1 |
On Thu, Dec 31, 2015 at 07:45:29AM +1000, Hans wrote: |
2 |
> I can't follow Sakaki's_EFI_Install_Guide. The system will run in |
3 |
> VirtualBox and only have BIOS. No UEFI, EFI, USB stick as boot or key disk. |
4 |
|
5 |
You should still atleast read the guide to figure out how to get the |
6 |
encryption part right. You can skip the USB stuff and fallback to BIOS |
7 |
equivalents of EFI concepts. |
8 |
|
9 |
> I just have to find a way to get the same result using Gentoo with |
10 |
> OpenRC and if possible without LVM. Entering the pass phrase several |
11 |
> times is no problem. |
12 |
|
13 |
The steps are more or less the following: |
14 |
|
15 |
1. cryptsetup your whole device |
16 |
2. mkfs |
17 |
3. chroot |
18 |
4. install grub with device-mapper flag |
19 |
5. install dracut and cryptsetup. |
20 |
6. add GRUB_ENABLE_CRYPTODISK=y to /etc/default/grub |
21 |
7. grub2-install |
22 |
8. set 'hostonly="yes"' in /etc/dracut.conf OR add the output of |
23 |
`dracut --print-cmdline` to GRUB_CMDLINE_LINUX_DEFAULT in |
24 |
/etc/default/grub |
25 |
9. grub2-mkconfig -o /boot/grub/grub.cfg |
26 |
10. dracut --regenerate-all |
27 |
|
28 |
Somewhere between step 3 and 10 you need to build the kernel with atleast the |
29 |
dm_crypt module. This will lead to you having to enter the password twice - |
30 |
once when grub starts and once when the initramfs is setting up /. |
31 |
|
32 |
Check the arch wiki article on the topic [1] for more info, but don't |
33 |
blindly trust the boot loader part because that is specific to arch's |
34 |
initramfs generator. |
35 |
|
36 |
[1]: https://wiki.archlinux.org/index.php/Dm-crypt/Encrypting_an_entire_system |