On Wed, Aug 22, 2012 at 04:10:01PM +0400, Stayvoid wrote:
> Hello,
>
> I'd like to encrypt all partitions (or most of them) with plain dm-crypt.
What do you mean by plain dm-crypt ? If you mean aes-plain, then the mechanisms
present in most distributions won't be able to "see" your encrypted volumes, and
/etc/crypttab won't be of any use either.
However, as Arno sait you can do it with an initramfs image. Debian for instance
has a pretty convenient mechanism to automatically create initramfs images for
your different kernels, and you can use hooks to place your own scripts in it.
When you install cryptsetup, Debian updates all the initramfs images with the
cryptsetup binary. All you'll need to to after that is to add a custom boot
parameter to your bootloader (say encrypted_root=/dev/sdX), place a script in
the initramfs that will map the partition with cryptsetup (e.g. cryptsetup -c
aes-plain create root ${encrypted_root}) and update your /etc/fstab
(/dev/mapper/root / ...).
It requires a bit of fiddling but it'll work, and if your distro has such
mechanisms as Debian has, it won't break your configuration when updating grub
or the kernel because it'll run the hooks again.
Regards,
--
Christophe
_______________________________________________
dm-crypt mailing list
dm-crypt@xxxxxxxx
http://www.saout.de/mailman/listinfo/dm-crypt
