Skip to main content
Topic: Differences in installation of Artix with LVM on LUKS encryption (Read 1048 times) previous topic - next topic
0 Members and 1 Guest are viewing this topic.

Differences in installation of Artix with LVM on LUKS encryption

I've successfully installed Artix base with openrc using LVM on LUKS. I use UEFI and GRUB bootloader.

I've started with this (https://wiki.artixlinux.org/Main/InstallationWithFullDiskEncryption) wiki page, which directly links to https://www.rohlix.eu/post/artix-linux-full-disk-encryption-with-uefi/ blog post. However, there's one difference in these two tutorials that I don't understand.

The former tutorial here on wiki mentions:

Quote
In order to decrypt and use the LUKS/LVM volumes, the following services need to be installed and activated:
Code: [Select]
rc-update add device-mapper boot
rc-update add lvm boot
rc-update add dmcrypt boot

But nothing like that is mentioned in the blog post. I don't start these services at boot runlevel and there seems to be no issue. Why would they be needed at the boot runlevel as mentioned?

I do boot with no problem into my newly installed system. Neither of the services mentioned is present at boot runlevel, not at default runlevel.

Thank you


Re: Differences in installation of Artix with LVM on LUKS encryption

Reply #1
because you need decrypt and use the LUKS/LVM volumes at boot!!?

feel free to skip it, but then don't be surprised that your system doesn't boot  :D :D :D
seriously... OpenRC will start with services in the boot  runlevel as first, so it is ensured that it is unlocked and decrypted right at the beginning of the boot...
It gives me a lot more sense to have it already in boot runlevel than in default.

Re: Differences in installation of Artix with LVM on LUKS encryption

Reply #2
because you need decrypt and use the LUKS/LVM volumes at boot!!?

feel free to skip it, but then don't be surprised that your system doesn't boot  :D :D :D
OpenRC will start with services in the boot  runlevel as first, so it is ensured that it is unlocked and decrypted right at the beginning of the boot.


I do boot with no problem. I get asked for a passphrase + I use a keyfile. I do successfully boot into my newly installed system without any of these services being present at the boot runlevel, not at default runlevel.

 

Re: Differences in installation of Artix with LVM on LUKS encryption

Reply #3
After reading some more, it does seem these services in the boot runlevel are needed when I have additional encrypted filesystems I'd like to decrypt during boot. E.g. I have /home on a separate physical drive, e.g. /dev/sdb. Some information could be found e.g. here https://wiki.alpinelinux.org/wiki/LVM_on_LUKS#Mounting_additional_encrypted_filesystems_at_boot and especially the note:

Quote
Note: This does not apply for volumes within your main encrypted partition /dev/sda2

Since both of the tutorials I mentioned in my original question work only with one physical drive on which there's only root and swap, adding these services to boot runlevel seem to be unnecessary because it does work even when I skip this part of the tutorial.

If I'm wrong, I'd like to be corrected, but since the Artix wiki is the only one that mentions this and I confirmed by experimentation that it could be skipped, I don't think that doing any manual configuration of these services is needed.