Creating a Boot Partition on the AWS Root Volume

If a Linux VM is running in Amazon Web Services (AWS), we recommend that you create a boot partition on the existing AWS root volume and then boot from the root volume. Because the root volume will be larger than a new volume created exclusively as a boot volume, AWS will assign more IOPS (Input/Output Operations per Second) to the root volume than to a new volume. This usually results in faster encryption speeds due to the higher number of IOPS available.

Alternatively, if you do not want to create a boot partition on your existing root volume, you can create a new volume that will become the boot partition. For details, see Creating a Boot Partition on a New AWS Volume.

Important: The following method cannot be used for VMs running CentOS 6.x, RHEL 6.x, or Amazon Linux. For these VMs you must create a boot partition on a new AWS volume.

Before You Begin 

Make sure the VM is powered on and is accessible. You cannot perform this procedure if the VM is powered off.

Procedure 

1. Log into the EC2 console, make sure the VM is powered on, then increase the size of the root volume by 1 GB.

   Important: Do not reboot the VM at this point. If you do, RedHat will auto-extend the root file system to fill the new disk space. You must create the boot partition before you reboot the VM.

2. If you do not know whether the VM uses MBR or GPT partitions, log into the VM as root and enter one of the following commands.

   • fdisk -l /dev/xvda. For MBR partitions, the operating system will be shown in the Disklabel type field.

     # fdisk -l /dev/xvda
     
     Welcome to fdisk (util-linux 2.27.1).
     Changes will remain in memory only, until you decide to write them.
     Be careful before using the write command.
     
     Command (m for help): p
     Disk /dev/xvda: 9 GiB, 9663676416 bytes, 18874368 sectors
     Units: sectors of 1 * 512 = 512 bytes
     Sector size (logical/physical): 512 bytes / 512 bytes
     I/O size (minimum/optimal): 512 bytes / 512 bytes
     Disklabel type: dos
     Disk identifier: 0xe5c7298c
     

   • gdisk -l /dev/xvda. For GPT partitions, the GPT field in the Partition Label Scan section will display "present".

     # gdisk -l /dev/xvda
     
     GPT fdisk (gdisk) version 0.8.6
     Partition table scan:
       MBR: protective
       BSD: not present
       APM: not present
       GPT: present
     
     Found valid GPT with protective MBR; using GPT.
     

3. If the disk contains MBR partitions, use fdisk to create the boot partition and reboot the VM.

   Example:

   # fdisk /dev/xvda
   
   Welcome to fdisk (util-linux 2.27.1).
   Changes will remain in memory only, until you decide to write them.
   Be careful before using the write command.
   
   Command (m for help): p
   Disk /dev/xvda: 9 GiB, 9663676416 bytes, 18874368 sectors
   Units: sectors of 1 * 512 = 512 bytes
   Sector size (logical/physical): 512 bytes / 512 bytes
   I/O size (minimum/optimal): 512 bytes / 512 bytes
   Disklabel type: dos
   Disk identifier: 0xe5c7298c
   
   Device     Boot Start      End  Sectors Size Id Type
   /dev/xvda1 *     2048 16777182 16775135   8G 83 Linux
   
   Command (m for help): n
   Partition type
      p   primary (1 primary, 0 extended, 3 free)
      e   extended (container for logical partitions)
   Select (default p): p
   Partition number (2-4, default 2):
   First sector (16777183-18874367, default 16777216):
   Last sector, +sectors or +size{K,M,G,T,P} (16777216-18874367, default 18874367):
   
   Created a new partition 2 of type 'Linux' and of size 1 GiB.
   
   Command (m for help): w
   The partition table has been altered.
   Calling ioctl() to re-read partition table.
   Re-reading the partition table failed.: Device or resource busy
   
   The kernel still uses the old table. The new table will be used at the next reboot or after you run partprobe(8) or kpartx(8).
   
   # reboot

   When the VM has finished rebooting, proceed to Step 5.

4. If the disk contains GPT partitions, use gdisk to create the boot partition and reboot the VM. During this process you must relocate the backup data structures to the end of the disk in order to create the required free space, as highlighted in the following example.

   Important: If the disk contains MBR partitions, you must use fdisk to create the boot partition. If you use gdisk, the VM will become unusable and all data will be lost. If you have MBR partitions, return to Step 3.

   Example

   # gdisk /dev/xvda
   
   GPT fdisk (gdisk) version 0.8.6
   Partition table scan:
     MBR: protective
     BSD: not present
     APM: not present
     GPT: present
   
   Found valid GPT with protective MBR; using GPT.
   
   Command (? for help): x
   
   Expert command (? for help): e
   Relocating backup data structures to the end of the disk
   
   Expert command (? for help): m
   
   Command (? for help): p
   Disk /dev/xvda: 211812352 sectors, 101.0 GiB
   Logical sector size: 512 bytes
   Disk identifier (GUID): F27664E9-0E9F-434A-9AB6-62C730E0F0DF
   Partition table holds up to 128 entries
   First usable sector is 34, last usable sector is 211812318
   Partitions will be aligned on 2048-sector boundaries
   Total free space is 2099166 sectors (1.0 GiB)
   
   Number  Start (sector)    End (sector)  Size       Code  Name
      1            2048            4095   1024.0 KiB  EF02
      2            4096       209715166   100.0 GiB   0700
   
   Command (? for help): n
   Partition number (3-128, default 3):
   First sector (34-211812318, default = 209715200) or {+-}size{KMGTP}:
   Last sector (209715200-211812318, default = 211812318) or {+-}size{KMGTP}: +800M
   Current type is 'Linux filesystem'
   Hex code or GUID (L to show codes, Enter = 8300): 0700
   Changed type of partition to 'Microsoft basic data'
   
   Command (? for help): c
   Partition number (1-3): 3
   Enter name:
   
   Command (? for help): p
   Disk /dev/xvda: 211812352 sectors, 101.0 GiB
   Logical sector size: 512 bytes
   Disk identifier (GUID): F27664E9-0E9F-434A-9AB6-62C730E0F0DF
   Partition table holds up to 128 entries
   First usable sector is 34, last usable sector is 211812318
   Partitions will be aligned on 2048-sector boundaries
   Total free space is 460765 sectors (225.0 MiB)
   
   Number  Start (sector)    End (sector)  Size       Code  Name
      1            2048            4095   1024.0 KiB  EF02
      2            4096       209715167   100.0 GiB   0700
      3       209715200       211353599   800.0 MiB   0700
   
   Command (? for help): w
   
   Final checks complete. About to write GPT data. THIS WILL OVERWRITE EXISTING
   PARTITIONS!!
   
   Do you want to proceed? (Y/N): Y
   OK; writing new GUID partition table (GPT) to /dev/xvda.
   Warning: The kernel is still using the old partition table.
   The new table will be used at the next reboot.
   The operation has completed successfully.
   
   # reboot
   

5. Log back into the VM as root and run the script aws-prepare-boot.sh that is installed as part of the HyTrust DataControl Policy Agent package. For example, if you add a new device named /dev/xvda3, you would enter:

   # /opt/hcs/bin/aws-prepare-boot.sh /dev/xvda3

6. Reboot the VM.

What to Do Next 

Verify the configuration as described in Verifying the Current VM Configuration and then encrypt the boot device as described in Encrypting Linux System Devices.