1 |
Okay, I have setup so far this: |
2 |
|
3 |
/dev/sda1 - /boot (unencrypted) |
4 |
/dev/sda2 - swap (not yet setup, will be encrypted) |
5 |
/dev/sda3 - / (encrypted) |
6 |
|
7 |
/dev/sda3 is the underlaying drive, where I used gpg: |
8 |
|
9 |
# gpg --decrypt key.gpg | cryptsetup --verbose luksFormat /dev/sda3 |
10 |
# gpg --decrypt key.gpg | cryptsetup --verbose luksOpen /dev/sda3 encVol |
11 |
# dd if=/dev/zero of=/dev/mapper/encVol bs=100M (to avoid filesystem corruption) |
12 |
# mkfs.ext4 -L root /dev/mapper/encVol |
13 |
|
14 |
Now I continued as usual with the Gentoo handbook (mount all, copy things on it, etc.) |
15 |
|
16 |
After I compiled the kernel, emerged cryptsetup on the new system, I editied /boot/grub/grub.conf: |
17 |
----------------------------------------------- |
18 |
default 0 |
19 |
timeout 30 |
20 |
splashimage=(hd0,0)/boot/grub/splash.xpm.gz |
21 |
|
22 |
title Gentoo Linux |
23 |
root (hd0,0) |
24 |
kernel /boot/kernel-genkernel-x86-3.3.8-gentoo root=/dev/ram0 crypt_root=/dev/sda3 |
25 |
initrd /boot/initramfs-genkernel-x86-3.3.8-gentoo |
26 |
----------------------------------------------- |
27 |
(I read not to use real_root, but crypt_root instead?) |
28 |
|
29 |
Then I emerged grub as usual (also: # cat /proc/mounts > etc/mtab ) and did: # grub-install --no-floppy /dev/sda |
30 |
|
31 |
Still as usual. Now it is downloading plymouth (to have some cool things) + dracut (easiest way as I read in wiki). |
32 |
|
33 |
I also had to expand /etc/make.conf (not /etc/portage/make.conf ??? Is this a mistake in handbook?): |
34 |
|
35 |
----------------------------------------------- |
36 |
DRACUT_MODULES="crypt_gpg plymouth" |
37 |
----------------------------------------------- |
38 |
|
39 |
Now I really hope, that after I installed dracut on it, that I can boot it and the initrd will be updated. It needs at least some kernel modules (e.g. dm_crypt, ext4, sha512_generic, aes_generic) plus gpg and cryptsetup tools to actually decrypt the hard drive. |
40 |
|
41 |
Regards, |
42 |
Roland |