Gabor Walter wrote:
> Hi,
>
> I would like to encrypt my entire root fs using cryptsetup-luks. I didn't
> find any fedora specific howtos, but what I tried doing is supposed to work
> under other distributions.
> I have three partitions, (no lvm)
> /dev/hda1 /boot
> /dev/hda2 swap
> /dev/hda3 /
>
> What I wanted to achieve was an ecrypted / and a modified initrd image to
> ask for the passphrase at boot.
> Here is what I did:
> 1. installed FC4
> 2. installed cryptsetup
> 3. booted into a live cd
> 4. tar-red the entire / and ftp-d it to another computer
> 5. using cryptsetup on the live cd I created the encrypted /dev/hda3
> 6. ftp-d the tar file back and extracted it
> 7. chroot-ed to the hdd
> 8. mkinitd kernel.img kernel
>
> After reboot, however, system is not booting, not even asking for the
> passphrase.
> Anybody here got any experience with cryptsetup? What did I do wrong?
> Your help is really appreciated.
>
> Gabor Walter
> Hungary
I would recommend reviewing the dm-crypt wiki here:
http://www.saout.de/tikiwiki/tiki-index.php
There is a specific HOWTO for LUKS here:
http://www.saout.de/tikiwiki/tiki-index.php?page=EncryptedDeviceUsingLUKS
and a good example of a script that can be used at boot here:
http://www.saout.de/tikiwiki/tiki-index.php?page=luksopen
I use the above, with modifications, and put it into /etc/rc.d/rc.local.
You don't need to modify the boot image to achieve this.
Those should get you up and running.
Also, there is a list/newsgroup for dm-crypt accessible via GMANE here:
http://news.gmane.org/gmane.linux.kernel.device-mapper.dm-crypt
HTH,
Marc Schwartz
Thanks for the idea. I know about the site you suggested. That's where I found some nice howtos. There was not one, however, about creating an entire encrypted root fs, which is my case. Therefore putting the script you suggested int /etc/init.d... does not help, because at that point /sbin is not accesible.
I think I'll post a message to that list as well.
Regards,
Gabor Walter
Hungary
