Installation Ubuntu on a encryptet system

 Challenge:

• I have an encryptet system
• 2 disks encryptet with LUKS
• I want to install a fresh Ubuntu distro

How to go...

https://medium.com/@mrWinston/restore-your-encrypted-ubuntu-18-04-drive-ce69254740ac

https://medium.com/@chrishantha/encrypting-disks-on-ubuntu-19-04-b50bfc65182a

• First boot the system with a Live-CD of Ubuntu -> try Ubuntu
• open a terminal in this session
• become root
  sudo su -
• have a look to all available disks and search the ones you need
  lsblk --all
  NAME                  MAJ:MIN RM   SIZE RO TYPE  MOUNTPOINT
  loop0                   7:0    0   9,1M  1 loop  /snap/kubectl/655
  ...
  loop15                  7:15   0         0 loop
  sda                     8:0    0 465,8G  0 disk
  ├─sda1                  8:1    0   512M  0 part  /boot/efi
  ├─sda2                  8:2    0   732M  0 part  /boot
  └─sda3                  8:3    0 464,6G  0 part
    └─sda3_crypt        253:0    0 464,6G  0 crypt
      ├─neon--vg-root   253:1    0 463,6G  0 lvm   /
      └─neon--vg-swap_1 253:2    0   980M  0 lvm   [SWAP]
  sdb                     8:16   0 238,5G  0 disk
  ├─sdb1                  8:17   0   512M  0 part
  ├─sdb2                  8:18   0   732M  0 part
  └─sdb3                  8:19   0 237,3G  0 part
• In my case the necessary disk were sda and sdb
• Next step search the partition of the disks which are encrypted
  lsblk -f /dev/sdb
  NAME   FSTYPE      LABEL UUID                                 MOUNTPOINT
  sdb
  ├─sdb1 vfat              9BCC-475E
  ├─sdb2 ext4              ad2fcd47-3725-4a8a-8ea6-90943b5914d2
  └─sdb3 crypto_LUKS       a740ff78-58b7-4ccd-87a1-92ba8715edcf
• Open the encryptet partition
  cryptsetup open /dev/sdb3 rootdisk
• rootdisk is here a free name which will be important at the end of the Ubuntu installation
• After open both of my encrypted disks I could start the Ubuntu installation as usual
• Before restart the fresh Ubuntu installation you have to clicked "Continue Testing" and return to the terminal
• First get the UUIDs of the encrypted partitions and note them
  sudo blkid </dev/DEV_ROOTFS>
  sudo blkid </dev/DEV_HOME>
• Then mount the Ubuntu OS
  sudo mount /dev/mapper/vgroot-lvroot /mnt
  sudo mount </dev/DEV_BOOT> /mnt/boot
  sudo mount /dev/mapper/vghome-lvhome /mnt/home
  sudo mount --bind /dev /mnt/dev
  sudo chroot /mnt
  mount -t proc proc /proc
  mount -t sysfs sys /sys
  mount -t devpts devpts /dev/pts
• Create the file /etc/crypttab
  sudo nano /etc/crypttab
• Add the following lines
  # <target name> <source device> <key file> <options>
  rootdisk UUID=<UUID_ROOTFS> none luks,discard
  homedisk UUID=<UUID_HOME> none luks,discard
• IMPORTANT: rootdisk and homedisk are the names you used during open the encrypted disks at the beginning of this description
• After editing /etc/crypttab execute the following command
  update-initramfs -k all -c
• Here have a look at the output. If you using the wrong target name of the disks, you can see it here
• Leave the terminal and reboot the system. During the reboot you now should be asked for the password for the encrypted disks