From mboxrd@z Thu Jan  1 00:00:00 1970
Return-Path: <dgbaley27@0x01b.net>
Received: from mail.saout.de ([127.0.0.1])
 by localhost (mail.saout.de [127.0.0.1]) (amavisd-new, port 10024)
 with ESMTP id K05mZKiSfDJa for <dm-crypt@saout.de>;
 Wed, 26 Sep 2012 04:12:25 +0200 (CEST)
Received: from mail-oa0-f50.google.com (mail-oa0-f50.google.com
 [209.85.219.50])
 (using TLSv1 with cipher ECDHE-RSA-RC4-SHA (128/128 bits))
 (No client certificate requested)
 by mail.saout.de (Postfix) with ESMTPS
 for <dm-crypt@saout.de>; Wed, 26 Sep 2012 04:12:24 +0200 (CEST)
Received: by oagn16 with SMTP id n16so126673oag.37
 for <dm-crypt@saout.de>; Tue, 25 Sep 2012 19:12:23 -0700 (PDT)
Sender: Matthew Monaco <matt@0x01b.net>
Message-ID: <50626485.5000109@0x01b.net>
Date: Tue, 25 Sep 2012 20:12:21 -0600
From: Matthew Monaco <dgbaley27@0x01b.net>
MIME-Version: 1.0
References: <CAK5fS_EtiBTgj7inr875UJ2N2s-1qY8qA4hHRxE5+0VhFXgaUA@mail.gmail.com>
 <504AED40.2010102@gmail.com>
 <CAK5fS_FQMWe04TG1AN30fkwLd5nVts-6ZADLk+E1TXeFJjZntQ@mail.gmail.com>
 <CAK5fS_FEvCn6vorxdFqu72J-h8F9eeu+PNY=6xA1gHOGvF1hnw@mail.gmail.com>
 <5053D531.1000508@0x01b.net>
 <CAK5fS_HqO8vHrikfbAwvxY0ZvpwXQDVJwoF3-M0eWzXEwQkxJw@mail.gmail.com>
 <CAD98N_F3D59d9R4+mc3nypgHxbL-yz=jr2anAFRpkvyf_hpGMg@mail.gmail.com>
 <CAK5fS_G=tnaCHQiYafAE1SJOE0MAaeBSVKUZTY-iNC8noMNDjg@mail.gmail.com>
 <20120921100101.GA11357@tansi.org>
 <CAK5fS_Fc54S_1TwkXzbFaZC8fVfo5s6m3BEUj3Au=y-Ev98NQA@mail.gmail.com>
 <CAK5fS_GOEwQOkZAiTFqvmM9ZC3MOSrck4z-Ld+f1Bkh-j7L3iQ@mail.gmail.com>
 <CAK5fS_FmO91CX+b6E_OWemNf=_miohiFyD_HD80mZ=Xgw75=cw@mail.gmail.com>
 <50614FBC.80709@0x01b.net>
 <CAK5fS_FO7eBRX0Gk15Ekmv2zSZao1Pchq_8vpLEnp4ENxCXNtA@mail.gmail.com>
 <CAK5fS_Ebv=1-D7wz2_T5EU1HxAf+SPz8KWH8K3ZKQ26Ek+6XqA@mail.gmail.com>
 <506200BD.6010803@0x01b.net>
 <CAK5fS_Gow2pnR0Wm00wrws+9SdvYZFP+9UU1-Y+5LSRmwZsgLQ@mail.gmail.com>
In-Reply-To: <CAK5fS_Gow2pnR0Wm00wrws+9SdvYZFP+9UU1-Y+5LSRmwZsgLQ@mail.gmail.com>
Content-Type: text/plain; charset=ISO-8859-1
Content-Transfer-Encoding: 7bit
Subject: Re: [dm-crypt] Encrypt all partitions with dm-crypt
List-Id: <dm-crypt.saout.de>
List-Unsubscribe: <http://www.saout.de/mailman/options/dm-crypt>,
 <mailto:dm-crypt-request@saout.de?subject=unsubscribe>
List-Archive: <http://www.saout.de/pipermail/dm-crypt/>
List-Post: <mailto:dm-crypt@saout.de>
List-Help: <mailto:dm-crypt-request@saout.de?subject=help>
List-Subscribe: <http://www.saout.de/mailman/listinfo/dm-crypt>,
 <mailto:dm-crypt-request@saout.de?subject=subscribe>
To: dm-crypt@saout.de

On 09/25/2012 05:54 PM, Stayvoid wrote:
>> What distribution are you using? That sounds odd because I'd think your
>> recovery
>> shell is the same environment as your initrd which most certainly has
>> cryptsetup.
> 
> Parabola GNU/Linux-libre [1].
> 
>> If cryptsetup isn't working, try
>>
>> # modprobe dm-crypt
> 
> FATAL: Module dm-crypt not found
> 
> [1] http://mtjm.eu/releases/parabola/parabola-mips64el-20120912.tar.bz2

Ah, this is definitely an Arch Linux derivative. You need to add "encrypt" to
the HOOKS setting in /etc/mkinitcpio.conf and run (as root)

# mkinitcpio -p linux-libre

This will add cryptsetup and the necessary modules to your initramfs.

You also MUST add root=/dev/mapper/ROOT cryptdevice=/dev/sdX#:ROOT to your
kernel command line (/boot/grub/menu.lst for grub-legacy, /boot/grub/grub.cfg
for grub2). Where ROOT is whatever label you want and /dev/sdX# is your
encrypted block device. Furthermore, you need to set crypto= to your specific
settings, but I don't remember the format off the top of my head.

Are you *sure* you don't want to use LUKS? It will make your life a lot easier
(no crypt= kernel command line option, no need to specify ciphers and hashes
when mounting manually, etc...)