1 |
-----BEGIN PGP SIGNED MESSAGE----- |
2 |
Hash: SHA1 |
3 |
|
4 |
On 04.09.2012 22:05, "Roland Häder" wrote: |
5 |
> Okay, I have setup so far this: |
6 |
> |
7 |
> /dev/sda1 - /boot (unencrypted) /dev/sda2 - swap (not yet setup, |
8 |
> will be encrypted) /dev/sda3 - / (encrypted) |
9 |
> |
10 |
> /dev/sda3 is the underlaying drive, where I used gpg: |
11 |
> |
12 |
> # gpg --decrypt key.gpg | cryptsetup --verbose luksFormat |
13 |
> /dev/sda3 # gpg --decrypt key.gpg | cryptsetup --verbose luksOpen |
14 |
> /dev/sda3 encVol # dd if=/dev/zero of=/dev/mapper/encVol bs=100M |
15 |
> (to avoid filesystem corruption) # mkfs.ext4 -L root |
16 |
> /dev/mapper/encVol |
17 |
> |
18 |
> Now I continued as usual with the Gentoo handbook (mount all, copy |
19 |
> things on it, etc.) |
20 |
> |
21 |
> After I compiled the kernel, emerged cryptsetup on the new system, |
22 |
> I editied /boot/grub/grub.conf: |
23 |
> ----------------------------------------------- default 0 timeout |
24 |
> 30 splashimage=(hd0,0)/boot/grub/splash.xpm.gz |
25 |
> |
26 |
> title Gentoo Linux root (hd0,0) kernel |
27 |
> /boot/kernel-genkernel-x86-3.3.8-gentoo root=/dev/ram0 |
28 |
> crypt_root=/dev/sda3 initrd |
29 |
> /boot/initramfs-genkernel-x86-3.3.8-gentoo |
30 |
> ----------------------------------------------- (I read not to use |
31 |
> real_root, but crypt_root instead?) |
32 |
> |
33 |
> Then I emerged grub as usual (also: # cat /proc/mounts > etc/mtab ) |
34 |
> and did: # grub-install --no-floppy /dev/sda |
35 |
> |
36 |
> Still as usual. Now it is downloading plymouth (to have some cool |
37 |
> things) + dracut (easiest way as I read in wiki). |
38 |
> |
39 |
> I also had to expand /etc/make.conf (not /etc/portage/make.conf ??? |
40 |
> Is this a mistake in handbook?): |
41 |
> |
42 |
> ----------------------------------------------- |
43 |
> DRACUT_MODULES="crypt_gpg plymouth" |
44 |
> ----------------------------------------------- |
45 |
> |
46 |
> Now I really hope, that after I installed dracut on it, that I can |
47 |
> boot it and the initrd will be updated. It needs at least some |
48 |
> kernel modules (e.g. dm_crypt, ext4, sha512_generic, aes_generic) |
49 |
> plus gpg and cryptsetup tools to actually decrypt the hard drive. |
50 |
> |
51 |
> Regards, Roland |
52 |
> |
53 |
|
54 |
I thin you need to add crypt as a dracut module since crypt_gpg is |
55 |
afaik just an extension to crypt. |
56 |
|
57 |
The output from equery seems to support my assumption: |
58 |
|
59 |
... |
60 |
dracut_modules_crypt : Decrypt devices encrypted with |
61 |
cryptsetup/LUKS |
62 |
dracut_modules_crypt-gpg : Support for GPG-encrypted keys for |
63 |
crypt module |
64 |
... |
65 |
|
66 |
WKR |
67 |
Hinnerk |
68 |
-----BEGIN PGP SIGNATURE----- |
69 |
Version: GnuPG v2.0.19 (GNU/Linux) |
70 |
Comment: Using GnuPG with Mozilla - http://www.enigmail.net/ |
71 |
|
72 |
iQEcBAEBAgAGBQJQRmFOAAoJEJwwOFaNFkYc4eoH/0TthI9pSRXF/AKTp1fYFiwM |
73 |
qFPW7ZvvQVVX3QctL+h/NiPceWw6G5WGjc+eqiTput1A8B9ledi87OGvT13JFb40 |
74 |
vMfRWrlqrn89dtL/pkLQUHrT1FtjP4/jp6oY98XN1fcODKItQ8+F6TZN0/wrTzrJ |
75 |
CPJtdPdR8X2U+40zBUU8pxkm1doIbiMGmsU0hAf8aq2GC65Eer4rOCqPcLsTvMnz |
76 |
9zUYzTFxSq4rj34apuGrS8RxEsj9uABi4JpfMD+k3nzmI6D2ya1wOHJUMYtgiAoe |
77 |
itsuJxRsi5j0gZNwHz4XqF7iBTzMHHbKcQ2qtfSpJ/hx0LrMCXGeIALHylPeU+Q= |
78 |
=F+nL |
79 |
-----END PGP SIGNATURE----- |