| 1 |
On Thu, Dec 31, 2015 at 07:45:29AM +1000, Hans wrote: |
| 2 |
> I can't follow Sakaki's_EFI_Install_Guide. The system will run in |
| 3 |
> VirtualBox and only have BIOS. No UEFI, EFI, USB stick as boot or key disk. |
| 4 |
|
| 5 |
You should still atleast read the guide to figure out how to get the |
| 6 |
encryption part right. You can skip the USB stuff and fallback to BIOS |
| 7 |
equivalents of EFI concepts. |
| 8 |
|
| 9 |
> I just have to find a way to get the same result using Gentoo with |
| 10 |
> OpenRC and if possible without LVM. Entering the pass phrase several |
| 11 |
> times is no problem. |
| 12 |
|
| 13 |
The steps are more or less the following: |
| 14 |
|
| 15 |
1. cryptsetup your whole device |
| 16 |
2. mkfs |
| 17 |
3. chroot |
| 18 |
4. install grub with device-mapper flag |
| 19 |
5. install dracut and cryptsetup. |
| 20 |
6. add GRUB_ENABLE_CRYPTODISK=y to /etc/default/grub |
| 21 |
7. grub2-install |
| 22 |
8. set 'hostonly="yes"' in /etc/dracut.conf OR add the output of |
| 23 |
`dracut --print-cmdline` to GRUB_CMDLINE_LINUX_DEFAULT in |
| 24 |
/etc/default/grub |
| 25 |
9. grub2-mkconfig -o /boot/grub/grub.cfg |
| 26 |
10. dracut --regenerate-all |
| 27 |
|
| 28 |
Somewhere between step 3 and 10 you need to build the kernel with atleast the |
| 29 |
dm_crypt module. This will lead to you having to enter the password twice - |
| 30 |
once when grub starts and once when the initramfs is setting up /. |
| 31 |
|
| 32 |
Check the arch wiki article on the topic [1] for more info, but don't |
| 33 |
blindly trust the boot loader part because that is specific to arch's |
| 34 |
initramfs generator. |
| 35 |
|
| 36 |
[1]: https://wiki.archlinux.org/index.php/Dm-crypt/Encrypting_an_entire_system |
Archives