[Bug 1904270] Re: ubiquity does not support existing LUKS encrypted partitions

Uwe Geuder 1904270 at bugs.launchpad.net
Tue Mar 16 00:21:40 UTC 2021 

> Then, either do this at the end after the installer has run, or boot
into a live CD environment (e.g. Kubuntu) and do:

The many steps given there are not really necessary. If you installed
without downloading updates the following steps should be easier:

1. The first boot after the installation will not succeed, but give you a busybox shell from initramfs.
1. In that shell give the cryptsetup command as given above.
1. Exit the shell using Ctrl-D.
1. The boot will now complete.
1. Create the /etc/crypttab file. Typically you can just copy it from your previous root file system.
1. Update the system using apt or whatever you use. Unless you do this immediately when the installer image was built there will be updates that recreate the initramfs. The recreated initramfs will contain your new /etc/crypttab.
1. Reboot.
1. It works!

-- 
You received this bug notification because you are a member of Ubuntu
Foundations Bugs, which is subscribed to ubiquity in Ubuntu.
https://bugs.launchpad.net/bugs/1904270

Title:
  ubiquity does not support existing LUKS encrypted partitions

Status in ubiquity package in Ubuntu:
  Confirmed

Bug description:
  The ubiquity installer, including both the text version on the Ubuntu
  Server live CD and its GUI version does not support using existing
  LUKS encrypted partitions. That means out of the box it wants to
  completely wipe all existing partitions, this is a serious failure for
  what's now the default installer in Ubuntu 20.04.

  There is a workaround that involves running 'cryptsetup luksOpen'
  before running the installer, so that it can see the LVM LV's that are
  on the encrypted device and use them. But even doing this won't work
  properly because the installer stuffs up the /etc/crypttab and initrd.
  You have to manually create /etc/crypttab and initrd.

  This is a major failure since the installer doesn't support re-using
  partitions that it itself created.

  Steps to reproduce:
  - get a system with a blank disk, or just create a new Virtualbox VM
  - install Ubuntu 20.04 on an encrypted LUKS partition (using the options in the ubiquity installer), creating a / (root), /home and swap LV on top of the LUKS partition/LVM volume group
  - boot the system to verify it starts, then restart into the installer again
  - try to re-use the existing partitions, you can't unless you follow the manual workaround below:

  **Workaround**
  **Ubuntu 20.04: Extra Steps for Re-Using Existing LUKS Encrypted Partition**
  (replace nvme0n1p8 with your encrypted LUKS partition)

  - BEFORE starting the installer (if in Ubuntu or Kubuntu live CD desktop), or at the first step (if using Ubuntu Server text-based live CD installer):
  # open existing LUKS partition (
  cryptsetup luksOpen /dev/nvme0n1p8 nvme0n1p8_crypt

  - Then, either do this at the end after the installer has run, or boot into a live CD environment (e.g. Kubuntu) and do:
  cryptsetup luksOpen /dev/nvme0n1p8 nvme0n1p8_crypt
  mount -o subvol=@ /dev/mapper/MainVG-root /mnt/
  mount /dev/nvme0n1p7 /mnt/boot/
  mount --rbind /dev/ /mnt/dev/
  mount --rbind /sys/ /mnt/sys/
  mount --rbind /run/ /mnt/run/
  mount --rbind /proc/ /mnt/proc/
  chroot /mnt /bin/bash -l
  blkid | grep crypto_LUKS
  # Example: /dev/nvme0n1p8: UUID="8cb9831a-692e-4b0e-936f-72529a3ed56d" TYPE="crypto_LUKS" PARTUUID="139f23d2-a0ff-4f4f-b41f-8083964ac894"
  apt install vim
  vim /etc/crypttab
  # Add a line for the encrypted partiton, e.g:
  # nvme0n1p8_crypt UUID="8cb9831a-692e-4b0e-936f-72529a3ed56d" none luks
  # 
  # MAKE SURE There's a newline at end of /etc/crypttab

  # update the initramfs
  update-initramfs -u -k all

  umount -l /mnt

  # Optional, probably not needed
  grub-install --recheck /dev/nvme0n1
  grub-mkconfig -o /boot/grub/grub.cfg

  ProblemType: Bug
  DistroRelease: Ubuntu 20.04
  Package: ubiquity (not installed)
  ProcVersionSignature: Ubuntu 5.4.0-53.59-generic 5.4.65
  Uname: Linux 5.4.0-53-generic x86_64
  ApportVersion: 2.20.11-0ubuntu27.12
  Architecture: amd64
  CasperMD5CheckResult: skip
  CurrentDesktop: KDE
  Date: Sat Nov 14 21:30:33 2020
  InstallationDate: Installed on 2020-11-02 (11 days ago)
  InstallationMedia: Kubuntu 20.04.1 LTS "Focal Fossa" - Release amd64 (20200731)
  SourcePackage: ubiquity
  UpgradeStatus: No upgrade log present (probably fresh install)

To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/ubiquity/+bug/1904270/+subscriptions

More information about the foundations-bugs mailing list