What is the proper way to install Ubuntu 15.04 with LVM, LUKS, and manual partitioning?

I am trying to install Xubuntu 15.04 with LVM and LUKS, manually partitioning in order to have a separate /home partition.

So far I have booted the Xubuntu live CD and went through these steps:

1. Used gparted to create three partitions:
   • 200 MB fat32 with boot flag as /dev/sda1 - EFI System Partition.
   • 300 MB ext2 as /dev/sda2 - Will be used for /boot.
   • 400 GB unformatted as /dev/sda3 - Will be the encrypted volume.
2. Created and opened the encrypted volume:
   • cryptsetup luksFormat --cipher aes-xts-plain64 --key-size 512 --hash sha512 /dev/sda3
   • cryptsetup luksOpen /dev/sda3 crypt
3. Set up the logical volumes on the encrypted volume:
   • pvcreate /dev/mapper/crypt
   • vgcreate vgcrypt /dev/mapper/crypt
   • lvcreate -n lvcryptroot -L 30G vgcrypt
   • lvcreate -n lvcryptswap -L 10G vgcrypt
   • lvcreate -n lvcrypthome -l 100%FREE vgcrypt
4. Set up the filesystem on the logical volumes:
   • mkfs.ext4 /dev/vgcrypt/lvcryptroot
   • mkfs.ext4 /dev/vgcrypt/lvcrypthome
   • mkswap /dev/vgcrypt/lvcryptswap
5. Ran the installer, selected the appropriate options and started the installation.
   • Set /dev/mapper/vgcrypt-lvcryptroot to mount point /.
   • Set /dev/mapper/vgcrypt-lvcrypthome to mount point /home.
   • Set /dev/sda2 to mount point /boot.
   • Set /dev/sda as the device for boot loader installation.
6. When the installer finished, I chroot-ed into the new system:
   • cd /mnt
   • mkdir root
   • mount /dev/mapper/vgcrypt-lvcryptroot root
   • mount /dev/sda2 root/boot
   • chroot root
   • mount -t proc proc /proc
   • mount -t sysfs sys /sys
7. I created /etc/crypttab and added an entry for /dev/sda3 to it:
   • vi /etc/crypttab
   • Inserted the line: crypt UUID=<uuid_here> none luks
   • update-initramfs -u
   • exit
   • reboot

Upon attempting to boot into the newly installed system, I am not asked for a password to decrypt the encrypted volume. I am thrown into the initramfs prompt without any errors. What did I miss?

Solution 1:

I went through almost same steps, just to change to size of the default /boot partition. I gave up and modified the parameters of the default installer. If you are also only trying to have a separate /home partition, take a look at this: https://askubuntu.com/a/678074/313386.

You can change the default recipe to include a /home partition. Boot into the live CD and take a look at /lib/partman/recipes-amd64-efi/50home. After saving your changes, you can tick LVM and encryption options and select "Use the entire disk".

Solution 2:

Initramfs does not automatically contains everything neccesary to boot from encrypted volume (modules, scripts, etc...). I uncompressed initramfs on both machines (with encryption and without) and they were very different.

By changing crypttab and updating initramfs you are only inserting options to initramfs not everything else. You have to figure out how to insert all neccesary things to initramfs.

I will not provide you complete tutorial, but learn how to decompress initramfs and compare it with installed encrypted machine (you can do this in VirtualBox) and your machine and you will see the difference. Most probably this is your issue.

Solution 3:

After editing /etc/crypttab, run sudo dpkg-reconfigure lvm2 in a terminal.