]> Installing a Debian operating system on an individually structured, encrypted LVM disk

Installing a Debian operating system on an individually structured, encrypted LVM disk

by Stephan K.H. Seidl

Version 1, Sun, 30 Dec 2018 23:14:25 +0100

Problems

The disk setup for a Debian 9 system by means of the installer's partition manager appears cluttered and tedious if an individually structured hard drive is envisaged, whereat, apart from early loaders and the kernel, all data, including the root partition, need be encrypted. While the Debian installer is in general easy to use, this is less true for its partition manager. Most likely, that is because of the complexity of the matter. In other words, the structure of the partition manager menus does not reflect the situation unmistakably. A last issue arises from the fact that the keyboard must be made fully available right from the beginning to successfully obtain the passphrase before the root partition is present.

Solution

Every time the layout of any menus misrepresents the situation, the first way making sense is the one back to the command line interface (CLI). On the other hand, it would be a bad idea to perform the machine setup without the Debian installer at all, as most of its components do their job well. So the solution here will be the following hybrid. Those parts of the installation, that can clearer and faster be done with the help of the CLI, are actually done using the CLI, and everything else is done with the help of the installer menus. The presented files should be understood here as a reminder. They show how the CLI can be made available and how it applies to reach the goal.

Between the installation procedure menu items Detect disks and Partition disks, a CLI step is inserted which enables the running kernel to provide the partition manager with a fully configured hard disk exhibiting unencrypted partitions. Such a way the partition manager does only have to carry out elementary activities that do not provoke difficulties. Furthermore, between the menu items Install the GRUB boot loader on an hard disk and Finish the installation, another CLI step is inserted that executes the missing activities, which the partition manager now omits because it is no longer confronted with encrypted data. Finally, this second step also stores the necessary modules for a fully functional USB keyboard in the kernel RAM disk.

The file
debinsteeepc1000h.txt (click here for download)
sketches the resulting procedure to install a Debian 9 operating system on an ASUS EeePC 1000H netbook, and the file
debinstsystemx3650m3.txt (click here for download)
the one to install a Debian 9 system on an IBM System x3650 M3 server.

Sometimes there is also an interest in having the GRUB configuration file more readable. Here are the examples belonging to the two installation cases.

The file
grubeeepc1000h.cfg (click here for download)
is the GRUB configuration used on the EeePC 1000H, and the file
grubsystemx3650m3.cfg (click here for download)
is the one used on the System x3650 M3.

Thus, the file /boot/grub/grub.cfg immediately becomes a candidate of the set of all those handcrafted files, which need be monitored by some piece of software to see if they have not been altered by any Debian update mechanism.

That's it.


Sun, 30 Dec 2018 23:14:25 +0100

Stephan K.H. Seidl