Aw: Re: [gentoo-user] dm-crypt + ext4 = where will the journal go?

["\"Roland Häder\"" <r.haeder@web.de>]

Okay, I have setup so far this:

/dev/sda1 - /boot (unencrypted)
/dev/sda2 - swap (not yet setup, will be encrypted)
/dev/sda3 - / (encrypted)

/dev/sda3 is the underlaying drive, where I used gpg:

# gpg --decrypt key.gpg | cryptsetup --verbose luksFormat /dev/sda3
# gpg --decrypt key.gpg | cryptsetup --verbose luksOpen /dev/sda3 encVol
# dd if=/dev/zero of=/dev/mapper/encVol bs=100M (to avoid filesystem corruption)
# mkfs.ext4 -L root /dev/mapper/encVol

Now I continued as usual with the Gentoo handbook (mount all, copy things on it, etc.)

After I compiled the kernel, emerged cryptsetup on the new system, I editied /boot/grub/grub.conf:
-----------------------------------------------
default 0
timeout 30
splashimage=(hd0,0)/boot/grub/splash.xpm.gz

title Gentoo Linux
root (hd0,0)
kernel /boot/kernel-genkernel-x86-3.3.8-gentoo root=/dev/ram0 crypt_root=/dev/sda3
initrd /boot/initramfs-genkernel-x86-3.3.8-gentoo
-----------------------------------------------
(I read not to use real_root, but crypt_root instead?)

Then I emerged grub as usual (also: # cat /proc/mounts > etc/mtab ) and did: # grub-install --no-floppy /dev/sda

Still as usual. Now it is downloading plymouth (to have some cool things) + dracut (easiest way as I read in wiki).

I also had to expand /etc/make.conf (not /etc/portage/make.conf ??? Is this a mistake in handbook?):

-----------------------------------------------
DRACUT_MODULES="crypt_gpg plymouth"
-----------------------------------------------

Now I really hope, that after I installed dracut on it, that I can boot it and the initrd will be updated. It needs at least some kernel modules (e.g. dm_crypt, ext4, sha512_generic, aes_generic) plus gpg and cryptsetup tools to actually decrypt the hard drive.

Regards,
  Roland