LVM and Luks encryption can be a simple and effective combination to keeping your data safe. However, encryption tends to complicate things a bit when it comes to data recovery and system repair. In order to repair a grub install, most people can just use a live "rescue" Linux CD to either boot to their system or to mount their install and chroot in to run commands. When you put your root partition in an encrypted LVM, then accessing your data takes a bit extra work. After doing the research here is how I was able to access my data, and restore GRUB so I could once again boot back into my system.

So first a little background on my system. Recently my trusty Dell died on me. First the WiFi card died back in Jan of this year and then in late Feb my graphics card and hard drive went simultaneously. I ordered a new Lenovo based on several recommendations from fellow VTLUUG members. The new system has a  hefty 500GB and so to actually use that space better, I set up roughly 100GB for Windows 7 Ultimate Signature edition, 100MB for /boot and the remaining 300GB went to an encrypted LVM. Why encrypted? Why not? My system stores plenty of my personal info that is completely protected when I shut it down for traveling. Also the LVM lets me grow and shrink partitions on demand.

The Spec List

Hardware

  • Intel Core i5 2.6 GHz
  • 8GB Ram
  • Switchable Nvidia /Intel Graphics Cards
  • 14" LED Back Lit Display
  • Web cam
  • 500GB 7k RPM HD
  • Fingerprint Reader
  • Intel Wifi with 3 Antennae

Software

  • Archlinux 64-bit
  • KDE 4.6
  • LVM + LUKS encryption
  • Windows 7 Ultimate Signature Edition

The Situation

Windows XP did not understand the concept of a dual boot. Windows 7 did improve this slightly because it can dual boot with XP, Vista, or other 7 installs; however, Windows 7 still cannot recognize *NIX systems. GRUB, the default boot loader for most Linux distributions handles booting to multiple OS's just fine. In fact, the Ubuntu installer and the Fedora/Redhat installer (ananconda) both properly detect existing Windows installs, then add entries to the boot menu to access these installs.

When you set up a multi-boot system on a PC form factor (as apposed to a Mac which uses EFI not MBR) you typically have two options.

  1. Install Windows first (oldest version to newest if you are going to have more than one). Then install a Linux distro. Most modern desktop distributions will automatically detect Windows and add entries to GRUB so you can boot to them later.
  2. Install Linux first. Install GRUB not to the MBR but to the root partition. Install Windows and  edit the windows boot.ini file to point to Linux.

The former, because it's automatic is quite easy. The later, although not impossible, is not something for beginners and is a lot more manual in it's setup. Whenever I am doing a multi-boot setup I go with the first option because it's easier.

This is where I get into a pickle. My Windows 7 setup had become completely unstable. I could not figure out why so I decided it must have been something I did considering that most people do not have the issues I was having with such frequency on a brand new install. So I wipe it, change less settings, install my drivers and all my basic apps, and start getting everything set up.

However, Windows does not understand how to boot to anything other than Windows. So when I reformatted, it wrote GRUB on the MBR with it's own boot loader. The end result being I could now only boot into Windows. Since Archlinux is my primary OS, All of my external drives are EXT3/4. This means I can't access any of my data or backups in Windows. Not typically an issue unless you only have Windows!

The Solution -

So now I needed to reinstall GRUB to the MBR if I wanted to be able to boot back into my Linux install. After doing some research I broke down what I needed to do into four simple steps:

  1. Boot into a live 64bit Linux
  2. Decrypt and map the LVM for mounting
  3. Mount and root into my Linux install
  4. Reinstall GRUB from inside Archlinux

The live Linux environment I use for a lot of my data recovery and other tasks is System Rescue CD. It is based off Gentoo, has many useful tools, and boots both 32 and 64 bit kernels on one ~300MB CD.

After booting, I needed to load the dm-crypt module:

modprobe dm-crypt

Next you need to decrypt the partition. I know that sda3 is my LVM partition so my command was:

cryptsetup luksOpen /dev/sda3 linux

Where Linux is an arbitrary name for the decrypted volume. You should get back:

Enter LUKS passphrase:
key slot 0 unlocked.
Command successful.

To verify, run:

vgscan

The reply will look like:

Reading all physical volumes. This may take a while...
Found volume group "main" using metadata type lvm2

Where "main" is the name of my volume group:

vgchange -a y main
lvscan

The reply should look similar to:

ACTIVE     '/dev/main/root'   [5.00 GB]     inherit
ACTIVE     '/dev/main/usr'    [6.00 GB]     inherit
ACTIVE     '/dev/main/home'   [128 GB]      inherit
ACTIVE     '/dev/main/swap'   [2048 MB]     inherit

Now I have access to the partitions I need to mount in order to chroot

into the install:

mkdir /media/linux
mount /dev/main/root /media/linux
mount /dev/main/usr /media/linux/usr
mount -o bind /proc /media/linux/proc
mount -o bind /dev /media/linux/dev
mount -o bind /sys /media/linux/sys

Now we can chroot into the existing install From there we can mount boot:

chroot /media/linux /bin/bash

Now I need to mount my boot partition which is on /dev/sda2:

mount /dev/sda2 /boot

Finally we can reinstall GRUB!:

grub-install /dev/sda

Which should reply with:

Installation finished. No error reported.
This is the contents of the device map /boot/grub/device.map.
Check if this is correct or not. If any of the lines is incorrect,
fix it and re-run the script `grub-install'.

Now just exit the chroot, and shut down the system:

exit
shutdown -h now

Credits

Two sources of documentation were essential to this guide

Share and enjoy!