How to copy an encrypted Linux/Ubuntu/Debian to another hard drive
Hello,
I store my computer data in 3 partitions:
- One not encrypted in EXT4 for system (programs, etc) mounted in /
- One encrypted with cryptsetup (LUKS) and LVM for user files in EXT4 mounted in /home
- One encrypted with cryptsetup (LUKS) and LVM for logs in EXT4 mounted in /var
I will show you how I copy them to another hard drive.
For system partition, copy everything except /snap, /dev, /proc, /sys, /tmp, /run, /mnt, /media, /cdrom, /lost+found; and also /home and /var (12 folders):
sudo mount /dev/sdxy /mnt # system partition
cd /
sudo cp -a bin/ dmraid-map initrd.img@ lib32/ opt/ root/ boot/ etc/ initrd.img.old@ lib64/ srv/ vmlinuz@ lib/ mounted-map raided-map sbin/ swaps-map usr/ vmlinuz.old@ /mnt/Note: check that if there are other files to copy from / (copy the list of files from ls / command to an editor and remove the mentioned ones above)
Note: If you get an error like “cp: cannot stat ‘initrd.img@’: No such file or directory”, you can ignore it.
For /home and /var:
sudo mkdir /mnt/home
sudo mount /dev/mapper/<VG name>-homeLV /mnt/home
sudo mkdir /mnt/var
sudo mount /dev/mapper/<VG name>-varLV /mnt/var
cd /
sudo cp -a home/. /mnt/home/ # don't forget the dot!
sudo cp -a var/. /mnt/var/ # don't forget the dot!Note: it’s a good practice to put a trailing slash for destination folders
Fstab
Replace the previous UUID in /mnt/etc/fstab … Plus potentially replace the /dev/mapper device names if the partitions are made with LVM.
Important: put the UUID of the / partition!
To get the UUID, I use blkid command:
sudo blkidNote: it is necessary to run blkid with sudo to show all the UUIDs.
Warning: GParted may be confusing when showing UUIDs. Blkid is much more clear.
Crypttab
Replace the previous UUID in /mnt/etc/crypttab …
Important: Put the UUID of the LUKS encrpyted partition!
Grub (method #1)
Important: ensure /var partition is mounted! Otherwise, you may get a “mkdir: cannot create directory ‘/var/lib/os-prober/mount” error.
Make sure there is a tmp folder:
sudo mkdir /mnt/tmp
sudo chmod 777 /mnt/tmpThen:
cd /mnt
mkdir dev sys proc
sudo mount --bind /dev dev
sudo mount --bind /dev/pts dev/pts
sudo mount --bind /proc proc
sudo mount --bind /sys syssudo chroot . /bin/bash
Then you can either:
update-grubIf an error like “rmdir: failed to remove ‘/var/lib/os-prober/mount’: Device or resource busy” or “device-mapper: reload ioctl on osprober-linux-sdb3 failed: Device or resource busy” happens, run this instead:
GRUB_DISABLE_OS_PROBER=true update-grubor:
rub-mkconfig -o /boot/grub/grub.cfgEventually, do:
grub-install /dev/sdX # Do not specify a partition number !
grub-install --recheck /dev/sdXor:
exit
sudo grub-install --boot-directory=/mnt/boot /dev/sdX # Do not specify a partition number !
sudo grub-install --boot-directory=/mnt/boot --recheck /dev/sdXWhen you use grub-install without chroot, make sure to have:
sudo apt install grub2 grub-pc-binAfter successful booting, update the GRUB again:
update-grubGrub (method #2)
Important: Use this method only if the above don’t work.
Make sure the /boot folder hasn’t been altered by trying the method #1. Otherwise copy the folder again:
sudo trash /mnt/boot
sudo cp -a /boot /mnt/Then search and replace the old UUID by the / partition one everywhere in /mnt/boot/grub/grub.cfg. I recommend using a GUI editor for that to avoid errors.
After successful booting, update the GRUB just in case:
update-grubGrub (method #3)
Use Boot-repair with the advanced settings.
You need to use a live-USB in order to use the advanced settings of Boot-repair.
Mount the partitions:
sudo cryptsetup open /dev/sdxy <part. name> # encrypted partition
sudo vgchange -ay <VG name>
sudo mount /dev/sdxy /mnt # / partition
sudo mount /dev/mapper/<VG name>-varLV /mnt/var
sudo mount /dev/mapper/<VG name>-homeLV /mnt/homeInstall that in the live-USB:
sudo add-apt-repository ppa:yannubuntu/boot-repair
sudo apt-get update
sudo apt-get install -y boot-repair && boot-repairNote: On Linux Mint iso, Boot-repair is already installed.
Run it and follow the instructions.
Unmount
sudo umount /mnt/dev/pts
sudo umount /mnt/dev
sudo umount /mnt/proc
sudo umount /mnt/syssudo umount /mnt/home
sudo umount /mnt/varsudo umount /mntsudo vgchange -an <VG name>
sudo cryptsetup close <cryptsetup partition name>
Boot Flag
Ensure that you put boot flag to your /dev/sdX .
That’s all!
