**WARNING:** The procedure outlined below will destroy all data that is currently stored on the first IDE device /dev/hda.
This is not some kind of documentation for dm-crypt on Slackware Linux 12.1, but a real world example. I simply publish my experiences here. You can read this in addition to README_CRYPT.TXT on your Slackware 12.0 disks.
Infact crypt support improved much and I had no problems, you should
really skip this and read the README_CRYPT.TXT.
First copy/rsync your data to a safe place ...
I booted and installed my Thinkpad X30 with the USBinstaller from Alien Bob. My minimal image is found in ./usbboot/. Than cleaned my harddisc over night with dd after logging in as root (just before setup).
# dd if=/dev/urandom of=/dev/hda
I like cfdisk for creating tables (reboot afterwards required).
# cfdisk
It looks like that. hda1 is /boot and hda2 is the rest.
# fdisk -l /dev/hda Platte /dev/hda: 40.0 GByte, 40060403712 Byte 255 Koepfe, 63 Sektoren/Spuren, 4870 Zylinder Einheiten = Zylinder von 16065 × 512 = 8225280 Bytes Geraet boot. Anfang Ende Bloecke Id System /dev/hda1 * 1 6 48163+ 83 Linux /dev/hda2 7 4870 39070080 83 Linux
We need to encrypt the last one (hda2).
# cryptsetup -s 256 -y luksFormat /dev/hda2
And now we open this one in order to be able to install on to it.
# cryptsetup luksOpen /dev/hda2 slackluks
Now we create LVM volumes. I just list the steps.
# pvcreate /dev/mapper/slackluks # vgcreate cryptvg /dev/mapper/slackluks # lvcreate -L 8G -n root cryptvg # lvcreate -L 28G -n home cryptvg # lvcreate -L 1G -n swap cryptvg
# vgscan --mknodes # vgchange -ay
We have to run mkswap on our new swap partition so that the setup will detect it as such.
# mkswap /dev/cryptvg/swap
Now you can start the setup program.
During setup make sure to install to /dev/cryptvg/root rather then to /dev/hda2 also not to something like /dev/mapper/*. But dont't forget to chose /dev/hda1 as /boot.
Don't reboot after setup, but chroot into your new system and create a custom initrd.
# chroot /mnt
Usually /boot/vmlinuz is linked to vmlinuz-huge-2.6.24.5. This is a install kernel not a kernel you want to use every day. Use vmlinuz-generic-smp-2.6.24.5-smp and then compile your own if you want and you have a working system. (Of course this is my opinion, the whole thing is my opinion.)
# rm /boot/vmlinuz # ln -s /boot/vmlinuz-generic-smp-2.6.24.5-smp /boot/vmlinuz
Double check with
# ls -l /boot/vmlinuz
which kernel you use and than run
# mkinitrd -c -k 2.6.24.5-smp -m ext3 -f ext3 -r /dev/cryptvg/root -C /dev/hda2 -L
accordingly. I have a United Kingdom keyboard, so I append the -l flag with uk (see man mkinitrd for supported keyboard mappings). The -h flag is for specifying the hibernation partition (swap).
# mkinitrd -c -k 2.6.24.5-smp -m ext3 -f ext3 -r /dev/cryptvg/root -C /dev/hda2 -L \ -l uk -h /dev/cryptvg/swap
In order to use this initrd.gz you need to edit /etc/lilo.conf.
# cat /etc/lilo.conf # LILO configuration file # generated by 'liloconfig' # # Start LILO global section boot = /dev/hda compact # faster, but won't work on all systems. # Boot BMP Image. # Bitmap in BMP format: 640x480x8 bitmap = /boot/slack.bmp # Menu colors (foreground, background, shadow, highlight # foreground, highlighted background, highlighted shadow bmp-colors = 255,0,255,0,255,0 # Location of the option table: location x, location y, # columns, lines per column (max 15), "spill" (this is h # entries must be in the first column before the next be # be used. We don't specify it here, as there's just on bmp-table = 60,6,1,16 # Timer location x, timer location y, foreground color, # background color, shadow color. bmp-timer = 65,27,0,255 # Standard menu. # Or, you can comment out the bitmap menu above and # use a boot message with the standard menu: #message = /boot/boot_message.txt # Append any additional kernel parameters: append= "resume=/dev/cryptvg/swap vt.default_utf8=0" prompt timeout = 14 # VESA framebuffer console @ 1024x768x256 vga = 773 # ramdisk = 0 # paranoia setting # End LILO global section # Linux bootable partition config begins image = /boot/vmlinuz initrd = /boot/initrd.gz root = /dev/cryptvg/root label = Linux read-only # Partitions should be mounted read-only for checking # Linux bootable partition config ends
Dont forget to run lilo in order to apply the changes. Have fun after reboot ...
# lilo
After rebooting you have a encrypted suspend to disk capable Slackware Linux system you can put it to sleep with.
# echo -n disk > /sys/power/state
If you want to comment on this or if you find faults, please do not hesitate to contact me. I will also post appropriate comments and improvements here.
-- last change 2008-10-19 by y0shi --