On 09/26/2012 02:23 AM, Stayvoid wrote: >> You need to add "encrypt" to >> the HOOKS setting in /etc/mkinitcpio.conf and run (as root) >> >> # mkinitcpio -p linux-libre >> >> This will add cryptsetup and the necessary modules to your initramfs. > > It worked. > >> You also MUST add root=/dev/mapper/ROOT cryptdevice=/dev/sdX#:ROOT to your >> kernel command line (/boot/grub/menu.lst for grub-legacy, >> /boot/grub/grub.cfg >> for grub2). Where ROOT is whatever label you want and /dev/sdX# is your >> encrypted block device. Furthermore, you need to set crypto= to your >> specific >> settings, but I don't remember the format off the top of my head. > > I'd like to try mounting from a recovery shell. > But there is no /media. Is it possible to add it? > You can mount to wherever you like. Once you've mapped the block device to /dev/mapper/NAME, you have a block device like any other. > BTW, how to safely enable swap? > Should I chroot into the system and decrypt / swapon there? > The easiest thing is probably a swap file. However, you can also have a separate swap partition which gets encrypted with a random key each boot. You define it in /etc/crypttab. swap /dev/sdX# /dev/urandom swap This maps /dev/sdX# to /dev/mapper/swap with a random password. The "swap" in the forth column tells /etc/rc.sysinit to run mkswap on the device after it's mapped. >> Are you *sure* you don't want to use LUKS? > > Yes. _______________________________________________ dm-crypt mailing list dm-crypt@xxxxxxxx http://www.saout.de/mailman/listinfo/dm-crypt
