Hi!
On slackware-current this is all a bit easier.
I just installed Slackware-current. After the installer booted up, I created a small partition /dev/hda1 to be used as the boot partition, and the rest of the disk was devoted to a single big partition /dev/hda2 which I encrypted using cryptsetup.
On top of that encrypted partition I created a LVM PV (physical volume), then a VG (volume group) called "cryptvg" (any name will do) and then 3 LV's (logical volumes) called 'root' 'home' and 'swap' (again, any name will do), one for / and /home partitions and the 3rd to be used as swap partition. I made sure to create the swap volume bigger than the total amount of RAM I have in my laptop.
Then I created device nodes for these and enabled them:
Code:
vgscan --mknodes && vgchange -ay
I had to configure swap before running setup. The setup program will only recognize swap partitions when they are 'real' partitions of type '82' (Linux swap): so I ran:
Code:
mkswap -v1 /dev/cryptvg/swap && swapon /dev/cryptvg/swap
After that, I started setup, and installed Slackware to /dev/cryptvg/root (the LV I created for the root partition) and /dev/cryptvg/home (which is the LV I created for the /home partition). Do not forget to create a separate entry for a /boot partition! On an encrypted system you need an unencrypted /boot so that your kernel and initrd can be loaded into memory when booting the computer.
At the end of the install, do not reboot! You should 'chroot' into your newly installed system:
First, edit the /etc/fstab in the chroot and add a line for your swap:
Code:
/dev/cryptvg/swap swap swap defaults 0 0
Then, create an initrd with support for LVM, LUKS and hibernation (my root filesystem is ext3):
Code:
mkinitrd -c -k 2.6.24.3-smp -m ext3 -f ext3 -r /dev/cryptvg/root -C /dev/hda2 -L -h /dev/cryptvg/swap
Then, edit /etc/lilo.conf and change a couple of things:
Add an "append" line (or if you already added an append option, just add 'resume=/dev/cryptvg/swap' to that line):
Code:
append = "resume=/dev/cryptvg/swap"
Change your entry for the Linux kernel so that it uses the generic kernel, plus your initrd (the combination of a huge kernel plus initrd will not work):
Code:
image = /boot/vmlinuz-generic-smp-2.6.24.3-smp
initrd = /boot/initrd.gz
root = /dev/cryptvg/root
label = linux
read-only
Then, run "lilo" to make the changes stick.
Now you can safely reboot into your newly installed Slackware. On boot, you will be asked for your LUKS passphrase which will unlock the encrypted container. After that, the LVM will be configured and Slackware will start as usual.
This will give you a fully encrypted system including the swap (well, minus the /boot partition). When you hibernate (suspend to disk) your RAM will be saved to that swap partition, and when the power is off, this will be all encrypted! No one will be able to get to your data now, because when you boot again, you will first have to enter that LUKS passphrase again before your hibernation image can be loaded back into RAM.
Using a proper set of acpi scripts you can now make your hibernation process very easy. I just need to press my laptop's POWER button briefly to hibernate the machine (suspend to disk), and closing the lid will suspend Slackware to RAM (sleep mode).
A copy of the acpi scripts I received from Robby Workman are here:
http://www.slackware.com/~alien/tools/acpi.tar.gz
Cheers Eric