The Setup -
LVM and Luks encryption can be a simple and effective combination to keeping your data safe. However, encryption tends to complicate things a bit when it comes to data recovery and system repair. In order to repair a grub install, most people can just use a live “rescue” Linux CD to either boot to their system or to mount their install and chroot in to run commands. When you put your root pariton in an encrypted LVM, then accessing your data takes a bit extra work. After doing the research here is how I was able to access my data, and restore GRUB so I could once again boot back into my system.
So first a little background on my system. Recently my trusty Dell died on me. First the wifi card died back in Jan of this year and then in late Feb my graphics card and hard drive went simultaiunusly. I ordered a new Lenovo based on several reccomendations from fellow VTLUUG members. The new system has a hefty 500GB and so to actually use that space better, I set up roughly 100GB for Windows 7 Ultimate Signature edition, 100MB for /boot and the remaining 300GB went to an encrypted LVM. Why encrypted? Why not? My system stores plenty of my personal info that is completely protected when I shut it down for traveling. Also the LVM lets me grow and shrink partitions on demand.
The Spec List -
- Intel Core i5 2.6 GHz
- 8GB Ram
- Swichable Nvidia /Intel Graphics Cards
- 14″ LED Back Lit Display
- 500GB 7k RPM HD
- Fingerprint Reader
- Intel Wifi with 3 Antennea
- Archlinux 64-bit
- KDE 4.6
- LVM + LUKS encryption
- Windows 7 Ultimate Signature Edition
The Situation -
Windows XP did not understand the concept of a dual boot. Windows 7 did improve this slightly because it can dual boot with XP, Vista, or other 7 installs; however, Windows 7 still cannot recognize *NIX systems. GRUB, the defualt boot loader for most Linux distributions handles booting to multiple OS’s just fine. In fact, the Ubuntu installer and the Fedora/Redhat installer (ananconda) both properly detect existing Windows installs, then add entries to the boot menu to access these installs.
- Install Windows first (oldest version to newest if you are going to have more than one). Then install a Linux distro. Most modern desktop distributions will automatically detect Windows and add entries to GRUB so you can boot to them later.
- Install Linux first. Install GRUB not to the MBR but to the root partition. Install Windows and edit the windows boot.ini file to point to Linux.
The former, because it’s automatic is quite easy. The later, although not impossible, is not something for beginners and is a lot more manual in it’s setup. Whenever I am doing a multi-boot setup I go with the first option becasue it’s easier.
This is where I get into a pickle. My Windows 7 setup had become completely unstable. I could not figure out why so I deciced it must have been something I did considering that most people do not have the issues I was having with such frequency on a brand new install. So I wipe it, change less settings, install my drivers and all my basic apps, and start getting everything set up.
However, Windows does not understand how to boot to anything other than Windows. So when I reformatted, it wrote GRUB on the MBR with it’s own boot loader. The end result being I could now only boot into Windows. Since Archlinux is my primary OS, All of my external drives are EXT3/4. This means I can’t access any of my data or backups in Windows. Not typically an issue unless you only have Windows!
The Solution -
So now I needed to reinstall GRUB to the MBR if I wanted to be able to boot back into my Linux install. After doing some research I broke down what I needed to do into four simple steps:
- Boot into a live 64bit Linux
- Decrypt and map the LVM for mounting
- Mount and root into my Linux install
- Reinstall GRUB from inside Archlinux
The live Linux enviornment I use for a lot of my data recovery and other tasks is System Rescue CD. It is based off Gentoo, has many useful tools, and boots both 32 and 64 bit kernels on one ~300MB CD.
After booting, I needed to load the dm-crypt module
# modprobe dm-crypt
Next you need to decrypt the partition. I know that sda3 is my LVM partition so my command was
# cryptsetup luksOpen /dev/sda3 linux
Where linux is an arbitrary name for the decrypted volume. You should get back:
key slot 0 unlocked.
To verify, run
Found volume group "main" using metadata type lvm2
Where “main” is the name of my volume group.
# vgchange -a y main
ACTIVE '/dev/main/usr' [6.00 GB] inherit
ACTIVE '/dev/main/home' [128 GB] inherit
ACTIVE '/dev/main/swap' [2048 MB] inherit
Now I have access to the paritions I need to mount in order to chroot into the install.
# mount /dev/main/root /media/linux
# mount /dev/main/usr /media/linux/usr
# mount -o bind /proc /media/linux/proc
# mount -o bind /dev /media/linux/dev
# mount -o bind /sys /media/linux/sys
Now we can chroot into the existing install From there we can mount the
chroot /media/linux /bin/bash
Now I need to mount my boot parition which is on
mount /dev/sda2 /boot
Finally we can reinstall GRUB!
This is the contents of the device map /boot/grub/device.map.
Check if this is correct or not. If any of the lines is incorrect,
fix it and re-run the script `grub-install'.
From here run
# exit to be brought back to the System Rescue CD console where you can run
shutdown -h now and poweroff your system.
Two sources of documentation were essential to this guide
Share and enjoy!