Gentoo Forums
Gentoo Forums
Gentoo Forums
Quick Search: in
LVM on LUKS with remote header (--header)
View unanswered posts
View posts from last 24 hours

 
Reply to topic    Gentoo Forums Forum Index Installing Gentoo
View previous topic :: View next topic  
Author Message
jallal
n00b
n00b


Joined: 08 Apr 2015
Posts: 1

PostPosted: Wed Apr 08, 2015 1:37 am    Post subject: LVM on LUKS with remote header (--header) Reply with quote

Hello, I'm trying to install Gentoo with a remote header (--header). Before I used Arch Linux and modified the encrypt hook and changed /etc/mkninicpio.conf to read the header file off my boot partition and use the new encrypt hook. I also changed /etc/default grub and set the cryptdevice and passed the header option.

This I the guide I followed when I was using Arch: https://wiki.archlinux.org/index.php/Dm-crypt/Specialties#Encrypted_system_using_a_remote_LUKS_header

I'm wondering how to do this in Gentoo. I'm using BIOS, OpenRC, and GRUB 2.

Here is my storage layout:
Code:
NAME            MAJ:MIN RM   SIZE RO TYPE  MOUNTPOINT
sda               8:0    0 111.8G  0 disk 
|_luks-gentoo   253:0    0 111.8G  0 crypt
  |_vgroup-root 253:1    0     1G  0 lvm   /mnt/gentoo
  |_vgroup-usr  253:2    0    16G  0 lvm   /mnt/gentoo/usr
  |_vgroup-var  253:3    0    16G  0 lvm   /mnt/gentoo/var
  |_vgroup-home 253:4    0    32G  0 lvm   /mnt/gentoo/home
  |_vgroup-swap 253:5    0     1G  0 lvm   
sdb               8:16   1  14.5G  0 disk 
|_sdb1            8:17   1     2M  0 part 
|_sdb2            8:18   1   256M  0 part  /mnt/gentoo/boot


My /boot partition is on a flash drive and my header is stored there. I used "cryptsetup luksFormat -y -v -c aes-xts-plain64 -s 512 -h whirlpool -i 10000 --use-random --header header.img /dev/sda" to encrypt /dev/sda. The overkill 10 second iteration count is because I'm getting poor peformance using SystemRescueCD. It should only be around 4-5 seconds with the new kernel. I used genkernel, but I'll rebuild it manually once I have everything working.

Thank you in advance. :)
Back to top
View user's profile Send private message
SwordArMor
n00b
n00b


Joined: 21 Feb 2015
Posts: 55
Location: Bretagne

PostPosted: Wed Apr 08, 2015 3:32 pm    Post subject: Reply with quote

You have to configure your kernel with the LUKS and LVM options as a built-in. Then, generate an initramfs image with
Code:
genkernel --lvm --luks initramfs
. And finally append "dolvm" to GRUB_CMDLINE_LINUX in the /etc/default/grub file.
You will have to generate this initramfs for each new kernel release.
Back to top
View user's profile Send private message
frostschutz
Advocate
Advocate


Joined: 22 Feb 2005
Posts: 2970
Location: Germany

PostPosted: Wed Apr 08, 2015 6:01 pm    Post subject: Reply with quote

External LUKS header is a bit unusual, I wouldn't be surprised if most Initramfs generators didn't support that out of the box, and even the ArchLinux wiki seems to describe how to patch that in manually.
Back to top
View user's profile Send private message
GoldPanther
n00b
n00b


Joined: 02 Jun 2015
Posts: 9

PostPosted: Fri Sep 04, 2015 5:03 pm    Post subject: Reply with quote

Hey jallal,

I've been wanting to do pretty much the same setup for my machine and make a wiki page about it for others. Did you get everything to work and are there any odd issues you came across that I should be aware of?
Back to top
View user's profile Send private message
Display posts from previous:   
Reply to topic    Gentoo Forums Forum Index Installing Gentoo All times are GMT
Page 1 of 1

 
Jump to:  
You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot vote in polls in this forum