User:Fog Watch/AES-encrypted root partition using LVM2

From Gentoo Wiki
Jump to:navigation Jump to:search

Gentoo will be installed on the following layers

  1. filesystem
  2. LVM2 logical volumes
  3. loop-AES encryption
  4. raid 1
  5. GPT disk partitions.

Approach

asdf

Work

For a livecd [www.sysresccd.org/ SystemRescueCd] is probably the best. Everything else appears not to include a patched losetup.

Boot the livecd.

root #passwd

And then

user $ssh user@hostname

to complete the rest.

root #gdisk -l /dev/sda
GPT fdisk (gdisk) version 0.8.5

Partition table scan:
  MBR: protective
  BSD: not present
  APM: not present
  GPT: present

Found valid GPT with protective MBR; using GPT.
Disk /dev/sda: 390721968 sectors, 186.3 GiB
Logical sector size: 512 bytes
Disk identifier (GUID): E9C3E020-D7A3-4F58-9D5A-0CB44FF97A09
Partition table holds up to 128 entries
First usable sector is 34, last usable sector is 390721934
Partitions will be aligned on 2048-sector boundaries
Total free space is 2014 sectors (1007.0 KiB)

Number  Start (sector)    End (sector)  Size       Code  Name
   1            2048            6143   2.0 MiB     EF02  
   2            6144         1030143   500.0 MiB   8300  ISO 1
   3         1030144         7321599   3.0 GiB     8300  ISO 3
   4         7321600         8345599   500.0 MiB   8200  Swap
   5         8345600         8386559   20.0 MiB    FD00  md0
   6         8386560       390721934   182.3 GiB   FD00  md1
root #mdadm --create --verbose /dev/md0 --level=1 --raid-devices=2 /dev/sda5 missing
root #mdadm --create --verbose /dev/md1 --level=1 --raid-devices=2 /dev/sda6 missing

Put the other drive in later

root #wget -q -O - http://ip/.jpg
root # tail -c 200
root # cryptsetup create --cipher aes-xts-plain64 --key-size 256 --hash sha256 --key-file - cryptmd1 /dev/sda5

pvcreate /dev/mapper/cryptsda5 vgcreate vg /dev/mapper/cryptsda5 lvcreate -n root -L20g vg mkfs.ext4 /dev/vg/root cd /mnt mount /dev/vg/root gentoo cd gentoo Manual Handbook:AMD64/Installation/Stage#Choosing_a_stage_tarball

KERNEL 
General setup --->

   [*] Initial RAM filesystem and RAM disk (initramfs/initrd) support

Device Drivers --->

   [*] Block devices  ---> 
       <*>   RAM disk support
       (4096)  Default RAM disk size (kbytes)

File systems --->

   Pseudo filesystems  --->  
       -*- /proc file system support  
   Miscellaneous filesystems  --->  
       < > Compressed ROM file system support (cramfs)
Retrieved from "https://wiki.gentoo.org/index.php?title=User:Fog_Watch/AES-encrypted_root_partition_using_LVM2&oldid=1057177"