Jump to: navigation, search

Rootfs over encrypted lvm

603 bytes added, 1 year ago
# ##i##cryptsetup --cipher twofish-xts-plain64 --hash sha512 --key-size 256 luksFormat /dev/sda3
{{Warning|Support for ''twofish-xts-plain64'' is '''NOT''' in the default debian-kernel. You will need to configure and compile your own kernel if you choose this.}}
== Change your LUKs-encrypted drive's passphrase ==
You may want to change your encrypted volume’s passphrase or password from time to time. To do so, run the following commands in the console as root:
# ##i##cryptsetup luksChangeKey /dev/sda3
You'll be prompted to enter in the existing passphrase first, then to enter in your new passphrase. You will not be asked to confirm your new passphrase, so be careful when running this operation.
== Initializes the volume ==
Feel free to specify your desired size by altering the numbers after the -L flag. For example, to make your portage dataset 20GB's, use the flag -L20G instead of -L5G.
{{fancynoteNote| Please, notice that above mentioned partitioning scheme is an example and not a default recommendation, change it accordingly to desired scheme.}}
= Create a filesystem on volumes =
# ##i##mount /dev/mapper/vg-home /mnt/funtoo/home
Now perform all the steps required for basic system install, please follow the [[Funtoo Linux Installation]]Guide, but don't forget to emerge the following before your install is finished:
* '''cryptsetup'''
== Kernel options ==
{{fancynoteNote| This part is particularly important: pay close attention. }}<br>
Note: If you are using debian-sources as included in mid-May 2015 and later Funtoo stages, you do <em>not</em> need to rebuild the kernel. The following instructions are for other kernels that you may choose to install.
= Initramfs setup and configuration =
== Better-initramfs ==
{{fancynoteNote| As of August 2016, better-initramfs is not required with debian-sources as included in current Funtoo stages. Unless you are doing something not with debian-sources as comes with the Funtoo stage, you can safely skip to the section on editing <code>/etc/boot.conf</code>.}}
'''Build your initramfs with [ better-initramfs] project.'''
{{fancynoteNote| better-initramfs supports neither dynamic modules nor udev, so you should compile your kernel with built-in support for your block devices and file system support.}}
# ##i##cd /opt
# ##i##git clone githttps://githubbitbucket.comorg/slashbeastpiotrkarbowski/better-initramfs.git
# ##i##cd better-initramfs
# ##i##less README.rst
# ##i##less ChangeLog
{{fancynoteNote| Please read the ChangeLog carefuly and perform necessary updates to <code>/etc/boot.conf</code>. Also, please backup the working <code>/boot/initramfs.cpio.gz</code> and <code>/etc/boot.conf</code> before updating better-initramfs.}}
Alternatively and much faster is to install better-initramfs-bin package, recently added to Funtoo's portage tree:
Bureaucrats, Administrators, wiki-admins, wiki-staff

Navigation menu