|
|
| (5 intermediate revisions by 3 users not shown) |
| Line 1: |
Line 1: |
| | You can do many things with Funtoo Linux. This is just a sample of how to do some tasks. | | You can do many things with Funtoo Linux. This is just a sample of how to do some tasks. |
| − | = Encrypted ROOTFS on LVM =
| |
| − | This howto describes how to setup LVM and rootfs with cryptoLUKS-encrypted drive
| |
| | | | |
| − | == Prepape the hard drive and make partitions ==
| + | '''Note to Authors:''' The HOWTO section is for short, to the point, hands-on guides. Guides that also delve into the ''why'' in addition to the ''how'' belong in [[:Category:Tutorial]]. |
| − | This is an example partition scheme, you may want to choose defferent.
| + | |
| − | /dev/sda1 used as /boot /dev/sda2 will be encrypted drive with LVM
| + | |
| | | | |
| − | <pre>/dev/sda1
| + | [[Category:Documentation]] |
| − | /dev/sda2
| + | |
| − | dd if=/dev/zero of=/dev/sda2 bs=100M
| + | |
| − | dd if=/dev/urandom of=/dev/sda2 bs=100M</pre>
| + | |
| − | dd part is optional, only for security reason, with /dev/urandom it takes around 6 hours to complete for 200GB drive.
| + | |
| − | | + | |
| − | | + | |
| − | == Encrypting the drive ==
| + | |
| − | <pre>cryptsetup -c aes-xts-plain luksFormat /dev/sda2
| + | |
| − | cryptsetup luksOpen /dev/sda2 dmcrypt_root</pre>
| + | |
| − | | + | |
| − | there you'll be promted to enter your password phrase for encrypted drive, type your paranoid password there
| + | |
| − | | + | |
| − | == Create logical volumes ==
| + | |
| − | <pre>pvcreate /dev/mapper/dmcrypt_root
| + | |
| − | vgcreate vg /dev/mapper/dmcrypt_root
| + | |
| − | lvcreate -L10G -nroot vg
| + | |
| − | lvcreate -L2G -nswap vg
| + | |
| − | lvcreate -L5G -nportage vg
| + | |
| − | lvcreate -l 100%FREE -nhome vg</pre>
| + | |
| − | | + | |
| − | Feel free to specify your desired size
| + | |
| − | | + | |
| − | == Create a filesystem on volumes ==
| + | |
| − | <pre>mkfs.ext2 /dev/sda1
| + | |
| − | mkswap /dev/mapper/vg-swap
| + | |
| − | mkfs.ext4 /dev/mapper/vg-root
| + | |
| − | mkreiserfs /dev/mapper/vg-portage
| + | |
| − | mkfs.xfs /dev/mapper/vg-home</pre>
| + | |
| − | | + | |
| − | == Basic system setup ==
| + | |
| − | <pre>mkfs.ext2 /dev/sda1
| + | |
| − | mkswap /dev/mapper/vg-swap
| + | |
| − | mkfs.ext4 /dev/mapper/vg-root
| + | |
| − | mkreiserfs /dev/mapper/vg-portage
| + | |
| − | mkfs.xfs /dev/mapper/vg-home
| + | |
| − | swapon /dev/mapper/vg-swap
| + | |
| − | mount /dev/maper/vg-root /mnt/gentoo
| + | |
| − | mount /dev/sda1 /mnt/gentoo/boot</pre>
| + | |
| − | Now perform all the steps required for basic system install, please follow [http://docs.funtoo.org/wiki/Funtoo_Linux_Installation]
| + | |
| − | don't forget to emerge next packages:
| + | |
| − | | + | |
| − | <pre># emerge cryptsetup lvm2 grub foo-sources</pre>
| + | |
| − | | + | |
| − | Re-emerge busybox with "static" USE flag
| + | |
| − |
| + | |
| − | | + | |
| − | == Kernel options ==
| + | |
| − | Important, do not miss this part.
| + | |
| − | Under General setup --->
| + | |
| − | <pre>[*] Initial RAM filesystem and RAM disk (initramfs/initrd) support</pre>
| + | |
| − | | + | |
| − | Under Device Drivers --->
| + | |
| − | <pre>[*] Multiple devices driver support
| + | |
| − | <*>Device Mapper Support
| + | |
| − | <*> Crypt target support</pre>
| + | |
| − |
| + | |
| − | | + | |
| − | Under Cryptographic API --->
| + | |
| − | <pre>-*-AES cipher algorithms
| + | |
| − | | + | |
| − | <*> XTS supprot (EXPERIMENTAL)</pre>
| + | |
| − | | + | |
| − | | + | |
| − | == Initramfs setup and configuration ==
| + | |
| − | Piotr Karbowski initramfs project used for making initrd
| + | |
| − | [http://github.com/slashbeast/better-initramfs]
| + | |
| − | <pre>git clone git://github.com/slashbeast/better-initramfs.git
| + | |
| − | oleg@orion ~ % cd better-initramfs
| + | |
| − | oleg@orion better-initramfs % make
| + | |
| − | >>> initramfs.cpio.gz is ready</pre>
| + | |
| − | | + | |
| − | Copy resulting initramfs.cpio.gz to /boot
| + | |
| − | | + | |
| − | == Grub2 configuration ==
| + | |
| − | An example of /etc/boot/conf, which reflects partition setup
| + | |
| − | <pre>
| + | |
| − | boot {
| + | |
| − | generate grub
| + | |
| − | default "Funtoo Linux"
| + | |
| − | timeout 3
| + | |
| − | }
| + | |
| − | "Funtoo Linux" {
| + | |
| − | kernel bzImage[-v]
| + | |
| − | initrd /initramfs.cpio.gz
| + | |
| − | params += dmcrypt_root=true enc_root=/dev/sda2 lvm=true root=/dev/mapper/vg-root rootfstype=ext4 resume=swap:/dev/mapper/vg-swap quiet
| + | |
| − | }</pre>
| + | |
| − | | + | |
| − | /etc/fstab
| + | |
| − | <pre>
| + | |
| − | # <fs> <mountpoint> <type> <opts> <dump/pass>
| + | |
| − | /dev/sda1 /boot ext2 noauto,noatime 1 2
| + | |
| − | /dev/mapper/vg-swap none swap sw 0 0
| + | |
| − | /dev/mapper/vg-root / ext4 noatime,nodiratime,defaults 0 1
| + | |
| − | /dev/sr0 /mnt/cdrom auto noauto,ro 0 0
| + | |
| − | /dev/mapper/vg-portage /usr/portage reiserfs noatime,nodiratime 0 0
| + | |
| − | /dev/mapper/vg-home /home xfs noatime,nodiratime,osyncisdsync 0 0</pre>
| + | |
| − | | + | |
| − | == Final steps ==
| + | |
| − | Umount everything, close encrypted drive and reboot
| + | |
| − | <pre>umount /mnt/gentoo/proc (/dev, /home,/usr/portage, /boot)
| + | |
| − | cryptsetup luksClose /dev/sda2 dmcrypt_root</pre>
| + | |
| − | After reboot you will get the following:
| + | |
| − | <pre>>>> better-initramfs started. Kernel version 2.6.35-gentoo-r10
| + | |
| − | >>> Create all the symlinks to /bin/busybox.
| + | |
| − | >>> Initiating /dev/dir
| + | |
| − | >>> Getting LVM volumes up (if any)
| + | |
| − | Reding all physical volumes. This make take awhile...
| + | |
| − | No volume group found
| + | |
| − | No volume group found
| + | |
| − | >>> Opening encrypted partition and mapping to /dev/mapper/dmcrypt_root
| + | |
| − | Enter passphrase fore /dev/sda2:</pre>
| + | |
| − | Type you password
| + | |
| − | | + | |
| − | <pre>>>> Again, getting LVM volumes up (if any, after map dmcrypt).
| + | |
| − | Reading all physical volumes. This may take a while...
| + | |
| − | Found volume group "vg" using metadata type lvm2
| + | |
| − | 4 logical volume(s) in volume group "vg" now active
| + | |
| − | >>> Mounting rootfs to /newroot
| + | |
| − | >>> Umounting /sys and /proc.
| + | |
| − | >>> Switching root to /newroot and executing /sbin/init.
| + | |
| − | INIT: version 2.88 booting
| + | |
| − | Loading /libexec/rc/console/keymap
| + | |
| − | OpenRC 0.6.1 is starting up Funtoo Linux (x86_64)
| + | |
| − | ...boot messages omitted for clarity
| + | |
| − |
| + | |
| − | orion login: oleg
| + | |
| − | Password:
| + | |
| − | Last login: Thu Oct 14 20:49:21 EEST 2010 on tty1
| + | |
| − | oleg@orion ~ %</pre>
| + | |
| − | == Additional links ==
| + | |
| − | [http://en.gentoo-wiki.com/wiki/Root_filesystem_over_LVM2,_DM-Crypt_and_RAID]
| + | |
| − | [http://wiki.archlinux.org/index.php/System_Encryption_with_LUKS_for_dm-crypt]
| + | |
| − | | + | |
| − | | + | |
| − | | + | |
| − | | + | |
| − | | + | |
| − | | + | |
| − | | + | |
| − | [[Category:HOWTO]] | + | |
You can do many things with Funtoo Linux. This is just a sample of how to do some tasks.
