Help wanted to set up full disk encryption using GRUB

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



Hi,

I maintain the Slint distribution (Slackware derivative internationalized and
accessible to the blind).

Our installer uses GRUB as boot manager and boot loader in both Legacy and
EFI modes.

To help beginners I have added the 'auto' mode to the Slint installer which in
case of a drive dedicated to Slint sets up a very simple layout of the GPT:
_A Bios Boot partition for booting GRUB in legacy mode
_An EFI system partition
_A root (/) partition
_Optionally an additional partition (mount point suggested: /data)
_No swap partition: the installer sets up a swap file and a swap space in zram.

I would like that the 'auto' script offer an option for encrypting the whole
drive if dedicated to Slint, using LUKS without relying on LVM to keep the
drive's layout as simple as possible to be easily understood by a 74y old
grand father. I do belong to this category :-)

I assume that I will have to set GRUB_ENABLE_CRYPTODISK in /etc/default.grub.

I would like that the user type the passphrase only once. We always use an
initrd, built after having installed the kernel at time of installation,
rebuilt at each kernel upgrade, so I can modify its set up as need be.

I have tried to find on the Internet examples of settings matching this
specification but didn't find one on the Wiki or on the Arch wiki, but these:
https://unixsheikh.com/tutorials/real-full-disk-encryption-using-grub-on-void-linux-for-bios.html
https://cryptsetup-team.pages.debian.net/cryptsetup/encrypted-boot.html
Although they do not exactly match my specifications and/or use tools I
don't ship, if I have to I will take one of them as a basis.

However I'd glad for help on how-to provides this "type the passphrase only
once, don't modify the drive's layout and don't use LVM" feature, be it just
answering this message or giving me pointers to relevant documents.

Thanks in advance
Dider Spaier, Paris, France

_______________________________________________
dm-crypt mailing list
dm-crypt@xxxxxxxx
https://www.saout.de/mailman/listinfo/dm-crypt



[Index of Archives]     [Device Mapper Devel]     [Fedora Desktop]     [ATA RAID]     [Fedora Marketing]     [Fedora Packaging]     [Fedora SELinux]     [Yosemite News]     [KDE Users]     [Fedora Tools]     [Fedora Docs]

  Powered by Linux