Difference between revisions of "Dm-crypt/System configuration"

From ArchWiki
Jump to: navigation, search
m (update links)
(Configuring mkinitcpio: new section)
Line 5: Line 5:
 
{{Expansion|Aggregate here all the generic information on system configuration from the other sub-articles of [[Dm-crypt]].}}
 
{{Expansion|Aggregate here all the generic information on system configuration from the other sub-articles of [[Dm-crypt]].}}
 
Back to [[Dm-crypt]].
 
Back to [[Dm-crypt]].
 +
 +
=== Configuring mkinitcpio ===
 +
When encrypting a system it is necessary to regenerate the initial ramdisk after properly configuring [[mkinitcpio]]. Depending on the particular scenarios, a subset of the following hooks will have to be enabled:
 +
 +
* {{ic|encrypt}}: always needed when encrypting the root partition, or a partition that needs to be mounted ''before'' root; it must come ''before'' the {{ic|filesystems}} hook; it is not needed in all the other cases, as system initialization scripts like {{ic|/etc/crypttab}} take care of unencrypting any other partitions.
 +
* {{ic|shutdown}}: ensures controlled unmounting during system shutdown.
 +
* {{ic|keymap}}: provides support for foreign keymaps for typing encryption passwords; it must come ''before'' the {{ic|encrypt}} hook.
 +
* {{ic|keyboard}}: needed to make USB keyboards work in early userspace.
 +
** {{ic|usbinput}}: deprecated, but can be given a try in case {{ic|keyboard}} does not work.
 +
 +
Other hooks needed should be clear from other manual steps followed during the installation of the system.
 +
 +
{{Accuracy|Is this still needed?}}
 +
In {{ic|/etc/mkinitcpio.conf}}, you may want to add {{ic|dm_mod}} and the filesystem types used to {{ic|MODULES}}, e.g: {{ic|1=MODULES="dm_mod ext4"}}.

Revision as of 07:28, 1 December 2013

Tango-document-new.pngThis article is a stub.Tango-document-new.png

Notes: This article is currently under heavy restructuring: for its latest stable revision see Dm-crypt with LUKS (Discuss in Talk:Dm-crypt/System configuration#)

Tango-view-fullscreen.pngThis article or section needs expansion.Tango-view-fullscreen.png

Reason: Aggregate here all the generic information on system configuration from the other sub-articles of Dm-crypt. (Discuss in Talk:Dm-crypt/System configuration#)

Back to Dm-crypt.

Configuring mkinitcpio

When encrypting a system it is necessary to regenerate the initial ramdisk after properly configuring mkinitcpio. Depending on the particular scenarios, a subset of the following hooks will have to be enabled:

  • encrypt: always needed when encrypting the root partition, or a partition that needs to be mounted before root; it must come before the filesystems hook; it is not needed in all the other cases, as system initialization scripts like /etc/crypttab take care of unencrypting any other partitions.
  • shutdown: ensures controlled unmounting during system shutdown.
  • keymap: provides support for foreign keymaps for typing encryption passwords; it must come before the encrypt hook.
  • keyboard: needed to make USB keyboards work in early userspace.
    • usbinput: deprecated, but can be given a try in case keyboard does not work.

Other hooks needed should be clear from other manual steps followed during the installation of the system.

Tango-inaccurate.pngThe factual accuracy of this article or section is disputed.Tango-inaccurate.png

Reason: Is this still needed? (Discuss in Talk:Dm-crypt/System configuration#)

In /etc/mkinitcpio.conf, you may want to add dm_mod and the filesystem types used to MODULES, e.g: MODULES="dm_mod ext4".