From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: from lists.gentoo.org (pigeon.gentoo.org [208.92.234.80]) by finch.gentoo.org (Postfix) with ESMTP id 9410A138010 for ; Tue, 4 Sep 2012 20:08:35 +0000 (UTC) Received: from pigeon.gentoo.org (localhost [127.0.0.1]) by pigeon.gentoo.org (Postfix) with SMTP id B9CB8E0138; Tue, 4 Sep 2012 20:08:11 +0000 (UTC) Received: from mout.web.de (mout.web.de [212.227.15.4]) by pigeon.gentoo.org (Postfix) with ESMTP id D5AFBE0605 for ; Tue, 4 Sep 2012 20:05:35 +0000 (UTC) Received: from 3capp-webde-bs44.server.lan ([172.19.170.44]) by mriweb.server.lan (mriweb001) with ESMTPA (Nemesis) id 0M8d81-1TUlI40Oxf-00vnHT for ; Tue, 04 Sep 2012 22:05:35 +0200 Received: from [94.221.159.125] by 3capp-webde-bs44.server.lan with HTTP; Tue Sep 04 22:05:35 CEST 2012 Precedence: bulk List-Post: List-Help: List-Unsubscribe: List-Subscribe: List-Id: Gentoo Linux mail X-BeenThere: gentoo-user@lists.gentoo.org Reply-to: gentoo-user@lists.gentoo.org MIME-Version: 1.0 Message-ID: From: =?UTF-8?Q?=22Roland_H=C3=A4der=22?= To: gentoo-user@lists.gentoo.org Subject: Aw: Re: [gentoo-user] dm-crypt + ext4 = where will the journal go? Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 7bit Date: Tue, 4 Sep 2012 22:05:35 +0200 (CEST) In-Reply-To: <504651FF.9000506@binarywings.net> References: <504518A3.7000207@binarywings.net> <50463C4C.6040602@fu-berlin.de> <50464606.5050404@binarywings.net> , <504651FF.9000506@binarywings.net> Importance: normal Sensitivity: Normal X-UI-Message-Type: mail X-Priority: 3 X-Provags-ID: V01U2FsdGVkX18BlGnuUkExSTX176ixcX4Xy+b8ulBKfJdX0SaDp05BDDDplI7q4HLR 8Z82b77fBw/n8u8BnDsicAYH1iqMhiG0QUwQZ4ScdpNp2cDFAEpgTQ== X-Archives-Salt: cb225bc6-ea71-4bab-b0a4-9420be4df262 X-Archives-Hash: 85a03ea16f4bb64d9c4bd475fc827794 Okay, I have setup so far this: /dev/sda1 - /boot (unencrypted) /dev/sda2 - swap (not yet setup, will be encrypted) /dev/sda3 - / (encrypted) /dev/sda3 is the underlaying drive, where I used gpg: # gpg --decrypt key.gpg | cryptsetup --verbose luksFormat /dev/sda3 # gpg --decrypt key.gpg | cryptsetup --verbose luksOpen /dev/sda3 encVol # dd if=/dev/zero of=/dev/mapper/encVol bs=100M (to avoid filesystem corruption) # mkfs.ext4 -L root /dev/mapper/encVol Now I continued as usual with the Gentoo handbook (mount all, copy things on it, etc.) After I compiled the kernel, emerged cryptsetup on the new system, I editied /boot/grub/grub.conf: ----------------------------------------------- default 0 timeout 30 splashimage=(hd0,0)/boot/grub/splash.xpm.gz title Gentoo Linux root (hd0,0) kernel /boot/kernel-genkernel-x86-3.3.8-gentoo root=/dev/ram0 crypt_root=/dev/sda3 initrd /boot/initramfs-genkernel-x86-3.3.8-gentoo ----------------------------------------------- (I read not to use real_root, but crypt_root instead?) Then I emerged grub as usual (also: # cat /proc/mounts > etc/mtab ) and did: # grub-install --no-floppy /dev/sda Still as usual. Now it is downloading plymouth (to have some cool things) + dracut (easiest way as I read in wiki). I also had to expand /etc/make.conf (not /etc/portage/make.conf ??? Is this a mistake in handbook?): ----------------------------------------------- DRACUT_MODULES="crypt_gpg plymouth" ----------------------------------------------- Now I really hope, that after I installed dracut on it, that I can boot it and the initrd will be updated. It needs at least some kernel modules (e.g. dm_crypt, ext4, sha512_generic, aes_generic) plus gpg and cryptsetup tools to actually decrypt the hard drive. Regards, Roland