From: Matthew Monaco <dgbaley27@0x01b.net>
To: dm-crypt@saout.de
Subject: Re: [dm-crypt] Encrypt all partitions with dm-crypt
Date: Wed, 26 Sep 2012 03:24:11 -0600 [thread overview]
Message-ID: <5062C9BB.5010900@0x01b.net> (raw)
In-Reply-To: <CAK5fS_H4ZEuKhN1HMyyH+1J0t_oMh1=pEGoVENBizR5kYVbx7Q@mail.gmail.com>
On 09/26/2012 02:23 AM, Stayvoid wrote:
>> You need to add "encrypt" to
>> the HOOKS setting in /etc/mkinitcpio.conf and run (as root)
>>
>> # mkinitcpio -p linux-libre
>>
>> This will add cryptsetup and the necessary modules to your initramfs.
>
> It worked.
>
>> You also MUST add root=/dev/mapper/ROOT cryptdevice=/dev/sdX#:ROOT to your
>> kernel command line (/boot/grub/menu.lst for grub-legacy,
>> /boot/grub/grub.cfg
>> for grub2). Where ROOT is whatever label you want and /dev/sdX# is your
>> encrypted block device. Furthermore, you need to set crypto= to your
>> specific
>> settings, but I don't remember the format off the top of my head.
>
> I'd like to try mounting from a recovery shell.
> But there is no /media. Is it possible to add it?
>
You can mount to wherever you like. Once you've mapped the block device to
/dev/mapper/NAME, you have a block device like any other.
> BTW, how to safely enable swap?
> Should I chroot into the system and decrypt / swapon there?
>
The easiest thing is probably a swap file. However, you can also have a separate
swap partition which gets encrypted with a random key each boot. You define it
in /etc/crypttab.
swap /dev/sdX# /dev/urandom swap
This maps /dev/sdX# to /dev/mapper/swap with a random password. The "swap" in
the forth column tells /etc/rc.sysinit to run mkswap on the device after it's
mapped.
>> Are you *sure* you don't want to use LUKS?
>
> Yes.
next prev parent reply other threads:[~2012-09-26 9:24 UTC|newest]
Thread overview: 62+ messages / expand[flat|nested] mbox.gz Atom feed top
2012-08-22 12:10 [dm-crypt] Encrypt all partitions with dm-crypt Stayvoid
2012-08-22 12:24 ` Arno Wagner
2012-08-22 15:40 ` Stayvoid
2012-08-22 15:52 ` Heinz Diehl
2012-08-22 15:54 ` Matthew Monaco
2012-08-22 15:57 ` Javier Juan Martínez Cabezón
2012-08-23 7:28 ` Arno Wagner
2012-08-23 9:00 ` Christophe
2012-08-23 11:27 ` Arno Wagner
2012-08-23 14:12 ` Heinz Diehl
2012-08-23 15:10 ` Christophe
2012-08-23 16:07 ` Arno Wagner
2012-08-23 18:12 ` Milan Broz
2012-08-23 19:34 ` Arno Wagner
2012-08-24 14:01 ` Milan Broz
2012-08-24 14:40 ` Heinz Diehl
2012-08-24 15:14 ` Arno Wagner
2012-09-05 4:21 ` Stayvoid
2012-09-05 13:01 ` Arno Wagner
2012-09-06 12:54 ` Stayvoid
2012-09-06 16:46 ` Arno Wagner
2012-09-06 17:53 ` Heinz Diehl
2012-09-06 19:58 ` Arno Wagner
2012-09-07 16:10 ` Stayvoid
2012-09-07 19:04 ` Arno Wagner
2012-09-08 2:50 ` Stayvoid
2012-09-08 7:01 ` Milan Broz
2012-09-09 16:21 ` Stayvoid
2012-09-15 0:52 ` Stayvoid
2012-09-15 1:09 ` Matthew Monaco
2012-09-15 1:10 ` Matthew Monaco
2012-09-20 7:13 ` Stayvoid
2012-09-20 9:18 ` Javier Juan Martínez Cabezón
2012-09-21 5:01 ` Stayvoid
2012-09-21 10:01 ` Arno Wagner
2012-09-21 18:14 ` Stayvoid
2012-09-22 22:36 ` Stayvoid
2012-09-25 3:12 ` Stayvoid
2012-09-25 6:31 ` Matthew Monaco
2012-09-25 7:13 ` Stayvoid
2012-09-25 13:58 ` Stayvoid
2012-09-25 19:06 ` Matthew Monaco
2012-09-25 23:54 ` Stayvoid
2012-09-26 2:12 ` Matthew Monaco
2012-09-26 8:23 ` Stayvoid
2012-09-26 9:24 ` Matthew Monaco [this message]
2012-09-26 10:49 ` Stayvoid
2012-09-26 10:51 ` Stayvoid
2012-09-26 11:13 ` Matthew Monaco
2012-09-26 23:34 ` Stayvoid
2012-09-15 6:13 ` Javier Juan Martínez Cabezón
2012-09-08 8:13 ` Heinz Diehl
2012-09-08 13:26 ` Arno Wagner
2012-09-08 14:37 ` Heinz Diehl
2012-09-08 16:05 ` Arno Wagner
2012-09-08 16:39 ` Heinz Diehl
2012-09-08 19:36 ` Arno Wagner
2012-09-08 14:58 ` Marc MERLIN
2012-09-19 4:15 ` Two Spirit
2012-09-19 4:52 ` Javier Juan Martínez Cabezón
2012-09-19 5:13 ` Arno Wagner
2012-08-24 14:47 ` Arno Wagner
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=5062C9BB.5010900@0x01b.net \
--to=dgbaley27@0x01b.net \
--cc=dm-crypt@saout.de \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.