I finally encrypted my hard drive using this article from the Gentoo wiki. It wasn’t 100% accurate and I’ll point out those discrepancies here. First off the instructions for setting up the swap during install weren’t at all accurate to the best of my knowledge. It was assuming you already had an install and wanted to encrypt your swap. This was useless and I ended up not even having a swap for the entire install and it went just fine.

Second, the genkernel-luks default kernel doesn’t work right with this. It leaves things out of the kernel and doesn’t build the initrd properly. I had to recompile the kernel and verify that everything needed was compiled in. Then I had to hand craft the initrd. The tutorial talks about a lib64 but you can just assume that it’s only lib when installing on an x86.

Third, and this was the biggest pain for me, when creating the initrd the tutorial suggests doing ‘ls -l /dev/mapper/’ to find out the major/minor numbers for the control node. Then they give an example. Using the Gentoo minimal LiveCD, my major/minor numbers for ‘/dev/mapper/control’ were different than the example. I figured since it was working on the LiveCD they are probably the right ones. Wrong. The example in the tutorial gave the right major/minor numbers and it took me a long time to diagnose the problem. I learned a lot about creating an initrd image and the initial linux boot process along the way though.

So as my reward for all this hard labor I now have the encryted root file system I alway wanted. Swap is encrypted with a new key each bootup. What fun!

This entry was posted on Thursday, February 23rd, 2006 at 8:16 pm and is filed under Uncategorized. You can follow any responses to this entry through the RSS 2.0 feed. You can leave a response, or trackback from your own site.