[dm-crypt] Encrypt all partitions with dm-crypt

Christophe kereoz at kereoz.org
Thu Aug 23 11:00:49 CEST 2012

On Wed, Aug 22, 2012 at 04:10:01PM +0400, Stayvoid wrote:
> Hello,
> I'd like to encrypt all partitions (or most of them) with plain dm-crypt.

What do you mean by plain dm-crypt ? If you mean aes-plain, then the mechanisms
present in most distributions won't be able to "see" your encrypted volumes, and
/etc/crypttab won't be of any use either.

However, as Arno sait you can do it with an initramfs image. Debian for instance
has a pretty convenient mechanism to automatically create initramfs images for
your different kernels, and you can use hooks to place your own scripts in it.
When you install cryptsetup, Debian updates all the initramfs images with the
cryptsetup binary. All you'll need to to after that is to add a custom boot
parameter to your bootloader (say encrypted_root=/dev/sdX), place a script in
the initramfs that will map the partition with cryptsetup (e.g. cryptsetup -c
aes-plain create root ${encrypted_root}) and update your /etc/fstab
(/dev/mapper/root / ...).

It requires a bit of fiddling but it'll work, and if your distro has such
mechanisms as Debian has, it won't break your configuration when updating grub
or the kernel because it'll run the hooks again.


More information about the dm-crypt mailing list