The following is current work-in-progress to update the LUKS page section 8.
Below you only find snips and edits that I want to save for some reason.
vnstat /home crypttab problem https://bbs.archlinux.org/viewtopic.php?id=150850AUR
(saved here or intermediate reference upon rm'ing the section in the LUKS wiki
Prepare hard drive for AIF
/dev/mapper/home are in place, we can enter the regular Arch setup script to install the system into the encrypted volumes.
Skip the Partitioning and Auto-Prepare steps and go straight to manual configuration.
Instead of choosing the hardware devices (
/dev/sdaX) directly, you have to select the mapper devices created above.
/dev/mapper/root for your root and
/home partition respectively and format them with any filesystem you like.
The same is valid for a swap partition which is set up like the
/home partition. Make sure you mount
/dev/sda1 as the
/boot partition, or else the installer will not properly set up the bootloader.
Select and Install packages
Select and install the packages as usual: the base package contains all required programs.
Now that the install is finished the only thing left to do is add entries to the
/etc/crypttab file so you do not have to enter the passphrase for all encrypted partitions. This works only for non-root partitions e.g.
/home, swap, etc.
# vi /mnt/etc/crypttab
Add one of the following for the
/etc/crypttabis deprecated: see http://email@example.com/msg02115.html
home /dev/sda5 /etc/mypassword1
You can also use a keyfile instead of a passphrase. If not already done, create a keyfile and add the key to the corresponding LUKS partition as described above.
Then add the following information to the
/etc/crypttab file for automounting:
home /dev/sda5 /path/of/your/keyfile
If you used a USB device to store your keyfile, you should have something like this:
home /dev/sda5 /dev/sd*1/keyfile
Or if the keyfile was stored in the MBR, it should be like this:
home /dev/sda5 /dev/sd*:2048:2048
After rebooting you should now be presented with the text
A password is required to access the root filesystem:
followed by a prompt for a LUKS password. Type it in and everything should boot.
Once you have logged in, have a look at your mounted partitions by typing
mount. You should have
/dev/mapper/root mounted at
/ and, if you set up a separate encrypted home partition,
/dev/mapper/home mounted at
/home. If you set up encrypted swap,
swapon -s should have
/dev/mapper/swap listed as your swap partition.
GRUB Legacy: You have to make some small changes to the entries generated by the installer by replacing
/dev/sda3. The important point to remember here is to use the same
cryptdevice name you assigned when you initially unlocked your device. In this example, the device name is
cryptroot; customize yours accordingly:
# (0) Arch Linux title Arch Linux root (hd0,0) kernel /vmlinuz-linux cryptdevice=/dev/sda3:cryptroot root=/dev/mapper/cryptroot ro initrd /initramfs-linux.img
For kernels older than 2.6.37, the syntax is:
# (0) Arch Linux title Arch Linux root (hd0,0) kernel /vmlinuz26 root=/dev/sda3 ro initrd /kernel26.img
LILO: Edit the Arch Linux section in
/etc/lilo.conf and include a line for the
append option, over the initrd, with the
root=/dev/sda3 parameter. The
append section makes the same kernel line as in GRUB. Also, you can omit the
root option above the
image option. The section looks like this:
# Arch Linux lilo section image = /vmlinuz-linux # root = /dev/sda3 label = Arch initrd = /initramfs-linux.img append = "root=/dev/sda3" read-only
If you want to use a USB flash drive with a keyfile, you have to append the
cryptkey option. See the corresponding section above.