On 31/12/15 09:15, Jeremi Piotrowski wrote:
On Thu, Dec 31, 2015 at 07:45:29AM +1000, Hans wrote:
I can't follow Sakaki's_EFI_Install_Guide. The system will run in
VirtualBox and only have BIOS. No UEFI, EFI, USB stick as boot or key disk.
You should still atleast read the guide to figure out how to get the
encryption part right. You can skip the USB stuff and fallback to BIOS
equivalents of EFI concepts.
I just have to find a way to get the same result using Gentoo with
OpenRC and if possible without LVM. Entering the pass phrase several
times is no problem.
The steps are more or less the following:
1. cryptsetup your whole device
2. mkfs
3. chroot
4. install grub with device-mapper flag
5. install dracut and cryptsetup.
6. add GRUB_ENABLE_CRYPTODISK=y to /etc/default/grub
7. grub2-install
8. set 'hostonly="yes"' in /etc/dracut.conf OR add the output of
`dracut --print-cmdline` to GRUB_CMDLINE_LINUX_DEFAULT in
/etc/default/grub
9. grub2-mkconfig -o /boot/grub/grub.cfg
10. dracut --regenerate-all
Somewhere between step 3 and 10 you need to build the kernel with atleast the
dm_crypt module. This will lead to you having to enter the password twice -
once when grub starts and once when the initramfs is setting up /.
Check the arch wiki article on the topic [1] for more info, but don't
blindly trust the boot loader part because that is specific to arch's
initramfs generator.
[1]: https://wiki.archlinux.org/index.php/Dm-crypt/Encrypting_an_entire_system
I have a working VM with Gentoo on LVM on top of LUKS. Works fine in
change root, Just can't get it to boot. Probably somewhere missed
something. Will start from scratch using your 10 steps with dracut
instead of genkernel.
Have a nice New Year
Hans
