[dm-crypt] Encrypt all partitions with dm-crypt

Arno Wagner arno at wagner.name
Wed Aug 22 14:24:41 CEST 2012

On Wed, Aug 22, 2012 at 04:10:01PM +0400, Stayvoid wrote:
> Hello,
> I'd like to encrypt all partitions (or most of them) with plain dm-crypt.
> Here is my partition scheme:
> 1. /dev/sda1 ext3 (I want to install Parabola here.)
> 2. /dev/sda2 swap
> 3. /dev/sda3 ext3 gNewSense
> I can't boot from CD or USB that's why I'm going to use the third partition.
> I'd like to format the first two partitions and encrypt them with
> plain dm-crypt.
> After that I will install Parabola [1] on the first partition. Will this work?
> I'm not sure because my bootloader (PMON) uses the first partition to
> store its conf file.

And there you have answered your question already: No. 
What you can do is create a small (e.g. 100MB) partition for the
bootloader that is not encrypted.

> And how will this work from user's perspective? Will I be prompted for
> a passphrase?

Why should you be? Unless your distribution has a mechanism
that does this (out of scope for cryptsetup), you need to
map and mount it manually. I have no idea what your particular
distro of choice can or cannot do here, but you need to lok
in its documentation to find out, not here. cryptsetup is just a
tool with similarities to "mount", not an integrated system
encryption solution.

> Should I use a more complicated scheme (with /boot)?
> [1] Here is the installation guide:
> https://wiki.parabolagnulinux.org/MIPS_Installation
> Thanks
> P.S. I haven't decided what to do with the third partition yet. Maybe
> I'll erase and encrypt it later.

You need if for booting. Unless your distro has an initrd that
can mount encrypted volumes. See docu of your distro.

Arno Wagner,    Dr. sc. techn., Dipl. Inform.,   Email: arno at wagner.name 
GnuPG:  ID: 1E25338F  FP: 0C30 5782 9D93 F785 E79C  0296 797F 6B50 1E25 338F
One of the painful things about our time is that those who feel certainty 
are stupid, and those with any imagination and understanding are filled 
with doubt and indecision. -- Bertrand Russell 

More information about the dm-crypt mailing list