Professional Documents
Culture Documents
Pavel Kogan
Being too lazy to want to deal with a separate boot partition, I went
looking to see what modules GRUB can load, and there they were1:
crypto.mod , cryptodisk.mod and even luks.mod !
1 of 6 01/04/2016 08:50 PM
Full disk encryption with LUKS (including /boot) · Pav... http://www.pavelkogan.com/2014/05/23/luks-full-disk...
Install Linux
At this point you should be in a live system with all partitions
mounted, so you can go ahead and run the install. Just be sure not
to reboot once it’s done.
2 of 6 01/04/2016 08:50 PM
Full disk encryption with LUKS (including /boot) · Pav... http://www.pavelkogan.com/2014/05/23/luks-full-disk...
mkinitcpio -p linux
Configure GRUB
With /boot on an encrypted device, grub-mkconfig should
have GRUB load the necessary modules to decrypt and mount it2.
GRUB_ENABLE_CRYPTODISK=y
to /etc/default/grub .
Now, before trying to �nd and load the initial ramdisk, GRUB will
ask for a passphrase to decrypt /dev/sda1 .
GRUB_CMDLINE_LINUX="cryptdevice=/dev/sda1:lvm"
and run
grub-mkconfig -o /boot/grub/grub.cfg
grub-install /dev/sda
Reboot, and that’s it. You now have a fully encrypted system.
3 of 6 01/04/2016 08:50 PM
Full disk encryption with LUKS (including /boot) · Pav... http://www.pavelkogan.com/2014/05/23/luks-full-disk...
FILES=/crypto_keyfile.bin
Run mkinitcpio again, and when you reboot, you’ll only need to
enter your password once.
Security considerations
While the computer is off, the key�le is stored inside the encrypted
drive, so it is secure. When the computer is on, however, the key�le
4 of 6 01/04/2016 08:50 PM
Full disk encryption with LUKS (including /boot) · Pav... http://www.pavelkogan.com/2014/05/23/luks-full-disk...
1. in /boot/grub/i386-pc/ ↩
3. https://wiki.archlinux.org/index.php/GRUB#Root_encryption
↩
Related Posts
Linux Mint encryption 25 Jan 2015
nix-shell on Linux Mint 13 Jul 2014
5 of 6 01/04/2016 08:50 PM
Full disk encryption with LUKS (including /boot) · Pav... http://www.pavelkogan.com/2014/05/23/luks-full-disk...
6 of 6 01/04/2016 08:50 PM