| 1 |
-----BEGIN PGP SIGNED MESSAGE----- |
| 2 |
Hash: SHA1 |
| 3 |
|
| 4 |
On 04.09.2012 22:05, "Roland Häder" wrote: |
| 5 |
> Okay, I have setup so far this: |
| 6 |
> |
| 7 |
> /dev/sda1 - /boot (unencrypted) /dev/sda2 - swap (not yet setup, |
| 8 |
> will be encrypted) /dev/sda3 - / (encrypted) |
| 9 |
> |
| 10 |
> /dev/sda3 is the underlaying drive, where I used gpg: |
| 11 |
> |
| 12 |
> # gpg --decrypt key.gpg | cryptsetup --verbose luksFormat |
| 13 |
> /dev/sda3 # gpg --decrypt key.gpg | cryptsetup --verbose luksOpen |
| 14 |
> /dev/sda3 encVol # dd if=/dev/zero of=/dev/mapper/encVol bs=100M |
| 15 |
> (to avoid filesystem corruption) # mkfs.ext4 -L root |
| 16 |
> /dev/mapper/encVol |
| 17 |
> |
| 18 |
> Now I continued as usual with the Gentoo handbook (mount all, copy |
| 19 |
> things on it, etc.) |
| 20 |
> |
| 21 |
> After I compiled the kernel, emerged cryptsetup on the new system, |
| 22 |
> I editied /boot/grub/grub.conf: |
| 23 |
> ----------------------------------------------- default 0 timeout |
| 24 |
> 30 splashimage=(hd0,0)/boot/grub/splash.xpm.gz |
| 25 |
> |
| 26 |
> title Gentoo Linux root (hd0,0) kernel |
| 27 |
> /boot/kernel-genkernel-x86-3.3.8-gentoo root=/dev/ram0 |
| 28 |
> crypt_root=/dev/sda3 initrd |
| 29 |
> /boot/initramfs-genkernel-x86-3.3.8-gentoo |
| 30 |
> ----------------------------------------------- (I read not to use |
| 31 |
> real_root, but crypt_root instead?) |
| 32 |
> |
| 33 |
> Then I emerged grub as usual (also: # cat /proc/mounts > etc/mtab ) |
| 34 |
> and did: # grub-install --no-floppy /dev/sda |
| 35 |
> |
| 36 |
> Still as usual. Now it is downloading plymouth (to have some cool |
| 37 |
> things) + dracut (easiest way as I read in wiki). |
| 38 |
> |
| 39 |
> I also had to expand /etc/make.conf (not /etc/portage/make.conf ??? |
| 40 |
> Is this a mistake in handbook?): |
| 41 |
> |
| 42 |
> ----------------------------------------------- |
| 43 |
> DRACUT_MODULES="crypt_gpg plymouth" |
| 44 |
> ----------------------------------------------- |
| 45 |
> |
| 46 |
> Now I really hope, that after I installed dracut on it, that I can |
| 47 |
> boot it and the initrd will be updated. It needs at least some |
| 48 |
> kernel modules (e.g. dm_crypt, ext4, sha512_generic, aes_generic) |
| 49 |
> plus gpg and cryptsetup tools to actually decrypt the hard drive. |
| 50 |
> |
| 51 |
> Regards, Roland |
| 52 |
> |
| 53 |
|
| 54 |
I thin you need to add crypt as a dracut module since crypt_gpg is |
| 55 |
afaik just an extension to crypt. |
| 56 |
|
| 57 |
The output from equery seems to support my assumption: |
| 58 |
|
| 59 |
... |
| 60 |
dracut_modules_crypt : Decrypt devices encrypted with |
| 61 |
cryptsetup/LUKS |
| 62 |
dracut_modules_crypt-gpg : Support for GPG-encrypted keys for |
| 63 |
crypt module |
| 64 |
... |
| 65 |
|
| 66 |
WKR |
| 67 |
Hinnerk |
| 68 |
-----BEGIN PGP SIGNATURE----- |
| 69 |
Version: GnuPG v2.0.19 (GNU/Linux) |
| 70 |
Comment: Using GnuPG with Mozilla - http://www.enigmail.net/ |
| 71 |
|
| 72 |
iQEcBAEBAgAGBQJQRmFOAAoJEJwwOFaNFkYc4eoH/0TthI9pSRXF/AKTp1fYFiwM |
| 73 |
qFPW7ZvvQVVX3QctL+h/NiPceWw6G5WGjc+eqiTput1A8B9ledi87OGvT13JFb40 |
| 74 |
vMfRWrlqrn89dtL/pkLQUHrT1FtjP4/jp6oY98XN1fcODKItQ8+F6TZN0/wrTzrJ |
| 75 |
CPJtdPdR8X2U+40zBUU8pxkm1doIbiMGmsU0hAf8aq2GC65Eer4rOCqPcLsTvMnz |
| 76 |
9zUYzTFxSq4rj34apuGrS8RxEsj9uABi4JpfMD+k3nzmI6D2ya1wOHJUMYtgiAoe |
| 77 |
itsuJxRsi5j0gZNwHz4XqF7iBTzMHHbKcQ2qtfSpJ/hx0LrMCXGeIALHylPeU+Q= |
| 78 |
=F+nL |
| 79 |
-----END PGP SIGNATURE----- |
Archives