The idea is to have two harddrives in mirror mode with complete system encryption. For each harddrive we need a BIOS boot partition with grub core.img stuff in them. They have to be configured and installed (in grub) in such a way that each harddrive can boot from itself. I have decided to have the swap partitions not in any RAID configuration. Each harddrive will have a separated swap partition, each swap will be encrypted with a random key. The rest of the disk is the whole linux system (including /boot). This is going to be a RAID1 (copy) with a LVM on top (to allow future extension) and encryption on top.
In each harddrive do the following:
Now in the first harddrive do:
mdadm --create md0 --level=1 --raid-devices=2 -R /dev/sdf3 missing
md0 : active (auto-read-only) raid1 sdf3 ?????? blocks super 1.2 [2/1] [U_]
mdadm --readwrite /dev/md/md0 * Update /etc/mdadm/mdadm.conf
mdadm --examine --scan >> /etc/mdadm/mdadm.conf
pvcreate /dev/md/md0 vgcreate test /dev/md/md0 lvcreate -l 100%VG -n root test
modprobe sha512_generic modprobe aes_generic modprobe aes-x86_64 cryptsetup -y luksFormat /dev/test/root -c aes-xts-plain64 -s 512
cryptsetup luksOpen /dev/mapper/test-root test-root_crypt
In this moment the disk is ready for installing software on it. What I'm trying to do is to copy my old harddrive installation into this new system. I will probably copy this using rsync, but first I want to check if the ext4 filesystem can be seen by grub2. I plan to test this from the grub console on my currently running system.
blkid - lists uuids of block devices, could be useful for configuring grub. grub-mkdevicemap - could be necessary if you add more harddrives and want to install grub in the new harddrives.