Join Date: Jul 2011
Location: Birmingham, UK
Age: 32
Posts: 2,771
linuxfirefox
Re: Migrating rootfs to a LUKS setup

This could be quite complicated. In addition to formatting the encrypted partition and copying files across, you'll need to update /etc/fstab (unless you give the new root file-system the same UUID as the old), update /etc/crypttab, probably regenerate the initramfs image (dracut), and possibly reinstall the boot-loader (grub2-install).

Unless you're doing something clever, you probably don't need to encrypt /. Only /home, /var, /tmp and swap really need encrypting, and /boot cannot be encrypted.
Reply With Quote
  #3  
Old 30th May 2012, 08:53 AM
rurikc Offline
Registered User
 
Join Date: Jan 2010
Posts: 65
linuxfirefox
Re: Migrating rootfs to a LUKS setup

Quote:
Originally Posted by Gareth Jones View Post
This could be quite complicated.
Thanks, I appreciate this. Let assume for the level of this discussion that I have 12 years of professional Linux sysadmin, RHCE x 2 (both expired by now) and 18 years of Linux usage overall (started in 1994)

I am currently relatively new to LUKS (but I can find my way around), new to GTP (but doesn't seem to be big deal) and while I have repaired grub by hand on several occasions, I never played with grub2.

So, I just want to avoid pitfals, hard to solve problems and save as much time I can.

Quote:
Originally Posted by Gareth Jones View Post
In addition to formatting the encrypted partition and copying files across, you'll need to update /etc/fstab (unless you give the new root file-system the same UUID as the old), update /etc/crypttab, probably regenerate the initramfs image (dracut), and possibly reinstall the boot-loader (grub2-install).
You could add: replace UUID of rootfs in grub.conf

Is that all ?

Quote:
Originally Posted by Gareth Jones View Post
Unless you're doing something clever, you probably don't need to encrypt /. Only /home, /var, /tmp and swap really need encrypting, and /boot cannot be encrypted.
Contrary, I am doing something very simple I don't have a separate /var, /tmp or even a swap partition. Over the years I found them to be a huge hassle for my home environment.

I am aware that /boot has to be unencrypted. I also saw some special kernel boot options in grub.conf. How about the initrd ? Same as for unencrypted ... or modified ?

Generally, re HDs and partitions, I tend to go with all in one: disk is cheap, RAM is cheap, my time is not.

I want to be able to have two disks for all filesystems: one live, one rsync-ed and kept up to date. The spare may go in "production" in 5 minutes. This setup saved my bacon on several occasions (last time was a failed upgrade from F15 to F16). And disks just accumulated over the years

Finally, anything that you consider I should know ? Stuff that I don't even know that I don't know ? Tips, warnings, etc ?

Thanks and all the best.
Reply With Quote
  #4  
Old 30th May 2012, 06:50 PM
Gareth Jones Offline
Official Gnome 3 Sales Rep. (and Adminstrator)
 
Join Date: Jul 2011
Location: Birmingham, UK
Age: 32
Posts: 2,771
linuxfirefox
Re: Migrating rootfs to a LUKS setup

I'm afraid I've never actually tried moving an installation from unencrypted to encrypted storage, that was just a list of things I'd expect to have to do. Unless anyone else has actually done this and reports here, I can only suggest giving it a try, and keeping the unencrypted system boot-able until you're happy that the encrypted system works of course. It sounds like you're capable of working it through! I would strongly recommend a separate /home partition at least, for various reasons, but it sounds like you're already aware of them and have made up your mind.
Reply With Quote
Reply

Tags
luks, migrating, rootfs, setup

Thread Tools Search this Thread
Search this Thread:

Advanced Search
Display Modes

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is On
HTML code is Off

Forum Jump

Similar Threads
Thread Thread Starter Forum Replies Last Post
How to reduce size of rootfs.jffs2 sumiram Using Fedora 0 28th January 2011 12:14 PM
Help--softreset failed VFS: Unable to mount rootfs joebloggs900 Installation, Upgrades and Live Media 0 25th January 2011 05:19 AM
raid+lvm rootfs -> mkinitrd omits lvm utilities David Becker Using Fedora 0 8th January 2010 12:25 PM
why ext3 change to rootfs ?? jiawj Using Fedora 4 5th February 2005 02:55 AM


Current GMT-time: 06:15 (Sunday, 21-12-2014)

TopSubscribe to XML RSS for all Threads in all ForumsFedoraForumDotOrg Archive
logo

All trademarks, and forum posts in this site are property of their respective owner(s).
FedoraForum.org is privately owned and is not directly sponsored by the Fedora Project or Red Hat, Inc.

Privacy Policy | Term of Use | Posting Guidelines | Archive | Contact Us | Founding Members

Powered by vBulletin® Copyright ©2000 - 2012, vBulletin Solutions, Inc.

FedoraForum is Powered by RedHat
...Bhopal, Madhya Pradesh Travel Photos - Thanjai Restaurant (South Indian Cuisine) Photos on Instagram - Viking Line M/S Viking Grace Travel Photos on Instagram - Spargo Photos on Instagram - Masr El-Gdida