[dm-crypt] Encrypt all partitions with dm-crypt

Matthew Monaco dgbaley27 at 0x01b.net
Wed Sep 26 04:12:21 CEST 2012


On 09/25/2012 05:54 PM, Stayvoid wrote:
>> What distribution are you using? That sounds odd because I'd think your
>> recovery
>> shell is the same environment as your initrd which most certainly has
>> cryptsetup.
> 
> Parabola GNU/Linux-libre [1].
> 
>> If cryptsetup isn't working, try
>>
>> # modprobe dm-crypt
> 
> FATAL: Module dm-crypt not found
> 
> [1] http://mtjm.eu/releases/parabola/parabola-mips64el-20120912.tar.bz2

Ah, this is definitely an Arch Linux derivative. You need to add "encrypt" to
the HOOKS setting in /etc/mkinitcpio.conf and run (as root)

# mkinitcpio -p linux-libre

This will add cryptsetup and the necessary modules to your initramfs.

You also MUST add root=/dev/mapper/ROOT cryptdevice=/dev/sdX#:ROOT to your
kernel command line (/boot/grub/menu.lst for grub-legacy, /boot/grub/grub.cfg
for grub2). Where ROOT is whatever label you want and /dev/sdX# is your
encrypted block device. Furthermore, you need to set crypto= to your specific
settings, but I don't remember the format off the top of my head.

Are you *sure* you don't want to use LUKS? It will make your life a lot easier
(no crypt= kernel command line option, no need to specify ciphers and hashes
when mounting manually, etc...)


More information about the dm-crypt mailing list