Arch Linux: UEFI Luks LVM (encrypted boot) (Part 1)

April 28, 2024 ┃ #linux #security

In Part 1 we set some vars first…

export DISK=sdb
export POOL=ARCH
export SWAPSIZE=8G

We use parted(8) for creating the disklayout

parted -s /dev/${DISK} mklabel gpt
parted -a optimal /dev/${DISK} mkpart primary 2048s 100M
parted -a optimal /dev/${DISK} mkpart primary 100M 100%
parted /dev/${DISK} set 1 boot on

Create encrypted disk with cryptsetup(8)

cryptsetup luksFormat --type luks1 /dev/${DISK}2
cryptsetup luksOpen /dev/${DISK}2 ARCH

Now we can use LVM to create the logic volumes

#Initialize physical volume
pvcreate /dev/mapper/${POOL}
#Create volume group
vgcreate ${POOL} /dev/mapper/${POOL}
#Create internal logical volumes
lvcreate -L 300M -n boot ${POOL}
lvcreate -C y -L ${SWAPSIZE} -n swap ${POOL}
lvcreate -L 35G -n root ${POOL}
lvcreate -l 100%FREE -n data ${POOL}

More to come in Part 2…