[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]

Re: Re: cryptsetup-luks




Gabor Walter wrote:
> Hi,
>
> I would like to encrypt my entire root fs using cryptsetup-luks. I didn't
> find any fedora specific howtos, but what I tried doing is supposed to work
> under other distributions.
> I have three partitions, (no lvm)
> /dev/hda1 /boot
> /dev/hda2 swap
> /dev/hda3 /
>
> What I wanted to achieve was an ecrypted / and a modified initrd image to
> ask for the passphrase at boot.
> Here is what I did:
> 1. installed FC4
> 2. installed cryptsetup
> 3. booted into a live cd
> 4. tar-red the entire / and ftp-d it to another computer
> 5. using cryptsetup on the live cd I created the encrypted /dev/hda3
> 6. ftp-d the tar file back and extracted it
> 7. chroot-ed to the hdd
> 8. mkinitd kernel.img kernel
>
> After reboot, however, system is not booting, not even asking for the
> passphrase.
> Anybody here got any experience with cryptsetup? What did I do wrong?
> Your help is really appreciated.
>
> Gabor Walter
> Hungary


I would recommend reviewing the dm-crypt wiki here:

http://www.saout.de/tikiwiki/tiki-index.php


There is a specific HOWTO for LUKS here:
   http://www.saout.de/tikiwiki/tiki-index.php?page=EncryptedDeviceUsingLUKS

and a good example of a script that can be used at boot here:

http://www.saout.de/tikiwiki/tiki-index.php?page=luksopen


I use the above, with modifications, and put it into /etc/rc.d/rc.local.


You don't need to modify the boot image to achieve this.

Those should get you up and running.


Also, there is a list/newsgroup for dm-crypt accessible via GMANE here:

http://news.gmane.org/gmane.linux.kernel.device-mapper.dm-crypt



HTH,

Marc Schwartz


Thanks for the idea. I know about the site you suggested. That's where I found some nice howtos. There was not one, however, about creating an entire encrypted root fs, which is my case. Therefore putting the script you suggested int /etc/init.d... does not help, because at that point /sbin is not accesible.
I think I'll post a message to that list as well.

Regards,

Gabor Walter
Hungary

[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]