cryptsetup-luks

Gabor Walter gabor.walter at gmail.com
Sat Mar 11 17:03:09 UTC 2006 

> Gabor Walter wrote:
> > Hi,
> >
> > I would like to encrypt my entire root fs using cryptsetup-luks. I
> didn't
> > find any fedora specific howtos, but what I tried doing is supposed to
> work
> > under other distributions.
> > I have three partitions, (no lvm)
> > /dev/hda1 /boot
> > /dev/hda2 swap
> > /dev/hda3 /
> >
> > What I wanted to achieve was an ecrypted / and a modified initrd image
> to
> > ask for the passphrase at boot.
> > Here is what I did:
> > 1. installed FC4
> > 2. installed cryptsetup
> > 3. booted into a live cd
> > 4. tar-red the entire / and ftp-d it to another computer
> > 5. using cryptsetup on the live cd I created the encrypted /dev/hda3
> > 6. ftp-d the tar file back and extracted it
> > 7. chroot-ed to the hdd
> > 8. mkinitd kernel.img kernel
> >
> > After reboot, however, system is not booting, not even asking for the
> > passphrase.
> > Anybody here got any experience with cryptsetup? What did I do wrong?
> > Your help is really appreciated.
> >
> > Gabor Walter
> > Hungary
>
>
> I would recommend reviewing the dm-crypt wiki here:
>
> http://www.saout.de/tikiwiki/tiki-index.php
>
>
> There is a specific HOWTO for LUKS here:
>
> http://www.saout.de/tikiwiki/tiki-index.php?page=EncryptedDeviceUsingLUKS
>
> and a good example of a script that can be used at boot here:
>
> http://www.saout.de/tikiwiki/tiki-index.php?page=luksopen
>
>
> I use the above, with modifications, and put it into /etc/rc.d/rc.local.
>
>
> You don't need to modify the boot image to achieve this.
>
> Those should get you up and running.
>
>
> Also, there is a list/newsgroup for dm-crypt accessible via GMANE here:
>
> http://news.gmane.org/gmane.linux.kernel.device-mapper.dm-crypt
>
>
>
> HTH,
>
> Marc Schwartz
>
>
Thanks for the idea. I know about the site you suggested. That's where I
found some nice howtos. There was not one, however, about creating an entire
encrypted root fs, which is my case. Therefore putting the script you
suggested int /etc/init.d... does not help, because at that point /sbin is
not accesible.
I think I'll post a message to that list as well.

Regards,

Gabor Walter
Hungary
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://listman.redhat.com/archives/fedora-list/attachments/20060311/867917ee/attachment-0001.htm>

More information about the fedora-list mailing list