@@ Line 1: / Line 1: @@
-This howto describes how to setup a swapless encrypted root partition without llvm.
 {{warning|out of order}}
-{{warning|This build is currently broken}}
-== Prepare the hard drive and partitions ==
-*List the device to be partitioned, mine is on /dev/sdc
-{{console|body=
-###i## lsblk -o name,size,label,partlabel
-}}
-==Partition==
-{{console|body=
-###i## cgdisk /dev/sdc}}
-delete everything.
-{{console|body=
-Command: ##i## new ↵
-First sector: ##i##↵
-Last sector: ##i##+1M ↵
-Hex Code: ##i##EF02 ↵
-Enter name: ##i##BIOS Boot ↵
-}}
-scroll down to large chunk of free space:
-{{console|body=
-Command: ##i##new ↵
-First sector: ##i##↵
-Last sector: ##i##+128M ↵
-Hex Code: ##i##EF00 ↵
-Enter name: ##i##BOOT ↵
-}}
-scroll down to large chunk of free space:
-{{console|body=
-Command: ##i##new ↵
-First sector: ##i##↵
-Last sector: ##i##↵
-Hex Code: ##i## 8304 ↵
-Enter name: ##i##FUNTOO ↵
-}}
-{{console|body=
-                              Disk Drive: /dev/sdc
-                            Size: 62333952, 29.7 GiB
-Part. #     Size        Partition Type            Partition Name
-----------------------------------------------------------------
-.0 KiB  free space
-        1024.0 KiB  BIOS boot partition	  BIOS Boot
-        256.0 MiB   EFI System                BOOT
-        29.5 GiB    Linux x86-64 root (/)     FUNTOO
-}}
-{{console|body=
-Command: ##i##write ↵
-Command: ##i##quit ↵
-}}
-== Encrypt the drive ==
-{{console|body=
-# ##i##cryptsetup luksFormat /dev/sdc3
-}}
-*enter your password
-== Initialize the volume ==
-Initialize the volume:
-{{console|body=
-# ##i##cryptsetup luksOpen /dev/sdc3 dmcrypt_root
-}}
-=== Create your filesystem ===
-{{console|body=
-###i## mkfs.vfat -F 32 /dev/sdc2
-###i## fatlabel /dev/sdc2 "BOOT"
-# ##i##mkfs.ext4 /dev/mapper/dmcrypt_root
-}}
-=== Basic system setup ===
-{{console|body=
-# ##i##mkdir /mnt/funtoo
-# ##i##mount /dev/mapper/dmcrypt_root /mnt/funtoo
-# ##i##mkdir  /mnt/funtoo/boot
-# ##i##mount /dev/sdc2 /mnt/funtoo/boot
-}}
-==Get Funtoo Gnome==
-You can pull your [[Subarches]] gnome tarball if you wish:
-{{console|body=
-###i## cd /mnt/funtoo
-###i## wget https://build.funtoo.org/1.4-release-std/x86-64bit/generic_64/gnome-latest.tar.xz
-###i## tar --numeric-owner --xattrs --xattrs-include='*' -xpf *gnome* && rm -f *gnome*
-}}
-==Load Funtoo==
-*expand your run tmpfs to be half of your ram:
-{{console|body=
-###i## mount -t tmpfs tmpfs /run
-}}
-*mount up:
-{{console|body=
-###i## cd /mnt/funtoo && mount -t proc none proc
-mount --rbind /sys sys
-mount --rbind /dev dev
-mount --rbind /run run
-}}
-*chroot in:
-{{console|body=
-###i## cd /mnt/funtoo && env -i HOME=/root TERM=$TERM chroot . bash -l
-}}
-*Set yo password:
-*set yo hostname:
-*set cloudflare dns resolution for installing:
-*Set yo time zone:
-{{console|body=
-###i## passwd
-###i## echo 'hostname="crypto"' > /etc/conf.d/hostname
-###i## echo "nameserver 1.1.1.1" > /etc/resolv.conf
-###i## ln -sf /usr/share/zoneinfo/America/Detroit /etc/localtime
-}}
-=== load your fstab ===
-*Deploy your fstab:
-{{console|body=
-###i## cat > /etc/fstab << "EOF"
-LABEL=BOOT /boot vfat noauto,noatime 1 2
-/dev/mapper/dmcrypt_root / ext4 noatime,nodiratime,defaults 0 1
-tmpfs /run tmpfs rw,nodev,nosuid 0 0
-EOF
-}}
-*compile in ram:
-{{console|body=
-###i## echo 'PORTAGE_TMPDIR="/run"' > /etc/portage/make.conf
-}}
-*Deploy your package.use file:
-{{console|body=
-###i## cat > /etc/portage/package.use << "EOF"
-sys-kernel/debian-sources luks
-sys-kernel/debian-sources-lts luks
-sys-boot/grub device-mapper
-sys-kernel/linux-firmware initramfs
-EOF
-}}
-*merge stuff:
-{{console|body=
-###i## ego sync
-}}
-*Deploy your ego profile:
-{{console|body=
-###i## ego profile mix-in encrypted-root
-}}
-{{console|body=
-###i## emerge grub haveged intel-microcode linux-firmware eix cryptsetup debian-sources-lts && emerge debian-sources && emerge -vuND @world
-}}
-*set services:
-{{console|body=
-###i## rc-update del swap boot && rc-update add haveged && rc-update add gpm && rc-update add busybox-ntpd
-###i## rc-update add device-mapper sysinit
-###i## rc-update add dmcrypt sysinit
-}}
-== Bootloader Configuration ==
-=== /etc/boot.conf ===
-<pre>
-boot {
-  generate grub
-  default "Funtoo Linux"
-  timeout 3
-}
-"Funtoo Linux" {
-	kernel kernel[-v]
-	initrd initramfs[-v]
-  params += crypt_root=PARTLABEL=FUNTOO lvm luks root=/dev/mapper/dmcrypt_root rootfstype=ext4
-}
-</pre>
-Now, run <code>ego boot update</code> to write the configuration files to <code>/boot/grub/grub.cfg</code>
-=== Another Example ===
-Configure the bootloader as described above, with correct kernel and initramfs images names. An example for grub2. You will be editing <code>/etc/boot.conf</code>:
-<pre>
-boot {
-  generate grub
-  default "Funtoo Linux"
-  timeout 3
-}
-"Funtoo Linux" {
-	kernel kernel[-v]
-	initrd initramfs[-v]
-  params += crypt_root=PARTLABEL=FUNTOO dolvm real_root=/dev/mapper/dmcrypt_root  rootfstype=ext4
-</pre>
-== GRUB ==
-*Install grub in legacy mode:
-{{console|body=
-###i## grub-install --target=i386-pc /dev/sdc
-###i## ego boot update}}
-=== EFI from Legacy ===
-*manually make efi directory:
-*remount /dev/sdc2 to /boot/efi:
-*install efi images:
-{{console|body=
-###i## mkdir /boot/efi
-###i## mount /dev/sdc2 /boot/efi
-###i## grub-install --target=x86_64-efi /boot/efi
-}}
-=== EFI from EFI ===
-{{console|body=
-###i##mount -o remount,rw /sys/firmware/efi/efivars
-###i##grub-install --target=x86_64-efi --efi-directory=/boot --bootloader-id="Funtoo Linux [GRUB]" --recheck /dev/sda
-###i##ego boot update
-}}
-== Final steps ==
-exit chroot, unmount everything, close encrypted drive and reboot
-{{console|body=
-###i## exit
-###i## cd ..
-###i## umount -lR funtoo
-# ##i##cryptsetup luksClose dmcrypt_root
-}}
-After reboot you will get the following:
-<console>
->>> better-initramfs started. Kernel version 2.6.35-gentoo-r10
->>> Create all the symlinks to /bin/busybox.
->>> Initiating /dev/dir
->>> Getting LVM volumes up (if any)
-Reding all physical volumes. This make take awhile...
-No volume group found
-No volume group found
->>> Opening encrypted partition and mapping to /dev/mapper/dmcrypt_root
-Enter passphrase fore /dev/sda2:
-</console>
-Type your password
-<console>
->>> Again, getting LVM volumes up (if any, after map dmcrypt).
-  Reading all physical volumes.  This may take a while...
-  Found volume group "vg" using metadata type lvm2
-logical volume(s) in volume group "vg" now active
->>> Mounting rootfs to /newroot
->>> Umounting /sys and /proc.
->>> Switching root to /newroot and executing /sbin/init.
-INIT: version 2.88 booting
-Loading /libexec/rc/console/keymap
-  OpenRC 0.6.1 is starting up Funtoo Linux (x86_64)
-...boot messages omitted for clarity
-orion login: oleg
-Password:
-Last login: Thu Oct 14 20:49:21 EEST 2010 on tty1
-oleg@orion ~ %
-</console>
-==management==
-=== Change your LUKs-encrypted drive's passphrase ===
-You may want to change your encrypted volume’s passphrase or password from time to time. To do so, run the following commands in the console as root:
-{{console|body=
-# ##i##cryptsetup luksChangeKey /dev/sda3
-}}
-You'll be prompted to enter in the existing passphrase first, then to enter in your new passphrase.
-You will not be asked to confirm your new passphrase, so be careful when running this operation.
-== Additional links and information ==
-* [[gentoo-wiki:Root filesystem over LVM2, DM-Crypt and RAID|Root filesystem over LVM2, DM-Crypt, and RAID]]
-* [http://wiki.archlinux.org/index.php/System_Encryption_with_LUKS_for_dm-crypt System Encryption with LUKS for dm-crypt]
-* [https://wiki.archlinux.org/index.php/Dm-crypt/Encrypting_an_entire_system#LVM_on_LUKS arch encrypt entire system]
-* [http://en.wikipedia.org/wiki/Logical_volume_management Wikipedia article on LVM]
-* [https://wiki.archlinux.org/index.php/Dm-crypt_with_LUKS Arch Wiki article]
 [[Category:HOWTO]]

Difference between revisions of "Encrypted Root"

Revision as of 07:12, November 30, 2020

Navigation menu

Search