Difference between revisions of "Category:HOWTO"

From Funtoo Linux
Jump to: navigation, search
(4 intermediate revisions by 2 users not shown)
Line 1: Line 1:
 
You can do many things with Funtoo Linux. This is just a sample of how to do some tasks.
 
You can do many things with Funtoo Linux. This is just a sample of how to do some tasks.
= Encrypted ROOTFS on LVM =
 
This howto describes  how to setup LVM and rootfs with cryptoLUKS-encrypted drive
 
  
== Prepape the hard drive and make partitions ==
+
'''Note to Authors:''' The HOWTO section is for short, to the point, hands-on guides.  Guides that also delve into the ''why'' in addition to the ''how'' belong in [[:Category:Tutorial]].
This is an example partition scheme, you may want to choose defferent.
+
/dev/sda1 used as /boot /dev/sda2 will be encrypted drive with LVM
+
  
<pre>/dev/sda1
+
[[Category:Funtoo]]
/dev/sda2
+
dd if=/dev/zero of=/dev/sda2 bs=100M
+
dd if=/dev/urandom of=/dev/sda2 bs=100M</pre>
+
dd part is optional, only for security reason, with /dev/urandom it takes around 6 hours to complete for 200GB drive.
+
 
+
 
+
== Encrypting the drive ==
+
<pre>cryptsetup -c aes-xts-plain luksFormat /dev/sda2
+
cryptsetup luksOpen /dev/sda2 dmcrypt_root</pre>
+
 
+
there you'll be promted to enter your password phrase for encrypted drive, type your paranoid password there
+
 
+
== Create logical volumes ==
+
<pre>pvcreate /dev/mapper/dmcrypt_root
+
vgcreate vg /dev/mapper/dmcrypt_root
+
lvcreate -L10G -nroot vg          
+
lvcreate -L2G -nswap vg
+
lvcreate -L5G -nportage vg
+
lvcreate -l 100%FREE -nhome vg</pre>
+
 
+
Feel free to specify your desired size
+
 
+
== Create a filesystem on volumes ==
+
<pre>mkfs.ext2 /dev/sda1
+
mkswap /dev/mapper/vg-swap
+
mkfs.ext4 /dev/mapper/vg-root
+
mkreiserfs /dev/mapper/vg-portage
+
mkfs.xfs /dev/mapper/vg-home</pre>
+
 
+
== Basic system setup ==
+
<pre>mkfs.ext2 /dev/sda1
+
mkswap /dev/mapper/vg-swap
+
mkfs.ext4 /dev/mapper/vg-root
+
mkreiserfs /dev/mapper/vg-portage
+
mkfs.xfs /dev/mapper/vg-home
+
swapon /dev/mapper/vg-swap
+
mount /dev/maper/vg-root /mnt/gentoo
+
mount /dev/sda1 /mnt/gentoo/boot</pre>
+
Now perform all the steps required for basic system install, please follow [http://docs.funtoo.org/wiki/Funtoo_Linux_Installation]
+
don't forget to emerge next packages:
+
 
+
<pre># emerge cryptsetup lvm2 grub foo-sources</pre>
+
 
+
Re-emerge busybox with "static" USE flag
+
+
 
+
== Kernel options ==
+
Important, do not miss this part.
+
Under General setup --->
+
<pre>[*] Initial RAM filesystem and RAM disk (initramfs/initrd) support</pre>
+
 
+
Under Device Drivers --->
+
<pre>[*] Multiple devices driver support 
+
<*>Device Mapper Support
+
<*> Crypt target support</pre>
+
+
 
+
Under Cryptographic API --->
+
<pre>-*-AES cipher algorithms
+
 
+
<*> XTS supprot (EXPERIMENTAL)</pre>
+
 
+
 
+
== Initramfs setup and configuration ==
+
Piotr Karbowski initramfs project used for making initrd
+
[http://github.com/slashbeast/better-initramfs]
+
<pre>git clone git://github.com/slashbeast/better-initramfs.git
+
oleg@orion ~ % cd better-initramfs 
+
oleg@orion better-initramfs % make
+
>>> initramfs.cpio.gz is ready</pre>
+
 
+
Copy resulting initramfs.cpio.gz to /boot
+
 
+
== Grub2 configuration ==
+
An example of /etc/boot/conf, which reflects partition setup
+
<pre>
+
boot {
+
  generate grub
+
  default "Funtoo Linux"
+
  timeout 3
+
}
+
"Funtoo Linux" {
+
  kernel bzImage[-v]
+
  initrd /initramfs.cpio.gz
+
  params += dmcrypt_root=true enc_root=/dev/sda2 lvm=true root=/dev/mapper/vg-root  rootfstype=ext4 resume=swap:/dev/mapper/vg-swap quiet
+
}</pre>
+
 
+
/etc/fstab
+
<pre>
+
# <fs>  <mountpoint>  <type>  <opts>  <dump/pass>
+
/dev/sda1  /boot  ext2  noauto,noatime  1 2
+
/dev/mapper/vg-swap  none  swap  sw  0 0
+
/dev/mapper/vg-root  /  ext4  noatime,nodiratime,defaults  0 1
+
/dev/sr0  /mnt/cdrom  auto  noauto,ro  0 0
+
/dev/mapper/vg-portage  /usr/portage  reiserfs  noatime,nodiratime  0 0
+
/dev/mapper/vg-home  /home  xfs  noatime,nodiratime,osyncisdsync 0 0</pre>
+
 
+
== Final steps ==
+
Umount everything, close encrypted drive and reboot
+
<pre>umount /mnt/gentoo/proc (/dev, /home,/usr/portage, /boot)
+
cryptsetup luksClose /dev/sda2 dmcrypt_root</pre>
+
After reboot you will get the following:
+
<pre>>>> better-initramfs started. Kernel version 2.6.35-gentoo-r10
+
>>> Create all the symlinks to /bin/busybox.
+
>>> Initiating /dev/dir
+
>>> Getting LVM volumes up (if any)
+
Reding all physical volumes. This make take awhile...
+
No volume group found
+
No volume group found
+
>>> Opening encrypted partition and mapping to /dev/mapper/dmcrypt_root
+
Enter passphrase fore /dev/sda2:</pre>
+
Type you password
+
 
+
<pre>>>> Again, getting LVM volumes up (if any, after map dmcrypt).
+
  Reading all physical volumes.  This may take a while...
+
  Found volume group "vg" using metadata type lvm2
+
  4 logical volume(s) in volume group "vg" now active
+
>>> Mounting rootfs to /newroot
+
>>> Umounting /sys and /proc.
+
>>> Switching root to /newroot and executing /sbin/init.
+
INIT: version 2.88 booting
+
Loading /libexec/rc/console/keymap
+
  OpenRC 0.6.1 is starting up Funtoo Linux (x86_64)
+
...boot messages omitted for clarity
+
   
+
orion login: oleg
+
Password:
+
Last login: Thu Oct 14 20:49:21 EEST 2010 on tty1
+
oleg@orion ~ %</pre>
+
== Additional links ==
+
[http://en.gentoo-wiki.com/wiki/Root_filesystem_over_LVM2,_DM-Crypt_and_RAID]
+
[http://wiki.archlinux.org/index.php/System_Encryption_with_LUKS_for_dm-crypt]
+
 
+
 
+
 
+
 
+
 
+
 
+
 
+
[[Category:HOWTO]]
+

Revision as of 09:17, 18 November 2012

You can do many things with Funtoo Linux. This is just a sample of how to do some tasks.

Note to Authors: The HOWTO section is for short, to the point, hands-on guides. Guides that also delve into the why in addition to the how belong in Category:Tutorial.

Subcategories

This category has the following 2 subcategories, out of 2 total.

K

M

Retrieved from "http://www.funtoo.org/index.php?title=Category:HOWTO&oldid=8103"
Personal tools
Namespaces

Variants
Actions
Categories
Toolbox
Stuff