Slackware 15: Full Disk Encryption With Unencrypted Boot Partition

-Boot Form DVD normal and access shell

-identify the hard disk , using cat /proc/partitions or fdisk -l

• my disk is /dev/sda with 1.6TB spaced
• i will create 1GB partition for boot and rest for /

-partition creation, use fdisk /dev/sda

• create first partition with 1GB (sda1 primary)
• create second partition with rest of free space (sda2 primary)
• all types are linux

-Disk Encryption

cryptsetup -s 256 -y luksFormat /dev/sda2

Type YES, in all caps and give it a password. Do not forget this password!

-Now disk is Encrypted, we can now create a swap and root partition

cryptsetup luksOpen /dev/sda2 sda2crypt

-Input the password that we previously set. This will make our encrypted disk available on

/dev/mapper/sda2crypt

-create 2 volumes , 16GB volume for swap and rest for /

pvcreate /dev/mapper/sda2crypt
vgcreate EncDisk /dev/mapper/sda2crypt
lvcreate -L 16G -n swap EncDisk
lvcreate -l 100%FREE -n root EncDisk

• pvcreate will initialize a volume to be used by lvm
• vgcreate is used to make volume groups
• lvcreate is used to make a logical volume. -L is used with a particular size and -l (lowercase L) is used to extent a percent of the volume.

let lvm know about volumes

vgscan --mknodes
vgchange -ay
mkswap /dev/EncDisk/swap

Start Installation : setup

installation notes:

• Start From Add Swap
• use ext4 filesystem
• install on /dec/EncDisk/root
• add 1GB boot partition to setup, Format with ext4 and set its mount point as /boot

-After A Full Install You Will be bring into boot loader page

• choose expert mode
• choose begin
• leave blank on lilo append
• choose standard
• choose MBR
• confirm /dev/sda
• choose lilo timeout as you wish
• choose to show a boot screen logo

We’ll be then brought back to the initial LILO installation screen

• Choose Linux - Add a linux partition to the LILO config
• choose /dev/EncDisk/root
• Set Name To “Linux”
• Choose install

• continue with network configuration
• complete setup
• choose EXIT
• choose shell

Then:

chroot /mnt
/usr/share/mkinitrd/mkinitrd_command_generator.sh

This will return us a command that we can run to generate the GENERIC kernel specific to our machine. For me it was something like:

mkinitrd -c -k 5.15.19 -f ext4 -r /dev/EncDisk/root -m mptbase:mptscsih:mptspi:jbd2:mbcache:crc32c_intel:crc32c_generic:ext4 -C /dev/sda2 -L -u -o /boot/initrd.gz

Optional add : for swap partition hiberation

-h /dev/EncDisk/swap

to end of command, type and execute it

-Edit lilo’s config to make it use this new generic kernel

vi /etc/lilo.conf

Edit the corresponding parts to look like this:

image = /boot/vmlinuz-generic-5.15.19
 initrd = /boot/initrd.gz
 root = /dev/EncDisk/root
 label = Linux
 read-only  # Partitions should be mounted read-only for checking

Above that, there’s an “append” line. Edit it to look something like this:

append = " resume=/dev/EncDisk/swap"

update lilo:

lilo
exit
reboot

on boot it will ask for decryption password

FINISHED

By: Mehdi Sadighian
Contact: mehdi.sadighian@hotmail.com
TAG: slackware, full disk encryption, encryption