Announcement

Collapse
No announcement yet.

New Thinkpad with Full Disk Encryption LVM [mostly solved]

Collapse
This topic is closed.
X
X
 
  • Filter
  • Time
  • Show
Clear All
new posts

    [ENCRYPTION] New Thinkpad with Full Disk Encryption LVM [mostly solved]

    Hi All,
    So, I just got a new Thinkpad T540p and installed kubuntu 14.04 on it. Now almost everything is working; primarily I just want to report on my experience, so that others may have an easier time. I'll keep a tally of problems and solutions below.

    The main problem during the installation was this:
    There appears to be a bug in the kubuntu (and ubuntu) installer so that it can't partition the hard disk correctly for an encrypted LVM on a UEFI system with UEFI (the installer worked perfectly fine for the same setup on my old laptop and my workstation which stil lhave BIOS). The result is that the installation process proceeds normally but when you want to restart the computer, it just doesn't boot (because the EFI System Partition and the boot partition are not set up correctly).
    There are two possible workarounds, both of which involve manually installing the kubuntu desktop.
    1) Start up using the normal ubuntu installer and start a (Unity) session from the USB key (or optical disk), start up gparted and configure your partitions manually. First you need to create a new partition table in GPT format. Then you need one EFI System Partition (ESP), which has to be FAT32, should be the first partition, and should have the boot flag set; mine is 512MB, but I am not sure if that is necessary. Then you need a boot partition (mount at /boot), which will be unencrypted (usually ext2, I think); mine is 244MB. Finallz you need the LVM/crypt-luks partition (the rest of your hard driver, I'd suggest... mount at /). After the partitions are set up, go into the ubuntu installer and choose to set up your partitions manually; there you can assign these partitions to their supposed functions and set up the encrypted file system for the LVM (I'm not sure if you can already do that in gparted). Then proceed with the installation, reboot, and install kubuntu-desktop using apt-get or your favourite package manager (Synaptic is pretty good).
    Unfortunately the procedure with the manual partition setup does not work with the kubuntu installer, because the latter crashes at the point where you have to set up the encrypted LVM. (I've also had problems with the kubuntu installer when multiple hard disks where connected during the installation.)
    2) Get the server edition of the installer and follw the instructions on the screen (you will only get a primitive text interface, not a nice GUI). The server edition does not come with a desktop environment. This installer can set up partitions correctly, so you can just choose the automatic setup (use entire disk with encrypted LVM). Reboot, install kubuntu-desktop manually, reboot again, log in to KDE.
    Interestingly, in my case the server installer did not detect the LAN at first and I had to manually load the network adapter the first time; but after rebooting it stopped working again and I removed the manual configration and then it worked fine... not sure why.
    During the entire process the firmware of the laptop was set to UEFI mode, secure boot was/is enabled, and legacy mode was disabled.

    After the kubuntu desktop is installed, everything is basically normal.
    And I am happy to report that most things work on my Thinkpad (note, however, that I didn't get the discrete NVidia video card, so I don't know if there are driver issues).

    I should also mention that I ordered the Thinkpad with a regular HDD but swapped it with a SSD (Samsung 840 Evo 250GB); that worked without problems and TRIM is automatically enabled, even on the LVM.
    I also got a HDD/SSD caddy for the optical bay and removed the optical drive. I can also recommend to put your old HDD into the caddy during the migration period and mount it on your new system, so you can transfer your data easily; I copied my .kde folder and all my document/media/data folders separately, in order to clean up a bit, but you could also just copy your entire $HOME.

    Remaining problems are:

    * Upon first login in KDE, the sound was muted; if that happens, open the KMix applet and check all the playback devices - at first glance I didn't see it. Annoying, but easily fixed.

    * I can't get the wireless to work to connect to my department network. I am not sure if this is a driver issue or a configuration issue that is specific to this network... I will look into this.
    [Edit: works now - see post below for fix]

    * The buttons controlling the display brightness do work, but the increment is only 1%, which makes changing the brightness very slow; furthermore the brightness indicator does not appear when the buttons are pressed (it appears when the brightness is adjusted in power management, though). But the brightness can be adjusted with a slider using the mouse in power management, so this is not a big deal.

    * The touchpad is not very responsive, inaccurate, and often activates by accident. There is an option to disable it while typing, but that is not enough, it seems. I may have to disable it altogether, while a mouse is connected. But from what I gather from main-/lame-stream reviews of this laptop (testing with Windows 7/8), the touchpad is just not very good, and this is not a driver issue.

    So far my experience installing kubuntu with full disk encryption on a new Thinkpad...
    If you have question (or solutions to the remaining problems) please post!

    Chopstick

    P/S I posted this in the UEFI forum, because the main utility of this post is probably to help people looking to set up kubuntu with full dsk encryption on an UEFI system, but, admins, feel free to move it.
    Last edited by Chopstick; Sep 17, 2014, 08:27 PM.

    #2
    An update regarding the wireless card: it appears the current firmware that Intel provides is buggy.
    The wireless card in my laptop is an Intel 7260 (the dual channel option).
    With version 22.24.8.0 (the latest driver for kernel version 3.13) I was not able to connect to any network; downgrading to version 22.1.7.0, which was already present on my system, solved the problem. Basically I just removed the later driver file from /lib/firmware/.
    The driver file you need is iwlwifi-7260-7.ucode, the one you don't want is iwlwifi-7260-8.ucode (if you have a 3.13.* kernel version; there is a newer driver for 3.14.* kernels).

    Update: I can only connect to a home wifi, not to the wifi network at my department. I'm not sure if this is still related to the firmware or a configuration issue...
    Last edited by Chopstick; Sep 18, 2014, 01:40 PM.

    Comment

    Working...
    X