How to migrate an encrypted LVM install to a new disk

grub2 partitioning encryption lvm
14,285

Solution 1

Partitioning and file copy - while running

I did this by starting with the running system. I plugged the new SSD into a USB SATA adapter and partitioned it, set up LVM and copied the files across.

# confirm disk size is as expected for sdc
sudo fdisk -l /dev/sdc
# now partition - 500 MB partition as boot, the rest as a single (logical) partition
sudo cfdisk /dev/sdc

Your disk should now look like:

sudo fdisk -l /dev/sdc
Disk /dev/sda: 120.0 GB, 120034123776 bytes
255 heads, 63 sectors/track, 14593 cylinders, total 234441648 sectors
Units = sectors of 1 * 512 = 512 bytes
Sector size (logical/physical): 512 bytes / 512 bytes
I/O size (minimum/optimal): 512 bytes / 512 bytes
Disk identifier: 0x00000000

   Device Boot      Start         End      Blocks   Id  System
/dev/sda1   *          63      979964      489951   83  Linux
/dev/sda2          979965   234441647   116730841+   5  Extended
/dev/sda5          980028   234441647   116730810   82  Linux swap / Solaris

The next step is to put encryption on the partition and LVM on top of the encryption.

sudo cryptsetup -y luksFormat /dev/sdc5
sudo cryptsetup luksOpen /dev/sdc5 crypt
sudo vgcreate crypt-lvm /dev/mapper/crypt
sudo lvcreate -L4G -nswap crypt-lvm
sudo lvcreate -l100%FREE -nroot crypt-lvm

Now make the filesystems and mount them and copy your system across.

sudo mkfs.ext2 /dev/sdc1
# you do ls /dev/mapper to check the name if different
sudo mkfs.ext4 /dev/mapper/crypt-root
sudo mkdir /mnt/boot
sudo mkdir /mnt/root
sudo mount -t ext2 /dev/sdc1 /mnt/boot
sudo mount -t ext4 /dev/mapper/crypt-root /mnt/root

# rsync files
sudo rsync -a /boot/* /mnt/boot/
sudo rsync -aHAX --devices --specials --delete --one-file-system --exclude proc --exclude run --exclude boot --exclude sys --exclude tmp /* /mnt/root/

Up to this point you can keep the system running and use it. Now you need to shutdown and boot into a live CD/USB so you can get the system in a shutdown state.

Partitioning and file copy - live CD/USB

Once you have booted, open a terminal and:

sudo apt-get install lvm2

# mount old hard drive
sudo cryptsetup luksOpen /dev/sda5 sda5_crypt
sudo mkdir /mnt/sdaroot
# you can do ls /dev/mapper to check the name if it is different
sudo mount -t ext4 /dev/mapper/sda5_crypt--root /mnt/sdaroot

# mount new hard drive (over USB)
sudo cryptsetup luksOpen /dev/sdc5 sdc5_crypt
sudo mkdir /mnt/sdcroot
sudo mount -t ext4 /dev/mapper/sdc5_crypt--root /mnt/sdcroot

# final rsync
sudo rsync -aHAX --devices --specials --delete --one-file-system --exclude proc --exclude run --exclude boot --exclude sys --exclude tmp /mnt/sdaroot/* /mnt/sdcroot/

chroot

# prepare chroot
cd /mnt/sdcroot
sudo mkdir boot

# these directories are set up by the system and we need them inside the chroot
sudo mount -t proc proc /mnt/sdcroot/proc
sudo mount -t sysfs sys /mnt/sdcroot/sys
sudo mount -o bind /dev /mnt/sdcroot/dev

# now enter the chroot
sudo chroot /mnt/root/

Changing UUIDs

Now we are root inside the chroot and run the following commands:

# inside chroot, as root
mount -t ext2 /dev/sdc1 /boot
blkid

Now you will see all the UUIDs for the various disk in the system. You will need to edit the UUIDs in /etc/fstab and /etc/crypttab to match the values for /dev/sdc?

In /etc/fstab you need to use the UUID for the boot disk - /dev/sdc1 if your disks have the same letter as me.

In /etc/crypttab you need to use the UUID for the other (big) partition - /dev/sdc5 if your disks have the same letter as me.

initramfs and grub

# now update initramfs for all installed kernels
update-initramfs -u -k all

# install grub and ensure it is up to date
grub-install /dev/sdc      # NOTE sdc NOT sdc1
update-grub

# hit Ctrl-D to exit chroot
sudo umount /mnt/root

Now shutdown, put the SSD inside your laptop, cross your fingers and boot up.

Useful links

Good guide for the cryptsetup stuff at http://www.debian-administration.org/articles/577

For installing grub on an external partition: https://stackoverflow.com/questions/247030/how-to-set-up-grub-in-a-cloned-hard-disk

https://help.ubuntu.com/community/UsingUUID

Solution 2

I tried to comment, but I lack the reputation :-)

Anyway, I used successfully the amazing guide by Hamish to migrate to a ssd on my linux-based luks-encrypted work laptop. Just a few remarks:
1. After creating the swap lv also use

# mkswap /dev/mapper/crypt-swap

to initialize the swap, otherwise it fails during boot, as indicated in the comment above.
2. The rsync command is too restrictive as it is. When I used it with --exclude run, I ran into all sorts of veeeeeeery strange generally unseen by the internet errors. The run has to be included. The sys is anyway empty when booting into maintenance mode, so it can stay. Also if you exclude tmp, the newly created on the target /tmp and /var/tmp don't get a sticky bit - remember to set them by yourself. I ended up using something like 

# rsync -aHAX --devices --specials --delete --one-file-system --exclude proc --exclude boot /mnt/sdaroot/* /mnt/sdcroot/

Overall - a great guide, shows the overview of the process accurately! Teaches you how to fish, so to say!

Share:
14,285

Related videos on Youtube

Hamish Downer
Author by

Hamish Downer

Updated on September 18, 2022

Comments

  • Hamish Downer
    Hamish Downer over 1 year

    I have a somewhat customised laptop install I want to move to a SSD directly, without having to reinstall Ubuntu, reinstall all the apps and make all the other changes again. The SSD is smaller, so I can't just do dd.

    The original install was done with the Ubuntu alternate installer, selecting the full disk encryption with LVM option.

    What steps are required and how do I do them? I expect to have to:

    • set up the disk partitions, encryption etc
    • copy the data across
    • install grub and get it working with new UUID values etc.
  • Hamish Downer
    Hamish Downer about 11 years
    Just discovered the rsync exclude of sys excluded some directories I wanted to include. I will come up with a more discerning rsync command and update this answer.
  • guntbert
    guntbert over 10 years
    Just a reminder: you promised an update for this excellent answer :-)
  • Blindfreddy
    Blindfreddy over 9 years
    In the chroot section, before mounting, I had to create the mount points: sudo mount -t proc proc /mnt/sdcroot/proc sudo mount -t sysfs sys /mnt/sdcroot/sys sudo mount -o bind /dev /mnt/sdcroot/dev beforehand do: sudo mkdir /mnt/sdcroot/proc sudo mkdir /mnt/sdcroot/sys --- In my case, the command to create the initramfs did not work, because the kernel versions didn't match and so initramfs couldn't find the right kernel in /boot, so I couldn't get the whole thing to work.
  • Luka
    Luka about 6 years
    I have followed your "while running" guide, made a few adjustments (ext4) and so far it worked wonderfully. I changed in fstab UUID for boot to the new partition I also changed mountpoints for root and swap. Is there anything else besides fstab needed to change? I'm gonna try booting now :D
  • Dan Stahlke
    Dan Stahlke almost 6 years
    When you do luksOpen, make sure to assign the same label that's used in crypttab or the grub setup won't work properly. Took me forever to figure that out. Another answer mentions binding /run/lvm. Don't know if that's needed. For debugging you can save time by practicing on a USB disk and trying to boot it with kvm.
  • gatoatigrado
    gatoatigrado over 5 years
    Thank you very much. You can simplify some of the rsync command if you just mount --bind / /mnt/root or such -- this will give you a view of the original root partition without dev/proc/etc. mounted (i.e. there is no mount point /mnt/root/proc). cheers
  • vinc17
    vinc17 over 2 years
    About rsync: Are the --exclude necessary with --one-file-system? For instance /proc has a different filesystem (proc) so that it shouldn't be synced when --one-file-system is provided. Moreover, according to the rsync(1) man page, --devices --specials are already implied by -a (as being equivalent to -D). Maybe not really useful, but shouldn't -N be added (to preserve create times)?
  • vinc17
    vinc17 over 2 years
    The given rsync command with the --exclude options is plainly wrong: with this, all the boot, proc, run, sys, tmp files and directories are excluded, not just those in the root directory. One needs a mount --bind / /mnt/old-root (as suggested by @gatoatigrado) to avoid the --exclude options. Moreover, one needs to modify /etc/initramfs-tools/conf.d/resume too to avoid a timeout on startup. Also note that for the partition, one needs a dos label type (not the default gpt), and mark the first partition as bootable.

Recents

Why Is PNG file with Drop Shadow in Flutter Web App Grainy?
How to troubleshoot crashes detected by Google Play Store for Flutter app
Cupertino DateTime picker interfering with scroll behaviour
Why does awk -F work for most letters, but not for the letter "t"?
Flutter change focus color and icon color but not works
How to print and connect to printer using flutter desktop via usb?
Critical issues have been reported with the following SDK versions: com.google.android.gms:play-services-safetynet:17.0.0
Flutter Dart - get localized country name from country code
navigatorState is null when using pushNamed Navigation onGenerateRoutes of GetMaterialPage
Android Sdk manager not found- Flutter doctor error
Flutter Laravel Push Notification without using any third party like(firebase,onesignal..etc)
How to change the color of ElevatedButton when entering text in TextField

Related

Recover data from formatted LVM (Luks, Ext3) after Ubuntu installed over it
Install Ubuntu 15.04 with full disk encryption, but without swap partition
Ubuntu 20.04 + WIndows 10 Pro + disk encryption
How to expand an encrypted ubuntu partition with LVM
How does LUKS work?
Ubuntu won't boot because of lvmetad
Increase Swap in Ubuntu 18.04 Under Lvm and Encrypted File System
Encrypted LVM in Debian Install - Is whole disk encrypted?
Unable to free up space on vg-root
"insufficient free space" error when trying to create new logical volume?