1

Topic: What storage layout do LUKS users have?

Hi All,

I am evaluating what needs to be done to add LUKS support to GParted.  I would very much appreciate if users can reply with details of their storage layouts so I can see what types of setup exist in the wild.  Running the lsblk command and posting the output would be ideal and comment if you think you have a weird setup.  I hope to support the most common use cases.

Here's an example from my test install of Fedora with LUKS encryption enabled:
(Hint: Enclose lsblk output in code tags)

[fedora@localhost ~]$ lsblk
NAME                                          MAJ:MIN RM   SIZE RO TYPE  MOUNTPOINT
sda                                             8:0    0    20G  0 disk  
├─sda1                                          8:1    0   500M  0 part  /boot
└─sda2                                          8:2    0  19.5G  0 part  
  └─luks-f78b80e1-6500-4b3d-a43c-3387c2e8b2f5 253:0    0  19.5G  0 crypt 
    ├─fedora00-root                           253:1    0  17.5G  0 lvm   /
    └─fedora00-swap                           253:2    0     2G  0 lvm   [SWAP]
sdb                                             8:16   0     8G  0 disk  
sdc                                             8:32   0 149.1G  0 disk  
sr0                                            11:0    1  1024M  0 rom   

Thanks,
Mike

2

Re: What storage layout do LUKS users have?

Hi,

I have the following:

NAME                                          MAJ:MIN RM   SIZE RO TYPE  MOUNTPOINT
vda                                           254:0    0     1G  0 disk  
└─vda1                                        254:1    0   243M  0 part  /boot
vdb                                           254:16   0   350G  0 disk  
└─vdb_crypt (dm-0)                            253:0    0   350G  0 crypt 
  ├─backups--clientes-root (dm-1)             253:1    0   100G  0 lvm   /
  ├─backups--clientes-swap_1 (dm-2)           253:2    0   252M  0 lvm   [SWAP]
  ├─backups--clientes-c1_remoto (dm-3)        253:3    0   229G  0 lvm   /home/c1_p1/elkarbackup
  └─backups--clientes-c1_p2 (dm-4)            253:4    0    20G  0 lvm   /home/c1_p2
sr0                             

And also the following:

NAME                               MAJ:MIN RM   SIZE RO TYPE  MOUNTPOINT
vda                                254:0    0     5G  0 disk  
├─vda1                             254:1    0   243M  0 part  /boot
├─vda2                             254:2    0     1K  0 part  
└─vda5                             254:5    0   4,8G  0 part  
  └─backup2-root (dm-0)            253:0    0   4,5G  0 lvm   /
vdb                                254:16   0   300G  0 disk  
└─vdb1                             254:17   0   300G  0 part  
  └─vgdatos-cifrado (dm-1)         253:1    0   300G  0 lvm   
    └─vgdatos-cifrado_crypt (dm-2) 253:2    0   300G  0 crypt /srv/backup
vdc                                254:32   0   200G  0 disk  /srv/elkarbackup
sr0                                 11:0    1  1024M  0 rom  

This second one is the most difficult to handle by hand because of the physical partition, and where gparted could help more. The first one is quite easy to handle without gparted.

Thanks a lot!
Eneko

3

Re: What storage layout do LUKS users have?

Hi Eneko,

Your first setup is whole disk > LUKS > LVM.  This will be possible to support, as GParted is currently gaining support for whole disks.  Bug 743181 - Add unpartitioned drive read-write support.

Your second setup is partition > LVM > LUKS.  GParted doesn't support LVM2 Logical Volumes so won't see the crypt partition to manage.

Thanks,
Mike

4

Re: What storage layout do LUKS users have?

(On behalf of Liviu, from Bug 627701 comment #49)

My personal set-ups are quite very simple, generally. It's either having a dedicated encrypted partition with ext2/ext3 FS on the computer hard-drive, or a USB Key with one FAT32 partition for maximum compatibility, and a LUKS encrypted partition.

geek@liv-inspiron:~$ lsblk
NAME                                                 MAJ:MIN RM   SIZE RO TYPE  MOUNTPOINT
[..]
sdc                                                    8:32   1   7.5G  0 disk
├─sdc1                                                 8:33   1   3.6G  0 part  /media/geek/Transcend
└─sdc2                                                 8:34   1   3.9G  0 part
  └─luks-39b9ce12-f641-4fb6-b375-d07d8b0f2f14 (dm-0) 252:0    0   3.9G  0 crypt /media/geek/USB Device

I may consider more exotic setups in the future, but for now I'm simply hoping to have an easy way to setup a dedicated LUKS-encrypted partition to store sensitive data, backups, etc.

A huge bonus would be to have a means to setup encrypted partitions that are compatible cross-platform, i.e. can be in default setups accessed on Windows/Mac OS X, and not only on Linux...

5

Re: What storage layout do LUKS users have?

Hi Liviu,

Your setup of partition > LUKS > file system will be possible to support.

Thanks,
Mike

6 (edited by stefant 2015-03-07 02:05:18)

Re: What storage layout do LUKS users have?

no raid users around? here is my setup: partitions > md raid > luks > lvm

NAME                    MAJ:MIN RM   SIZE RO TYPE  MOUNTPOINT
sda                       8:0    0 119,2G  0 disk  
├─sda1                    8:1    0 384,3M  0 part  
│ └─md0                   9:0    0 384,1M  0 raid1 /boot
└─sda2                    8:2    0 118,9G  0 part  
  └─md1                   9:1    0 118,8G  0 raid1 
    └─cryptoraid (dm-0) 252:0    0 118,8G  0 crypt 
      ├─vg-root (dm-1)  252:1    0    14G  0 lvm   /
      └─vg-data (dm-2)  252:2    0   101G  0 lvm   /data
sdb                       8:16   0 465,8G  0 disk  
├─sdb1                    8:17   0 384,3M  0 part  
│ └─md0                   9:0    0 384,1M  0 raid1 /boot
├─sdb2                    8:18   0 118,9G  0 part  
│ └─md1                   9:1    0 118,8G  0 raid1 
│   └─cryptoraid (dm-0) 252:0    0 118,8G  0 crypt 
│     ├─vg-root (dm-1)  252:1    0    14G  0 lvm   /
│     └─vg-data (dm-2)  252:2    0   101G  0 lvm   /data
└─sdb3                    8:19   0 346,5G  0 part  
  └─cryptostuff (dm-6)  252:6    0 346,5G  0 crypt /mnt/stuff

7

Re: What storage layout do LUKS users have?

Hi Stefan,

Your setup of partition > MD Raid > LUKS > LVM will be possible to support.  GParted treats (Linux Software) MD Raid as just additional disk devices.  GParted is currently gaining support for file systems spanning whole disks, including raid arrays.    Bug 743181 - Add unpartitioned drive read-write support.

Thanks,
Mike

8

Re: What storage layout do LUKS users have?

Hi, I have this (there is no mountpoints because I posted it from LiveUSB):

NAME                    MAJ:MIN RM   SIZE RO TYPE  MOUNTPOINT
sda                       8:0    0 931,5G  0 disk  
├─sda1                    8:1    0   200G  0 part  
│ └─cryptxxx            253:8    0   200G  0 crypt 
│   ├─vg_cryptxxx-swap  253:9    0     4G  0 lvm   
│   ├─vg_cryptxxx-root  253:10   0    60G  0 lvm
│   └─vg_cryptxxx-home  253:11   0    20G  0 lvm   
├─sda3                    8:3    0     1K  0 part  
├─sda4                    8:4    0 531,3G  0 part  
│ ├─vg0-lvm_data        253:3    0 117,9G  0 lvm   
│ └─vg0-lvm_trash       253:5    0   357G  0 lvm   
├─sda5                    8:5    0   100G  0 part  
│ ├─vg0-lvm_boot        253:0    0   200M  0 lvm   
│ ├─vg0-lvm_root        253:1    0    63G  0 lvm   
│ ├─vg0-lvm_home        253:2    0    15G  0 lvm   
│ ├─vg0-lvm_data        253:3    0 117,9G  0 lvm   
│ └─vg0-lvm_swap        253:4    0     8G  0 lvm
└─sda6                    8:6    0 100,2G  0 part  
  └─vg0-lvm_data        253:3    0 117,9G  0 lvm   
sdb                       8:16   0 232,9G  0 disk  
├─sdb1                    8:17   0   100M  0 part  
├─sdb2                    8:18   0  23,7G  0 part  
└─sdb3                    8:19   0 209,1G  0 part  
sdc                       8:32   0   2,7T  0 disk  
└─sdc1                    8:33   0   2,7T  0 part  
  └─crypttrash          253:6    0   2,7T  0 crypt 
    └─vg_trash-trash    253:7    0     2T  0 lvm 

Also, I have few LUKS-containers (with separate LUKS-headers on USB-sticks).

9

Re: What storage layout do LUKS users have?

Hi Zeimahne,

Your posted setup of partition > LUKS > LVM will be possible to support.

I have never heard of LUKS containers with separate LUKS headers before.  I don't know whether this will be possible to support or not.  Can you point me at some documentation for this?

Thanks,
Mike

10

Re: What storage layout do LUKS users have?

(On behalf of Bodo, via email)

This is a dual-HD computer without RAID and different OS on both HDs and no LVM. The mount points seem to be a bit strange, because one of the HDs (sdb) ist currently up and running. :-)

NAME                  MAJ:MIN RM   SIZE RO TYPE  MOUNTPOINT
sdb                     8:16   0 465,8G  0 disk
├─sdb1                  8:17   0   7,8G  0 part
├─sdb2                  8:18   0 509,9M  0 part  /boot
├─sdb3                  8:19   0  11,7G  0 part
│ └─sda3_crypt (dm-0) 254:0    0  11,7G  0 crypt /
├─sdb4                  8:20   0     1K  0 part
├─sdb5                  8:21   0  29,3G  0 part
└─sdb6                  8:22   0 416,4G  0 part
  └─sda6_crypt (dm-2) 254:2    0 416,4G  0 crypt /DATA
sda                     8:0    0 465,8G  0 disk
├─sda1                  8:1    0   7,8G  0 part
│ └─sda1_crypt (dm-1) 254:1    0   7,8G  0 crypt [SWAP]
├─sda2                  8:2    0 509,9M  0 part  /boot
├─sda3                  8:3    0  11,7G  0 part  /
├─sda4                  8:4    0     1K  0 part
├─sda5                  8:5    0  29,3G  0 part
└─sda6                  8:6    0 416,4G  0 part  /DATA

Thanks and best wishes. If something is unclear please ask.

11

Re: What storage layout do LUKS users have?

Hi Bodo,

Your setup of partition > LUKS > file system will be possible to support.

Thanks,
Mike

12 (edited by Be_ 2015-05-08 06:49:05)

Re: What storage layout do LUKS users have?

This layout was originally created with the Fedora 19 installer, either with the default layout or with a lightly modified version of it. I don't know why it created nested LUKS containers because IIRC, it only asked me for one password. When I boot, I only have to enter one password that is the same for all the LUKS containers.

Thank you for finally putting the work into making this happen. The world has been sorely lacking a graphical program for easily managing encrypted partitions for too long.

NAME                                              MAJ:MIN RM   SIZE RO TYPE  MOUNTPOINT
sda                                                 8:0    0 465.8G  0 disk  
├─sda1                                              8:1    0   200M  0 part  /boot/efi
├─sda2                                              8:2    0   500M  0 part  /boot
└─sda3                                              8:3    0 465.1G  0 part  
  └─luks-8bef245b-125a-42f7-8334-7d67ee2b1c18     253:0    0 465.1G  0 crypt 
    ├─fedora-Fedora19                             253:1    0  14.7G  0 lvm   
    │ └─luks-7dcc71a4-9af0-467b-8269-b90e85361b7d 253:4    0  14.7G  0 crypt /
    ├─fedora-swap                                 253:2    0   3.9G  0 lvm   
    │ └─luks-3956feaa-88b4-40d3-8e48-552b02e38b62 253:3    0   3.9G  0 crypt 
    ├─fedora-home                                 253:5    0   440G  0 lvm   
    │ └─luks-0526d1da-dbca-4c70-92b4-f87450e7fdf9 253:7    0   440G  0 crypt /home
    └─fedora-lvol0                                253:6    0   6.5G  0 lvm

13

Re: What storage layout do LUKS users have?

Here is mine:

NAME                           MAJ:MIN RM   SIZE RO TYPE  MOUNTPOINT
sda                              8:0    0   477G  0 disk  
├─sda1                           8:1    0   512M  0 part  /boot/efi
├─sda2                           8:2    0   244M  0 part  /boot
└─sda3                           8:3    0 476.2G  0 part  
  └─sda3_crypt                 254:0    0 476.2G  0 crypt 
    ├─hanlonn--deb1--vg-root   254:1    0   9.3G  0 lvm   /
    ├─hanlonn--deb1--vg-swap_1 254:2    0  13.8G  0 lvm   [SWAP]
    └─hanlonn--deb1--vg-home   254:3    0 453.1G  0 lvm   /home
sr0                             11:0    1  1024M  0 rom

I would *LOVE* to see this feature very soon.

14

Re: What storage layout do LUKS users have?

My machine is a VirtualBox VDI.

Even if full resizing crypt partitions is not supported, at the bare minimum it would be nice to be able to move entire partitions. For example, in my scenario below, I would have liked to simply enlarge the sda1 partition (larger boot partition). I enlarged  the VDI by a few GB, but can not move SDA2 to the right, as it contains SDA5.

Anyway, hope this helps.

NAME                    MAJ:MIN RM  SIZE RO TYPE  MOUNTPOINT
sda                       8:0    0 53.7G  0 disk  
├─sda1                    8:1    0  243M  0 part  /boot
├─sda2                    8:2    0    1K  0 part  
└─sda5                    8:5    0 50.6G  0 part  
  └─sda5_crypt          252:0    0 50.6G  0 crypt 
    ├─ubuntu--vg-root   252:1    0 48.6G  0 lvm   /
    └─ubuntu--vg-swap_1 252:2    0    2G  0 lvm   
      └─cryptswap1      252:3    0    2G  0 crypt [SWAP]
sdb                       8:16   0  750G  0 disk  

15

Re: What storage layout do LUKS users have?

Hi Dekker,

Your setup of partition > LUKS > lvm will be supported.  GParted will be able to move logical partition sda5 containg LUKS/LVM.

By the way it seems unnecessary to encrypt swap space when the LVM in which it is contained is already encrypted.

Thanks,
Mike

16

Re: What storage layout do LUKS users have?

Be_ wrote:

This layout was originally created with the Fedora 19 installer, either with the default layout or with a lightly modified version of it. I don't know why it created nested LUKS containers because IIRC, it only asked me for one password. When I boot, I only have to enter one password that is the same for all the LUKS containers.

Thank you for finally putting the work into making this happen. The world has been sorely lacking a graphical program for easily managing encrypted partitions for too long.

NAME                                              MAJ:MIN RM   SIZE RO TYPE  MOUNTPOINT
sda                                                 8:0    0 465.8G  0 disk  
├─sda1                                              8:1    0   200M  0 part  /boot/efi
├─sda2                                              8:2    0   500M  0 part  /boot
└─sda3                                              8:3    0 465.1G  0 part  
  └─luks-8bef245b-125a-42f7-8334-7d67ee2b1c18     253:0    0 465.1G  0 crypt 
    ├─fedora-Fedora19                             253:1    0  14.7G  0 lvm   
    │ └─luks-7dcc71a4-9af0-467b-8269-b90e85361b7d 253:4    0  14.7G  0 crypt /
    ├─fedora-swap                                 253:2    0   3.9G  0 lvm   
    │ └─luks-3956feaa-88b4-40d3-8e48-552b02e38b62 253:3    0   3.9G  0 crypt 
    ├─fedora-home                                 253:5    0   440G  0 lvm   
    │ └─luks-0526d1da-dbca-4c70-92b4-f87450e7fdf9 253:7    0   440G  0 crypt /home
    └─fedora-lvol0                                253:6    0   6.5G  0 lvm

Hi Be_,

Sorry for the very late reply (over 6 months).

That is a really weird setup: partition > LUKS > lvm > LUKS; with every file system encrypted within LVM which is encrypted.

GParted is gaining the capability to support a 1-1-1 relationship of partition (or whole disk) to LUKS to file system.  In this case the file system would be the LVM Physical Volume.  Therefore this will be supported to the extent that GParted currently supports LVMs, which is to say LVM Physical Volumes are supported but Volume Groups and Logical Volumes are NOT supported.

Thanks,
Mike

17 (edited by Zero3 2016-03-24 16:24:57)

Re: What storage layout do LUKS users have?

Just chipping in:

NAME                  MAJ:MIN RM   SIZE RO TYPE  MOUNTPOINT
sda                     8:0    0 465,8G  0 disk  
├─sda1                  8:1    0   100M  0 part  
├─sda2                  8:2    0    64G  0 part  
├─sda3                  8:3    0 331,8G  0 part  
└─sda4                  8:4    0  69,9G  0 part  
sdb                     8:16   0  14,6G  0 disk  
├─sdb1                  8:17   0   7,6G  0 part  /
└─sdb2                  8:18   0     7G  0 part  
  └─sdc2_crypt (dm-0) 252:0    0     7G  0 crypt /home
sr0                    11:0    1  1024M  0 rom   

sdb is the flash drive of interest, from which I currently run Linux Mint. I set up the layout manually in the Linux Mint installer.

(P.S. The mail that the forum sent with password setup information when I signed up went straight to my spam folder in Gmail. Not sure if this is an issue with your mail server setup or just Gmail being stupid)