Bug Bounty: Solve Preseed Encrypted LVM on Ubuntu 22.04 - Springfield Data Recovery
springfielddatarecovery.com
Bounty Amount and Terms: This bounty is for $250 USD and will be paid out via PayPal. You can also be paid in BTC if you prefer. This bounty amount will increase at random amounts and intervals until it is claimed. The bounty is open to residents of all countries except those under embargo or…Read More

Note that once solved, the code from this bounty will be made publicly available for anybody who wants to use it on their ubuntu installer. Please see link for full details including results of previous attempts to fix the issue.

Bounty Amount and Terms:

This bounty is for $250 USD and will be paid out via PayPal. This bounty amount will increase at random amounts and intervals until it is claimed. The bounty is open to residents of all countries except those under embargo or sanction by the US govt. The bounty will be paid out to the first person to produce a working preseed recipe or steps to achieve the desired result. When the bounty is successfully claimed, this post will be updated. By submitting your fix and claiming your bounty, you agree to release any code, preseed files, etc delivered to us into the public domain and surrender all rights you hold to them.

Problem:

We want to create an Xubuntu 22.04 ISO using Cubic. Using the preseed, we want to automatically partition the drive with a standard encrypted LVM setup (same one that is achieved manually via the GUI installer). Unfortunately, all existing recipes, which supposedly worked in prior Ubuntu versions, fail with the error No modifications can be made to the device: Encrypted Volume (sda1p2_crypt) for the following reasons: In use by LVM module group crypt or whatever the volume is titled in the partman recipe.

Desired Solution:

  • A preseed file which enables automatic encrypted LVM partitioning identical to what is achieved by choosing it manually in the GUI installer
  • This solution must be compatible with Cubic and may involve making modifications to the underlying iso, for example, by issuing commands at the chroot terminal provided by Cubic. It should not require any modifications to the ISO outside of the abilities provided by Cubic.
  • @rjthyen@lemm.eeEnglish
    48 months ago

    I wish I understood what virtually any of all that means. Sounds fascinating

    • @MrMonkey@lemm.eeEnglish
      38 months ago

      LVM is the Linux Volume Manager. In short it’s kind of like a partitioner inside the OS (but with lots of cool features, like encryption, snapshots and restores, and caches, RAID)

      So you add all your drives, potentially with different groups like NVME, SSD. Then in those groups you create a volume (think partition).

      Examples:

      • For example my laptop has one drive, and one volume group, but I have a separate volume for home so I can take snapshot (which are small if things haven’t changed much!) and keep my home direecty when installing a new distro. I also make a separate volume for a VM to keep my machine clean.

      • My server, however, has 2 NVME drives and 12 spinning rust drives in 3 USB enclosures. Each USB drive is set as its own VG. USB is slow though, LVM to the rescue.

      I set the rest of the space on the 1st NVME and all the space on the 2nd NVME to work as a cache for each of the external enclosures.

      Now writes are NVME speeds and it will write back to the spinning rust at USB speed. Reads from the usb enclosures if cached are at NVME If it’s in the read cache I get is at NVME speeds, otherwise it reads off the drive. At this point my read cache since creation is 82% and continuing to climb. So less than 1/5th of the reads actually went over the USB. At the rate it’s climbing the current hit rate must be in the mid to high 90s.

      A pre-seed file is basically the answers to all the questions the installer would normally ask, like how to partition the drives, what mirror to use, software to install, settings to make, etc. default user accounts, etc. Now you can run that installer on a machine and walk away until it’s done.

      • @rjthyen@lemm.eeEnglish
        28 months ago

        I never thought such a thoughtful and detailed reply would leave me even more confused than I was to begin with. I guess I learned that possibility existed so TIL

        • @MrMonkey@lemm.eeEnglish
          38 months ago

          Hard drives are divided into partitions. Once they’re made they’re (mostly) static, it’s just a division, no other features.

          LVM (Linux Volume Manager) makes it’s own "partitions" with hookers and blackjack. Since it’s done in the OS and not on the drive it’s a LOT more flexible.

          It takes disk(s) and/or partitions and combines them into a volume group (VG) and then lets you create it’s own divisions, called [logical] volumes (LV), to split up the storage. Think of this as a “virtual hard drive” that has a TON of features.

          VGs can include multiple drives and are easy to grow or shrink, add, remove, or replace physical drives, cache another volume, encrypt, make snapshots and roll back (eg: snapshot before update, restore if update borks something). Just so much

          You can even set the RAID level for each volume! RAID controls how many copies are kept on different drives. RAID1 (or raid10) has 2 drives hold the data) for important things so even if one drive fails you still have a working copy.

          RAID0only stores it on one device. There’s RAID5 (3 copies) but it’s mostly obsolete at this point as the rebuild process is painfully slow and adds addition wear on the other drives.

          Let’s say you have 4x 4TB drives, for 16TB of raw space (raid0). Making it a raid1 would give you 8TB of space (since two copies are stored on different drives). But if you only need 1TB as a raid1 and the rest is raid0 you end up with 14TB of space left over! That’s a lot more than 8TB!

          There’s a brazillion different options and useful things it can do. Mostly I find it useful for working with raids on servers. But I’ve stated leaving a few hundred gigs on my laptop to create volumes as need, such as an encrypted volume that’s not unlocked on login to store passwords, keys, and porn tokens.

          • @rjthyen@lemm.eeEnglish
            18 months ago

            So it’s like if I had a bag of candy and my wife wants me to share I could create a 2nd copy that she doesn’t get to see. Share what she can see and keep the rest for myself?

  • @MrMonkey@lemm.eeEnglish
    18 months ago

    What, exactly, is the current LVM setup?

    does sda1p2_crypt need to be mounted and/or preserved at that point in the script?

    What is the full command being run that fails?

    The easiest answer might just be to remove it from the group and then add it back

    pvremove /dev/sda1p2_crypt

    your code

    vgextend crypt /dev/sda1p2_crypt

    • @spgfld_drOPEnglish
      18 months ago

      If you can write a script to successfully do this with cubic and preseed, you are welcome to claim the bounty!

      • @MrMonkey@lemm.eeEnglish
        28 months ago

        Is this an EFI or BIOS boot? You might need EFI.

         1 1 1 free            \
    $bios_boot{ }       \
    method{ biosgrub }  \
.                       \
256 40 256 fat32        \
    $primary{ }         \
    $lvmignore{ }       \
    method{ efi }       \
    format{ }           \

        Add something like that to the start of your expert script should set up a grub partition AND and efi partition.

    • @spgfld_drOPEnglish
      18 months ago

      Check the linked post for the full info and background about the issue including results of previous attempts at fixes