Gabor Walter wrote:
Hi, I would like to encrypt my entire root fs using cryptsetup-luks. I didn't find any fedora specific howtos, but what I tried doing is supposed to work under other distributions. I have three partitions, (no lvm) /dev/hda1 /boot /dev/hda2 swap /dev/hda3 / What I wanted to achieve was an ecrypted / and a modified initrd image to ask for the passphrase at boot. Here is what I did: 1. installed FC4 2. installed cryptsetup 3. booted into a live cd 4. tar-red the entire / and ftp-d it to another computer 5. using cryptsetup on the live cd I created the encrypted /dev/hda3 6. ftp-d the tar file back and extracted it 7. chroot-ed to the hdd 8. mkinitd kernel.img kernel After reboot, however, system is not booting, not even asking for the passphrase. Anybody here got any experience with cryptsetup? What did I do wrong? Your help is really appreciated. Gabor Walter Hungary
I would recommend reviewing the dm-crypt wiki here: http://www.saout.de/tikiwiki/tiki-index.php There is a specific HOWTO for LUKS here: http://www.saout.de/tikiwiki/tiki-index.php?page=EncryptedDeviceUsingLUKS and a good example of a script that can be used at boot here: http://www.saout.de/tikiwiki/tiki-index.php?page=luksopen I use the above, with modifications, and put it into /etc/rc.d/rc.local. You don't need to modify the boot image to achieve this. Those should get you up and running. Also, there is a list/newsgroup for dm-crypt accessible via GMANE here: http://news.gmane.org/gmane.linux.kernel.device-mapper.dm-crypt HTH, Marc Schwartz
