Setting up RAID on encrypted (LUKS) LVM and decrypting at boot
I have used RAID using LVM as well as LVM-on-LUKS for years, and now I wanted to combine the two: set up two encrypted containers in a simple raid1 array. However, there were some unexpected niggles along the way. Here I document how I set up the system on Debian. My starting point was a system whose root filesystem was alreadt logical volume (LV) on top of an encrypted block device (PV), but you can use the steps here to set things up from scratch. Assume that the volume group (VG) is called Main , the LV is named root , and there's an extra block device, /dev/sdb2 that we want to use as an encrypted mirror of root. First set up an encrypted block device on top of sdb2: cryptsetup --verbose --verify-passphrase luksFormat /dev/sdb1 Then add a new entry to /etc/crypttab so this volume would be decrypted at boot, for example: sdb2_crypt UUID=... none luks,discard,initramfs You can get the UUID from e.g. ls -l /dev/disk/by-uuid . Using an UUID should protect against hardware or boo