**WARNING:** The procedure outlined below will destroy all data that is currently stored on the first IDE device /dev/hda.
This is not some kind of documentation for dm-crypt on Slackware Linux 12.0, but a real world example. You can read this in addition to README_CRYPT.TXT on your Slackware 12.0 disks (You should also read alien.slackbook.org/dokuwiki for latest hints and tips). First copy/rsync your data to a safe place ...
I booted my Thinkpad X30 with a USBinstaller that worked for me (I failed on booting with the official usbboot method). Than cleaned my harddisc over night with dd after logging in as root (just before setup).
# dd if=/dev/urandom of=/dev/hda
I like cfdisk for creating tables (reboot afterwards required).
# cfdisk
It looks like that. hda1 is /boot, hda2 is swap, hda3 is rootfs (/) and hda4 is /home.
# fdisk -l /dev/hda Platte /dev/hda: 40.0 GByte, 40060403712 Byte 255 Köpfe, 63 Sektoren/Spuren, 4870 Zylinder Einheiten = Zylinder von 16065 × 512 = 8225280 Bytes Gerät boot. Anfang Ende Blöcke Id System /dev/hda1 * 1 4 32098+ 83 Linux /dev/hda2 5 40 289170 82 Linux Swap /dev/hda3 41 1620 12691350 83 Linux /dev/hda4 1621 4870 26105625 83 Linux
We need to encrypt the last two
# cryptsetup -s 256 -y luksFormat /dev/hda3
# cryptsetup -s 256 -y luksFormat /dev/hda4
And now we open them in order to be able to install on them.
# cryptsetup luksOpen /dev/hda3 cryptroot
# cryptsetup luksOpen /dev/hda4 crypthome
Now you can start the setup program. As you can see I did not encrypt the swap (hda2), we take care of this later.
During setup make sure to install to /dev/mapper/cryptroot rather then to /dev/hda3 (also /dev/mapper/crypthome for /home), but select /dev/hda2 as swap. Also dont't forget to chose /dev/hda1 as /boot.
Don't reboot after setup, but chroot into your new system and edit /etc/fstab and /etc/crypttab accordingly.
# mount -o bind /proc /mnt/proc # mount -o bind /sys /mnt/sys # cp -a /dev/mapper /mnt/dev/ # chroot /mnt
# cat /etc/fstab /dev/mapper/cryptswap swap swap defaults 0 0 /dev/mapper/cryptroot / ext3 defaults 1 1 /dev/mapper/crypthome /home ext3 defaults 1 2 /dev/hda1 /boot ext3 defaults 1 2 #/dev/cdrom /mnt/cdrom auto noauto,owner,ro 0 0 /dev/fd0 /mnt/floppy auto noauto,owner 0 0 devpts /dev/pts devpts gid=5,mode=620 0 0 proc /proc proc defaults 0 0
# cat /etc/crypttab cryptswap /dev/hda2 none swap crypthome /dev/hda4
As a last step before rebooting you need do get your initrd going in order do be able to mount your encrypted rootpartition during boot.
In the README_CRYPT.TXT they say run
# mkinitrd -c -k 2.6.21.5-smp -m ext3 -f ext3 -r cryptroot -C /dev/sda1 -L
We need to specify /dev/hda3 but we also do not need the -L flag because it enables LVM (we don't use it and it needs time during boot). Double check with
# ls -l /boot/vmlinuz
which kernel you use and than run
# mkinitrd -c -k 2.6.21.5-smp -m ext3 -f ext3 -r cryptroot -C /dev/hda3
accordingly. In order to use this initrd.gz you need to edit /etc/lilo.conf. The lilo.conf described in README_CRYPT.TXT did not work for me. This depends much on weather you run any other OS or not. Anyway here comes my working lilo.conf:
# cat /etc/lilo.conf boot = /dev/hda compact # faster, but won't work on all systems. #prompt #timeout = 5 # VESA framebuffer console @ 1024x768x256 vga = 773 image = /boot/vmlinuz initrd = /boot/initrd.gz root = /dev/hda1 label = Linux read-only # Partitions should be mounted read-only for checking
Dont forget to run lilo in order to apply the changes. Have fun after reboot ...
# lilo
# shutdown -r now
Troubleshooting:
You get a kernel panic and it seems like you will not be able to boot into
your system?
With your installation media you will be able to boot the
installer and than log in as root. Than do:
# cryptsetup luksOpen /dev/hda3 cryptroot # mount /dev/mapper/cryptroot /mnt # mount -o bind /proc /mnt/proc # mount -o bind /sys /mnt/sys # cp -a /dev/mapper /mnt/dev/ # chroot /mnt # mount /boot
Now you are in your installed system, are able to edit your lilo.conf, make another initrd and so on ...
If you want to comment on this or if you find faults, please do not hesitate to contact me. I will also post appropriate comments and improvements here.
-- last change 2008-05-02 by y0shi --