Installing LMDE7 with full disk encryption using RAID (mdadm), LUKS, LVM2 and USB unlock on a computer with a UEFI bootloader

by Semyon A Mironov, 03.10.2025

Due to the release of the official distribution of LMDE 7 Gigi, the article is being updated...

This document describes the creation of the following scheme

Table of Contents

• Booting from a LIVE-iso
  • Select booting from a USB/CD image
• Preparing a LIVE system
  • Change the host name
  • Time setup in a LIVE system
• Preparing the disks
  • Creating partitions
  • Creating a mirror array with MDADM
  • Encryption with LUKS
  • Creating LVM
  • Creating a file systems
• Installing the LMDE operating system
  • Mounting ISO image
  • Mounting /target
  • Copying system files
  • Unmount ISO image
• Configuring the LMDE operating system
  • Entering the system
  • Configuring locale
  • Configuring time
  • Configuring keyboard
  • Editing the /etc/hostname file
  • Editing the /etc/hosts file
  • Editing the /etc/fstab file
  • Set the root user password
  • Creating a user
  • Configuring LUKS with password unlock
  • Configuring LUKS with USB unlock
  • Configuring MDADM
  • Generate an initramfs image
  • Update list of available packages
  • Configuring GRUB
  • Cloning of the EFI partition from SDA on SDB
  • Edit the EFI boot menu
  • Removing packages
  • Reboot the machine
• Booting LMDE 7 from USB key
• Booting LMDE 7 without USB key
• Show the user list
• Useful links

Booting from a LIVE-iso

Select booting from a USB/CD image

Select "Start LMDE 7 64-bit"

Press e to edit the commands before booting

Add the nomodeset parameter and press F10 to boot

The kernel’s command-line parameters

quiet and nomodeset

splash

LMDE 7 Desktop live

Preparing a LIVE system

Later in the guide, a software RAID array with LVM will be built, and in order to identify the host on which they were built in the future, you need to set the desired host name and current date to save them in metadata of the RAID array and LVM.

Change the host name

1. Open the terminal:

   

   

2. Switch to the root user:

   sudo -s

3. Save the new hostname in a variable:

   export HOST_NAME="ws.mgmsam.pro"

4. Change the host name:

   hostname "$HOST_NAME"

5. Check:

   hostname --fqdn

   

   to display the new fqdn (fully qualified domain name) in the terminal:

   1. Editing the PS1 variable:

      sed '/^[[:blank:]]*PS1=/ s%\\h%\\H%' -i /home/mint/.bashrc

   2. Switch to the root user again:

      exit
      sudo -s

   3. Include the new .bashrc:

      . /home/mint/.bashrc

   4. Resave the new hostname in a variable:

      export HOST_NAME="ws.mgmsam.pro"

   

Time setup in a LIVE system

dpkg-reconfigure tzdata

Preparing the disks

Creating partitions

List information about block devices

lsblk

Creating two partitions on SDA for EFI and mirror array

1. Save the disk names to variables:

   export SDA="/dev/sda"
   export SDB="/dev/sdb"

2. Run the fdisk program for the SDA disk:

   fdisk "$SDA"

3. Create partitions on the disk by following the following list of commands:

        m # print help
        p # print the partition table
        g # create a new empty GPT partition table
        n # add a new partition No.1
        1 # partition number
          # first sector (2048)
    +100M # last sector
        p # print the partition table
        n # add a new partition No.2
        2 # partition number
          # first sector (206848)
          # last sector
        p # print the partition table
        l # list known partition types
        q # quit from list known partition types
        t # change a partition type No.1
        1 # partition number
        1 # EFI System
        t # change a partition type No.2
        2 # partition number
       42 # Linux RAID
        p # print the partition table
        x # extra functionality (experts only)
        m # print help (for GPT)
        n # change partition name No.1
        1 # partition number
      EFI # new name No.1
        n # change partition name No.2
        2 # partition number
    RAID1 # new name No.2
        p # print the partition table
        r # return to main menu
        p # print the partition table
        w # write table to disk and exit

Creating two partitions on SDB for EFI and mirror array

cat << FDISK | fdisk "$SDB"
     g # create a new empty GPT partition table
     n # add a new partition No.1
     1

 +100M
     p # print the partition table
     n # add a new partition No.2
     2


     p # print the partition table
     t # change a partition type No.1
     1
     1
     t # change a partition type No.2
     2
    42
     p # print the partition table
     x # extra functionality (experts only)
     n # change partition name No.1
     1
   EFI
     n # change partition name No.2
     2
 RAID1
     p # print the partition table
     r # return to main menu
     p # print the partition table
     w # write table to disk and exit
FDISK

Comments are allowed only when calling commands

Spaces at the beginning and end of commands and values are ignored

Creating a mirror array with MDADM

MDADM - Multiple Disk and Device Management

Creating a mirror array

1. Save the name of the RAID array to a variable:

   export RAID_ARRAY="/dev/md0"

2. Creating a array:

   mdadm --verbose --create /dev/md0 --level 1 --raid-devices 2 "${SDA}2" "${SDB}2"

Checking the RAID array status

watch --interval=1 cat /proc/mdstat

Additional commands for MDADM

Show help

mdadm --help

Display details of an array

mdadm --verbose --detail --scan | grep '^ARRAY'

Save the array configuration

nano /etc/mdadm/mdadm.conf

Stop the array

mdadm --verbose --stop /dev/md0

Assemble a previously created array

mdadm --verbose --assemble --scan

Hotadd subsequent devices to the array

mdadm --verbose /dev/md0 --add /dev/sdc2

Subsequent devices are re-added

mdadm --verbose /dev/md0 --re-add /dev/sde2

Delete super-blocks on the disks from which the array is assembled

mdadm --verbose --zero-superblock /dev/sda2 /dev/sde2

Encryption with LUKS

LUKS - Linux Unified Key Setup

I need to encrypt the RAID (mdadm) array, but the installer has LVM-only file system encryption.

Encrypting

1. Save the LUKS device to a variable:

   # RAID_ARRAY="/dev/md0" - the device to be encrypted.
   export LUKS_DEVICE="${RAID_ARRAY:="/dev/md0"}"

2. Encrypting:

   cryptsetup --verbose luksFormat --pbkdf pbkdf2 "$LUKS_DEVICE"

Unlocking

1. Save the LUKS names to variables:

   # lvmlmde - is the default name when using the installer, you can specify something else.
   export LUKS_NAME="lvmlmde"

2. Unlocking:

   cryptsetup --verbose luksOpen "$LUKS_DEVICE" "$LUKS_NAME"

Additional commands for LUKS

Show help

cryptsetup --help

Close device (remove mapping)

cryptsetup close /dev/mapper/lvmlmde

Show device status

cryptsetup status /dev/mapper/lvmlmde

Dump LUKS partition information

cryptsetup luksDump /dev/md0

Add key to LUKS device

cryptsetup luksAddKey /dev/md0 [<new key file>]

Changes supplied key or key file of LUKS device

cryptsetup luksChangeKey /dev/md0 <key slot>

Removes supplied key or key file from LUKS device

cryptsetup luksRemoveKey /dev/md0 [<new key file>]

Wipes key with number <key slot> from LUKS device

cryptsetup luksKillSlot /dev/md0 <key slot>

Creating LVM

LVM - Logical volume manager

Initializing LVM

1. Save the device names to variables:

   export LVM_PHYSICAL_VOLUME="/dev/mapper/${LUKS_NAME:="lvmlmde"}"

2. Initialize physical volume:

   pvcreate --verbose "$LVM_PHYSICAL_VOLUME"

Display various attributes of physical volume(s)

pvdisplay

or display information about physical volumes

pvs

Creating a volume group

1. Save the volume group names to variables:

   # lvmlmde - is the default volume group name when using the installer, you can specify something else.
   export LVM_VOLUME_GROUP="lvmlmde"

2. Create a volume group:

   vgcreate --verbose "$LVM_VOLUME_GROUP" "$LVM_PHYSICAL_VOLUME"

Display volume group information

vgdisplay

or display information about volume groups

vgs

Creating the boot logical volume

lvcreate --verbose --size 1G -n boot "$LVM_VOLUME_GROUP"

Creating the root logical volume

lvcreate --verbose --size 50G -n root "$LVM_VOLUME_GROUP"

Creating the home logical volume

lvcreate --verbose --extents 100%FREE -n home "$LVM_VOLUME_GROUP"

Display information about a logical volume

lvdisplay

or display information about logical volumes

lvs

Additional commands for LVM

Deactivation/activation LVM

1. Deactivating Volume Groups:

   vgchange --verbose --activate n lvmlmde

2. Activating Volume Groups:

   vgchange --verbose --activate y lvmlmde

Rename LVM

1. Rename a logical volume:

   lvrename --verbose lvmlmde root linux

   or:

   lvrename --verbose /dev/lvmlmde/root linux

2. Rename a volume group:

   vgrename --verbose lvmlmde sys

Remove LVM

1. Remove logical volume(s):

   lvremove --verbose /dev/lvmlmde/boot
   lvremove --verbose /dev/lvmlmde/root
   lvremove --verbose /dev/lvmlmde/home

   or remove all logical volumes in the volume group:

   lvremove --verbose lvmlmde

2. Remove volume group(s):

   vgremove --verbose lvmlmde

3. Remove LVM label(s) from physical volume(s):

   pvremove --verbose /dev/mapper/lvmlmde

Creating a file systems

1. Format the EFI partition:

   mkfs.fat -v -F 32 -n EFI "${SDA}1"

   /dev/sdb1 - do not format

   

2. Format the boot partition:

   mkfs.ext2 -v -L boot "/dev/mapper/$LVM_VOLUME_GROUP-boot"

   

3. Format the root partition:

   mkfs.xfs -L root "/dev/mapper/$LVM_VOLUME_GROUP-root"

   

4. Format the home partition:

   mkfs.xfs -L home "/dev/mapper/$LVM_VOLUME_GROUP-home"

   

   Additional commands for mkfs

   Remove a file system

   dd if=/dev/zero of=/dev/sda1 bs=2048 count=1 conv=notrunc

Installing the LMDE operating system

Mounting ISO image

1. Create a directory for mounting ISO image:

   mkdir --verbose /source

2. Mount the ISO image:

   mount --verbose --options loop --types squashfs /run/live/medium/live/filesystem.squashfs /source

   

   

Mounting /target

1. Create a directory to mount the root partition of the future LMDE operating system:

   mkdir --verbose /target

2. Mount the root (/) partition:

   mount --verbose "/dev/mapper/$LVM_VOLUME_GROUP-root" /target

   

   

3. Create directories to mount the boot and home partitions:

   mkdir --verbose /target/{boot,home}

4. Mount the home partition:

   mount --verbose "/dev/mapper/$LVM_VOLUME_GROUP-home" /target/home

   

   

5. Mount the boot partition:

   mount --verbose "/dev/mapper/$LVM_VOLUME_GROUP-boot" /target/boot

6. Create a directory to mount the EFI partition:

   mkdir --verbose /target/boot/efi

7. Mount the EFI partition:

   mount --verbose "${SDA}1" /target/boot/efi

   

   

Copying system files

1. Copy the operating system files from the ISO image to the root partition:

   rsync --verbose --archive /source/ /target/

   

   

2. Copy the local domain name system configuration file:

   cp --verbose --force /etc/resolv.conf /target/etc/

   Check

   cat /target/etc/resolv.conf

   

Unmount ISO image

umount --verbose /source

Configuring the LMDE operating system

Entering the system

1. Mount the system directories of the LIVE system to the root partition of the future LMDE operating system:

   for FS in /dev /dev/shm /dev/pts /sys /proc /run /sys/firmware/efi/efivars
   do
       mount --verbose --bind "$FS" "/target$FS"
   done

   --bind - mount a subtree somewhere else

2. Make /target the root directory:

   chroot /target

   

   to display the new fqdn (fully qualified domain name) in the terminal:

   1. Editing the PS1 variable:

      sed '/[[:blank:]]*PS1=/ { s%\\h%\\u@\\H%; s%^\([[:blank:]]*\)#[#[:blank:]]*\([^[:blank:]#]\)%\1\2%; }' -i /root/.bashrc

   2. Exec to the chroot user again:

      exit
      chroot /target

   

Configuring locale

Subsequent actions in the terminal do what you would do in the installer:

dpkg-reconfigure locales

cat <<LOCALE > /etc/default/locale
#  File generated by update-locale
LC_CTYPE="en_US.UTF-8"
LC_ALL="en_US.UTF-8"
LANG="en_US.UTF-8"
LANGUAGE="en_US:en"
LOCALE

Check

cat /etc/default/locale

Configuring time

Subsequent actions in the terminal do what you would do in the installer:

dpkg-reconfigure tzdata

Configuring keyboard

Subsequent actions in the terminal do what you would do in the installer:

dpkg-reconfigure keyboard-configuration

Editing the /etc/hostname file

echo "$HOST_NAME" > /etc/hostname

Check

cat /etc/hostname

Editing the /etc/hosts file

Save a text file that contains a database of domain names and is used when translating them to network host addresses

cat <<HOSTS > /etc/hosts
127.0.0.1   localhost
127.0.1.1   $HOST_NAME
# The following lines are desirable for IPv6 capable hosts
::1     localhost ip6-localhost ip6-loopback
fe00::0 ip6-localnet
ff00::0 ip6-mcastprefix
ff02::1 ip6-allnodes
ff02::2 ip6-allrouters
ff02::3 ip6-allhosts
HOSTS

Check

cat /etc/hosts

Editing the /etc/fstab file

1. Get UUID of the system partitions:

    EFI_UUID="$(blkid --match-tag UUID --output value "${SDA}1")"
   BOOT_UUID="$(blkid --match-tag UUID --output value "/dev/mapper/$LVM_VOLUME_GROUP-boot")"
   ROOT_UUID="$(blkid --match-tag UUID --output value "/dev/mapper/$LVM_VOLUME_GROUP-root")"
   HOME_UUID="$(blkid --match-tag UUID --output value "/dev/mapper/$LVM_VOLUME_GROUP-home")"

   Check

   echo " EFI_UUID: $EFI_UUID"
   echo "BOOT_UUID: $BOOT_UUID"
   echo "ROOT_UUID: $ROOT_UUID"
   echo "HOME_UUID: $HOME_UUID"

   

2. Save the mounting points of the system partitions:

   cat <<FSTAB > /etc/fstab
   # /etc/fstab: static file system information.
   #
   # Use 'blkid' to print the universally unique identifier for a
   # device; this may be used with UUID= as a more robust way to name devices
   # that works even if disks are added and removed. See fstab(5).
   #
   # <file system>                           <mount point>  <type> <options> <dump> <pass>
   proc                                      /proc          proc   defaults  0      0
   UUID=$ROOT_UUID /              xfs    defaults  0      1
   UUID=$HOME_UUID /home          xfs    defaults  0      0
   UUID=$BOOT_UUID /boot          ext2   defaults  0      1
   UUID=$EFI_UUID                            /boot/efi      vfat   defaults  0      1
   FSTAB

   Check

   cat /etc/fstab

   

Set the root user password

It is not necessary to set a password for the root user, but then be sure to create a user in the next step.

passwd root

Creating a user

Subsequent actions in the terminal do what you would do in the installer:

1. Set variables for use in subsequent commands:

   USER_NAME="sam"                # name of the user to be created
   REAL_NAME="Semyon A Mironov"   # full name of the user to be created

2. Create a user:

   useradd --create-home ${REAL_NAME:+--comment "$REAL_NAME"} --shell /bin/bash -G adm,audio,bluetooth,cdrom,dialout,dip,fax,floppy,lpadmin,netdev,plugdev,scanner,sudo,tape,users,video "$USER_NAME"

   

   The group names for the useradd command are taken from the system installed by the installer:

   

   Delete a user

   deluser --remove-home "$USER_NAME"

3. Set user passwords:

   passwd "$USER_NAME"

Configuring LUKS with password unlock

Editing the /etc/crypttab file

1. Get UUID of LUKS device:

   LUKS_UUID="$(cryptsetup luksUUID "$LUKS_DEVICE")"

   Check

   echo "LUKS_UUID: $LUKS_UUID"

2. Save configuration for encrypted block devices:

   cat <<CRYPTTAB > /etc/crypttab
   # <target name> <source device>                           <key file> <options>
   $LUKS_NAME          UUID=$LUKS_UUID none       luks,discard
   CRYPTTAB

   Check

   cat /etc/crypttab

Configuring LUKS with USB unlock

Creating three partitions on a USB drive for EFI, boot and user data

1. Insert the USB drive into the host and define it in the lsblk output:

   

2. Set variables for use in subsequent commands:

   USB_DRIVE="/dev/sdc"             # USB drive from the `lsblk` output
   USB_DRIVE_MOUNT_POINT="/media"   # Specify an existing empty directory for connecting the USB drive
   CRYPTTAB_KEY="my_key.lek"        # Name of the key file to create on the USB drive
   LUKS_SCRIPT="/bin/luksunlockusb" # Name and path to the script to unlock using CRYPTTAB_KEY

   Check

   echo "            USB_DRIVE: $USB_DRIVE"
   echo "USB_DRIVE_MOUNT_POINT: $USB_DRIVE_MOUNT_POINT"
   echo "         CRYPTTAB_KEY: $CRYPTTAB_KEY"
   echo "          LUKS_SCRIPT: $LUKS_SCRIPT"

   

3. Creat partitions on USB drive:

   cat << FDISK | fdisk "$USB_DRIVE"
        g # create a new empty GPT partition table
        n # add a new partition No.1
        1
   
    +100M
        p # print the partition table
        n # add a new partition No.2
        2
   
      +1G
        p # print the partition table
        n # add a new partition No.3
        3
   
   
        p # print the partition table
        t # change a partition type No.1
        1
        1
        p # print the partition table
        x # extra functionality (experts only)
        n # change partition name No.1
        1
   EFIUSB
        p # print the partition table
        n # change partition name No.2
        2
   BOOTUSB
        p # print the partition table
        n # change partition name No.3
        3
      USB
        p # print the partition table
        r # return to main menu
        p # print the partition table
        w # write table to disk and exit
   FDISK

   

Creating a file systems on USB drive

1. Format the EFIUSB partition:

   mkfs.fat -F 32 -v -n EFIUSB "${USB_DRIVE}1"

   

2. Format the BOOTUSB partition:

   mkfs.ext2 -v -L BOOTUSB "${USB_DRIVE}2"

   

3. Format the USB partition:

   mkfs.exfat --volume-label USB "${USB_DRIVE}3"

   

Mounting USB drive

1. Mount the BOOTUSB partition:

   mount --verbose "${USB_DRIVE}2" "$USB_DRIVE_MOUNT_POINT"

2. Create a directory to mount the EFIUSB partition:

   mkdir --verbose "$USB_DRIVE_MOUNT_POINT/efi"

3. Mount the EFIUSB partition:

   mount --verbose "${USB_DRIVE}1" "$USB_DRIVE_MOUNT_POINT/efi"

Creating LUKS encryption key

1. Change the shell working directory:

   cd "$USB_DRIVE_MOUNT_POINT/efi"
   pwd

2. Create a 256 byte key file with random data (.lek = LUKS Encryption Key):

   dd if=/dev/urandom bs=1 count=256 > "$CRYPTTAB_KEY"

   The contents of the key file can be anything, for example, a photo

3. Add key to LUKS device:

   cryptsetup --verbose luksAddKey "$LUKS_DEVICE" "$CRYPTTAB_KEY"

4. Go back to the previous directory:

   cd -
   pwd

Creating a script to search for the LUKS encryption key

1. Get UUID of LUKS device:

   LUKS_UUID="$(cryptsetup luksUUID "$LUKS_DEVICE")"

   Check

   echo "LUKS_UUID: $LUKS_UUID"

   

2. Create a script that will search for the key on USB drive during boot:

   Script for any USB drive

   cat <<SCRIPT > "$LUKS_SCRIPT"
   #!/bin/sh
   sleep 3
   test -d /mnt || {
       test ! -e /mnt && mkdir /mnt 2>/dev/null
   } &&
   for USB_UUID in /dev/disk/by-uuid/*
   do
       if mount "\$USB_UUID" /mnt
       then
           for CRYPTTAB_KEY_FILE in "\$CRYPTTAB_KEY" "\$CRYPTTAB_KEY.lek"
           do
               test -f "/mnt/\$CRYPTTAB_KEY_FILE" || continue
               cat     "/mnt/\$CRYPTTAB_KEY_FILE" || break
               umount /mnt || :
               exit
           done
           umount /mnt || :
       fi
   done 2>/dev/null || :
   
   # Please comment out this line if you don't want to ask for a password
   /lib/cryptsetup/askpass "Please unlock disk (\$CRYPTTAB_NAME): "
   SCRIPT

   Check

   cat "$LUKS_SCRIPT"

   

   Script for one specific USB drive

   1. Get UUID of USB device:

      USB_UUID="$(blkid --match-tag UUID --output value "${USB_DRIVE}1")"

      Check

      echo "USB_UUID: $USB_UUID"

      

   2. Save script:

      cat <<SCRIPT > "$LUKS_SCRIPT"
      #!/bin/sh
      sleep 3
      test -e "/dev/disk/by-uuid/$USB_UUID" && {
          test -d /mnt || {
              test ! -e /mnt && mkdir /mnt
          } &&
          mount "/dev/disk/by-uuid/$USB_UUID" /mnt && {
              for CRYPTTAB_KEY_FILE in "\$CRYPTTAB_KEY" "\$CRYPTTAB_KEY.lek"
              do
                  test -f "/mnt/\$CRYPTTAB_KEY_FILE" || continue
                  cat     "/mnt/\$CRYPTTAB_KEY_FILE" || break
                  umount /mnt || :
                  exit
              done
              umount /mnt || :
          }
      } 2>/dev/null || :
      
      # Please comment out this line if you don't want to ask for a password
      /lib/cryptsetup/askpass "Please unlock disk (\$CRYPTTAB_NAME): "
      SCRIPT

      Check

      cat "$LUKS_SCRIPT"

      

   WARNING: If you decide to comment out the password request string in the script, then make sure to perform a pre-test using a key from a USB storage device. Otherwise, you will lose access to the encrypted data.

3. Make the script executable:

   chmod --verbose u+rwx,go+rx "$LUKS_SCRIPT"

   

Editing the /etc/crypttab file to use a script

cat <<CRYPTTAB > /etc/crypttab
# <target name> <source device>                           <key file> <options>
$LUKS_NAME          UUID=$LUKS_UUID $CRYPTTAB_KEY luks,discard,keyscript=$LUKS_SCRIPT
CRYPTTAB

Check

cat /etc/crypttab

Configuring MDADM

Saving the array configuration

1. Display details of an array:

   ARRAY="$(mdadm --verbose --detail --scan | grep '^ARRAY')"

   Check

   echo "$ARRAY"

   

2. Save the array configuration:

   cat <<MDADM > /etc/mdadm/mdadm.conf
   # mdadm.conf
   #
   # !NB! Run update-initramfs -u after updating this file.
   # !NB! This will ensure that initramfs has an uptodate copy.
   #
   # Please refer to mdadm.conf(5) for information about this file.
   #
   
   # by default (built-in), scan all partitions (/proc/partitions) and all
   # containers for MD superblocks. alternatively, specify devices to scan, using
   # wildcards if desired.
   #DEVICE partitions containers
   
   # automatically tag new arrays as belonging to the local system
   HOMEHOST <system>
   
   # instruct the monitoring daemon where to send mail alerts
   MAILADDR root
   
   # definitions of existing MD arrays
   $ARRAY
   
   # This configuration was auto-generated on $(date '+%a, %d %b %Y %T %z') by mkconf
   MDADM

   Check

   cat /etc/mdadm/mdadm.conf

   

Generate an initramfs image

• If you follow the steps in Configuring LUKS with USB unlock, add some initramfs modules:

  cat << MODULES >> /etc/initramfs-tools/modules
  vfat
  nls_cp437
  nls_ascii
  usb_storage
  libblkid
  MODULES

  Check

  cat /etc/initramfs-tools/modules

  

• Creating /boot/initrd.img-*:

  /usr/sbin/update-initramfs.orig.initramfs-tools -t -c -k all

  

Update list of available packages

apt update

Configuring GRUB

Installing the grub package

apt install grub-efi

Configure grub to use a encrypted disk

echo 'GRUB_ENABLE_CRYPTODISK=y' >> /etc/default/grub

Installing grup on SDA

Subsequent actions in the terminal do what you would do in the installer:

grub-install --verbose --locales=en@quot "$SDA"

Update grub

Re create a grub config file based on your disk partitioning schema

update-grub

Installing grup on USB drive

Follow this step if you have completed the steps described in step Configuring LUKS with USB unlock

1. Copying the /boot/* to USB drive:

   cp --verbose --recursive /boot/* "$USB_DRIVE_MOUNT_POINT/"

   

2. Umount the EFI partition:

   umount --verbose "${SDA}1"

3. Umount the boot partition:

   umount --verbose "/dev/mapper/$LVM_VOLUME_GROUP-boot"

4. Umount the EFIUSB partition:

   umount --verbose "${USB_DRIVE}1"

5. Umount the BOOTUSB partition:

   umount --verbose "${USB_DRIVE}2"

6. Mount the BOOTUSB partition:

   mount --verbose "${USB_DRIVE}2" /boot

7. Mount the EFIUSB partition:

   mount --verbose "${USB_DRIVE}1" "/boot/efi"

   

   

8. Installing grup on USB drive:

   grub-install --verbose --locales=en@quot "$USB_DRIVE"

9. Update grub on USB drive:

   update-grub

   

Cloning of the EFI partition from SDA on SDB

dd if="${SDA}1" of="${SDB}1" bs=64K status=progress

Edit the EFI boot menu

1. Print additional information:

   efibootmgr --verbose

   

2. Delete bootnum:

   efibootmgr --delete-bootnum --bootnum 0000

   0000 - bootloader number

   Remove all unnecessary bootloaders

   

3. Add bootorder from a USB drive:

   Follow this step if you have completed the steps described in step Configuring LUKS with USB unlock

   efibootmgr --create --disk "$USB_DRIVE" --part 1 --label "usbkey" --loader /EFI/debian/shimx64.efi

   Note: option --label "usbkey", where "usbkey" is an arbitrary bootloader name

   

4. Add bootorder from a SDA and SDB drives:

   efibootmgr --create --disk "$SDA" --part 1 --label "Disk1" --loader /EFI/debian/shimx64.efi
   efibootmgr --create --disk "$SDB" --part 1 --label "Disk2" --loader /EFI/debian/shimx64.efi

   Note: option --label "Disk1", where "Disk1" is an arbitrary bootloader name

   

   

Removing packages

Remove packages and their system-wide configuration files

apt purge live-config* live-installer* live-boot* live-tools*

Reboot the machine

1. Exit the chroot environment:

   exit

2. Reboot the machine:

   shutdown --reboot now

   

Booting LMDE 7 from USB key

Booting LMDE 7 without USB key

Show the user list

Useful links

Installing LMDE to nvme mdadm raid

update-initramfs is disabled (live system is running without media mounted on /run/live/medium)

Using A Live CD/USB To Fix Your Current System

Best order of raid lvm and luks

Encrypted Storage with LUKS, RAID and LVM2

LVM-HOWTO

© 2025 mgmsam.pro. Все права защищены.