Hello, I'm going to be a new CRUX user. I've read through the handbook and think I understand the installation process overall. However, I would ideally like to encrypt my disk. I have done this on other distributions like Void Linux, so I understand the main idea is use cryptsetup to format a luks partition, use lvm to create logical volumes on that partition, install like normal, then set up the kernel and grub to see the encrypted drive and decrypt it. I guess my main question then is how do I add this to the kernel in CRUX? I did find it on the wiki https://crux.nu/Wiki/Cryptsetup, but it seems to be really old. Has anyone done this recently and with EFI? This is my first time posting to a mailing list, so I'm hoping I followed the correct etiquette. Thanks! -- Zack Lofgren news@d9a.co
On Tue, 15 Jan 2019 13:00:54 -0700 Zack Lofgren <news@d9a.co> wrote:
Hello,
I'm going to be a new CRUX user. I've read through the handbook and think I understand the installation process overall. However, I would ideally like to encrypt my disk.
This is an interesting subject to me. I have intended to explore full disk encryption. I will start to play with this, installing into a qemu kvm instance.
I have done this on other distributions like Void Linux, so I understand the main idea is use cryptsetup to format a luks partition, use lvm to create logical volumes on that partition, install like normal, then set up the kernel and grub to see the encrypted drive and decrypt it. I guess my main question then is how do I add this to the kernel in CRUX? I did find it on the wiki https://crux.nu/Wiki/Cryptsetup, but it seems to be really old. Has anyone done this recently and with EFI?
I will explore this as well. I suspect that the main hurdle is going to be setting up an initramfs and setting up a method to update it for newly installed kernels.
This is my first time posting to a mailing list, so I'm hoping I followed the correct etiquette.
Thanks!
Welcome to CRUX. I really enjoy it's straight forward simplicity. I hope you will enjoy CRUX, too. Cheers, John
I have done this on other distributions like Void Linux, so I understand the main idea is use cryptsetup to format a luks partition, use lvm to create logical volumes on that partition, install like normal, then set up the kernel and grub to see the encrypted drive and decrypt it. I guess my main question then is how do I add this to the kernel in CRUX? I did find it on the wiki https://crux.nu/Wiki/Cryptsetup, but it seems to be really old. Has anyone done this recently and with EFI? I have tried in the past to set this up following the crux wiki cryptsetup page, I can't remember what part I couldn't get working though I also didn't have too much time back then to mess around with it. One thing that's always confused me in terms of initrd and initramfs is what to pass to the bootloader, because every distro requires different arguments to be passed. I think the simplest bootloader to deal with in terms of LVM on LUKS would be LILO because it has an initrd option (this should also apply to ELILO).
I will explore this as well. I suspect that the main hurdle is going to be setting up an initramfs and setting up a method to update it for newly installed kernels. For building an initramfs and also updating it for newly installed kernels I recommend checking out: https://wiki.gentoo.org/wiki/Custom_Initramfs. From what I know you can make a directory which will house all the files for your initramfs and then point to that directory in your kernel config, so that when you make your kernel (considering you use the same config) your initramfs will be built and/or embedded into your new kernel.
Wednesday, January 16, 2019 10:24 PM UTC from Casey Timmers <ctimmers07@gmail.com>:
I have done this on other distributions like Void Linux, so I understand the main idea is use cryptsetup to format a luks partition, use lvm to create logical volumes on that partition, install like normal, then set up the kernel and grub to see the encrypted drive and decrypt it. I guess my main question then is how do I add this to the kernel in CRUX? I did find it on the wiki https://crux.nu/Wiki/Cryptsetup , but it seems to be really old. Has anyone done this recently and with EFI? I have tried in the past to set this up following the crux wiki cryptsetup page, I can't remember what part I couldn't get working though I also didn't have too much time back then to mess around with it. One thing that's always confused me in terms of initrd and initramfs is what to pass to the bootloader, because every distro requires different arguments to be passed. I think the simplest bootloader to deal with in terms of LVM on LUKS would be LILO because it has an initrd option (this should also apply to ELILO).
I will explore this as well. I suspect that the main hurdle is going to be setting up an initramfs and setting up a method to update it for newly installed kernels. For building an initramfs and also updating it for newly installed kernels I recommend checking out: https://wiki.gentoo.org/wiki/Custom_Initramfs . From what I know you can make a directory which will house all the files for your initramfs and then point to that directory in your kernel config, so that when you make your kernel (considering you use the same config) your initramfs will be built and/or embedded into your new kernel.
I'm wishing to do this since I started using Crux, never had try yet, but I'm already using initramfs, maybe this port is not updated or not polished; # Description: dracut is an event driven initramfs infrastructure. # URL: https://dracut.wiki.kernel.org/ # Maintainer: Silvino Silva, silvino at bk dot ru # Depends on: cryptsetup nbd nfs-utils lvm2 mdadm name=dracut version=044 release=5 source=(https://www.kernel.org/pub/linux/utils/boot/$name/$name-$version.tar.xz dracut.conf README) build() { cd $name-$version ./configure --prefix=/usr make make DESTDIR=$PKG install install -m 0644 -D $SRC/dracut.conf $PKG/etc/dracut.conf mv $PKG/usr/share/man $PKG/usr/ find $PKG -name "README" | xargs rm } -- silvino silva
participants (4)
-
Casey Timmers
-
John Vogel
-
silvino silva
-
Zack Lofgren