On Thu, Dec 31, 2015 at 07:45:29AM +1000, Hans wrote: > I can't follow Sakaki's_EFI_Install_Guide. The system will run in > VirtualBox and only have BIOS. No UEFI, EFI, USB stick as boot or key disk.
You should still atleast read the guide to figure out how to get the encryption part right. You can skip the USB stuff and fallback to BIOS equivalents of EFI concepts. > I just have to find a way to get the same result using Gentoo with > OpenRC and if possible without LVM. Entering the pass phrase several > times is no problem. The steps are more or less the following: 1. cryptsetup your whole device 2. mkfs 3. chroot 4. install grub with device-mapper flag 5. install dracut and cryptsetup. 6. add GRUB_ENABLE_CRYPTODISK=y to /etc/default/grub 7. grub2-install 8. set 'hostonly="yes"' in /etc/dracut.conf OR add the output of `dracut --print-cmdline` to GRUB_CMDLINE_LINUX_DEFAULT in /etc/default/grub 9. grub2-mkconfig -o /boot/grub/grub.cfg 10. dracut --regenerate-all Somewhere between step 3 and 10 you need to build the kernel with atleast the dm_crypt module. This will lead to you having to enter the password twice - once when grub starts and once when the initramfs is setting up /. Check the arch wiki article on the topic [1] for more info, but don't blindly trust the boot loader part because that is specific to arch's initramfs generator. [1]: https://wiki.archlinux.org/index.php/Dm-crypt/Encrypting_an_entire_system
