summaryrefslogtreecommitdiff
path: root/README_CRYPT.TXT
diff options
context:
space:
mode:
Diffstat (limited to 'README_CRYPT.TXT')
-rw-r--r--README_CRYPT.TXT56
1 files changed, 32 insertions, 24 deletions
diff --git a/README_CRYPT.TXT b/README_CRYPT.TXT
index b23676c6..f942db1d 100644
--- a/README_CRYPT.TXT
+++ b/README_CRYPT.TXT
@@ -163,15 +163,16 @@ the mapped device is available in the 'Linux partition' selection as
"/dev/mapper/crypthome". Select the partition you designated for your
root ('/') filesystem, and next select "/dev/mapper/crypthome" for your
'/home' filesystem. Create any filesystem you like on them. My favorite
-fstype still is ext3, but you can choose xfs or jfs for stability and speed.
+fstype is ext4, but you can choose xfs or jfs for stability and speed.
NOTE: The underlying partition will *also* be visible in the target selection
menu. Be very careful NOT to select this device ('/dev/sdx2' in our
example) for any other filesystem you wish to create, or you will
destroy the data on the encrypted partition.
-* At the end of the Slackware installation when you select "Exit", don't
-reboot just yet! We are going to create a configuration file for
+* Let the installation complete, and after you select "EXIT" make sure to
+choose not to reboot and you will be returned to the command prompt. DO
+NOT reboot just yet! We are going to create a configuration file for
the cryptsetup program, called '/etc/crypttab'. This file contains the
information cryptsetup needs for unlocking your encrypted volume and mapping
it to the correct device name. The file '/etc/crypttab' contains lines of the
@@ -305,12 +306,12 @@ will not be able to proceed past the initial stage of booting the kernel.
The initial ramdisk (initrd) contains a small filesystem with the tools
needed to unlock the root filesystem, so that the kernel can start the init
program. In the example command line below which creates the 'initrd.gz'
-image I assume that the root filesystem is 'ext3', we used the mapped device
+image I assume that the root filesystem is 'ext4', we used the mapped device
'cryptroot' for the root filesystem on the real partition '/dev/sdx1',
-and are running the Slackware 14.0 default SMP kernel '3.2.29-smp'
+and are running the Slackware 14.2 default SMP kernel '4.4.14-smp'
and we did not use Logical Volumes (more about that in the next section):
- # mkinitrd -c -k 3.2.29-smp -m ext3 -f ext3 -r cryptroot -C /dev/sdx1
+ # mkinitrd -c -k 4.4.14-smp -m ext4 -f ext4 -r cryptroot -C /dev/sdx1
* The resulting initrd image will be written to the file '/boot/initrd.gz'
by default. We still need to tell lilo about this initrd. Open the
@@ -326,7 +327,7 @@ for day-to-day use anyway. They are meant to install Slackware on a wide
range of computers and that is why they are 'huge'. The linux part of
'/etc/lilo.conf' should end up looking somewhat like this:
-image = /boot/vmlinuz-generic-smp-3.2.29-smp
+image = /boot/vmlinuz-generic-smp-4.4.14-smp
initrd = /boot/initrd.gz
root = /dev/mapper/cryptroot
label = linux
@@ -410,7 +411,10 @@ will ask you for the passphrase which you entered during the "luksFormat"
operation. The last argument that the command takes is the name of the mapped
device. We will call our mapped device 'slackluks' because I am not feeling
original today. The mapped device which we will be using for unencrypted
-operations will therefore be '/dev/mapper/slackluks'.
+operations will therefore be '/dev/mapper/slackluks'. However, note that the
+installed system will name it 'lukssdx2' instead - it doesn't really matter
+what you call it right now, but it's worth knowing for potential later
+troubleshooting.
# cryptsetup luksOpen /dev/sdx2 slackluks
@@ -432,14 +436,7 @@ sum of the LV sizes less than the total size of the Physical Volume:
# lvcreate -L 1G -n swap cryptvg
-* Create the device nodes needed before activating the volumes, and finally
-activate the volumes so that we can format the 'swap' volume.
-
- # vgscan --mknodes
-
- # vgchange -ay
-
-* Finally, run 'mkswap' so that the 'setup' program will identify the 'swap'
+* Run 'mkswap' so that the 'setup' program will identify the 'swap'
LV as a valid swap partition:
# mkswap /dev/cryptvg/swap
@@ -490,10 +487,10 @@ stage of booting the kernel. The initial ramdisk (initrd) contains a small
filesystem with the tools needed to unlock the root filesystem, so that
the kernel can start the init program. In the example command line below
which creates the 'initrd.gz' image I assume that you formatted the root
-filesystem as 'ext3', and will be running the Slackware 14.0 default SMP
-kernel '3.2.29-smp' :
+filesystem as 'ext4', and will be running the Slackware 14.2 default SMP
+kernel '4.4.14-smp' :
- # mkinitrd -c -k 3.2.29-smp -m ext3 -f ext3 -r /dev/cryptvg/root -C /dev/sdx2 -L
+ # mkinitrd -c -k 4.4.14-smp -m ext4 -f ext4 -r /dev/cryptvg/root -C /dev/sdx2 -L
NOTE: if you use a non-US keyboard and need to enter a passphrase during boot,
this may be problematic if the keyboard mapping is US while Slackware
@@ -509,7 +506,7 @@ configuration file '/etc/lilo.conf' in an editor such as vi or pico -
it should already have been generated by the 'liloconfig' part of setup.
Look for the "Linux bootable partition config" and add a line for the initrd.
We also need to change the kernel file to a generic kernel, because lilo
-is unable to combine the 'huge' kernels in Slackware 14.0 with an initrd
+is unable to combine the 'huge' kernels in Slackware 14.2 with an initrd
image - it will complain about "The initial RAM disk is too big to fit
between the kernel and the 15M-16M memory hole" if you try a 'huge'
kernel. We can live with that, since the 'huge' kernels are not meant
@@ -517,7 +514,7 @@ for day-to-day use anyway. They are meant to install Slackware on a wide
range of computers and that is why they are 'huge'. The linux part of
'/etc/lilo.conf' should end up looking somewhat like this:
-image = /boot/vmlinuz-generic-smp-3.2.29-smp
+image = /boot/vmlinuz-generic-smp-4.4.14-smp
initrd = /boot/initrd.gz
root = /dev/cryptvg/root
label = linux
@@ -562,7 +559,7 @@ system, it will be used and you won't have to type a passphrase.
requires you to use the "-K" parameter to mkinitrd to specify the USB stick's
FAT-label or UUID, as well as the full path to the keyfile. An example:
- # mkinitrd -c -k 3.2.29-smp -m ext3 -f ext3 -r /dev/cryptvg/root -C /dev/sdx2 -L -K LABEL=TRAVELSTICK:/keys/alien.luks
+ # mkinitrd -c -k 4.4.14-smp -m ext4 -f ext4 -r /dev/cryptvg/root -C /dev/sdx2 -L -K LABEL=TRAVELSTICK:/keys/alien.luks
The mkinitrd of Slackware 13.1 introduced this support for USB sticks as
unlocking mechanism. Alternatively, after the root filesystem is unlocked
@@ -621,7 +618,7 @@ support for this keyboard to your initrd.
A mkinitrd helper script
------------------------
- The mkinitrd package in Slackware 14.0 ships with a script called
+ The mkinitrd package in Slackware 14.0 (and on) ships with a script called
'mkinitrd_command_generator.sh'. If you run this script, it will analyze
your Slackware configuration and make a smart suggestion about the 'mkinitrd'
command you have to type in order to create an initrd.gz with all the bells
@@ -636,7 +633,7 @@ by yourself:
It should emit a string like this (your system will probably give different
parameter values):
-mkinitrd -c -k 3.2.29-smp -m ext3 -f ext3 -r /dev/cryptvg/root -C /dev/sdx2 -L
+mkinitrd -c -k 4.4.14-smp -m ext4 -f ext4 -r /dev/cryptvg/root -C /dev/sdx2 -L
You can copy and paste this output to your command prompt, and add any other
parameters you need such as "-h" to indicate a hibernation partition or
@@ -645,6 +642,17 @@ the script in full interactive mode by using the "-i" parameter, and it will
guide you through the process of generating a mkinitrd commandline.
+Desktop Environments
+--------------------
+
+ You probably will not want your encrypted volume to appear on the desktop
+of e.g. KDE or Xfce as a mountable device, so something like this should
+prevent that from occurring:
+
+# cat /etc/udev/rules.d/99-ignore-luksdevs-on-desktop.rules
+KERNEL=="sdx2", ENV{UDISKS_IGNORE}="1"
+
+
==============================================================================
Good luck with your fresh Slackware installion on encrypted partition(s)!