Hi guys. The forum has been invaluable to me over the years. Anyway, just got a new laptop and would like to start encrypting the whole filesystem. I have no issues doing these things on "bios" with lilo in a Virtualbox, but when it comes to EFI and also installing grub - on first install, I just cannot seem to get it right (for now I am just playing in VirtualBox). I have spent countless hours the last couple of weeks trying to merge tutorials together with common sense and docs, without any luck and I start to get a bit desperate. Does any of you have experience from a clean Slackware install to fully encrypted fs (preferably over LVM) with grub2 on uefi hardware? Would love some information - planning on writing a blogpost on the topic once I get it running.
By these resources:
README_CRYPT.TXT and
README_LVM.TXT I seem to get the layout as I want ('/', '/home' and swap) over one virtual group (on /dev/sda2), And '/boot' on /dev/sda1 formatted as fat32. Running the setup works great - seemingly.
After the slackware setup, I drop back out to a shell and
before I try to install grub:
Code:
mount /dev/sda1 /boot/efi
modprobe dm-mod
grub-install --target=x86_64-efi --efi-directory=/boot/efi --bootloader-id=grub --recheck --debug
Sometimes I'm getting an error that /boot/grub is not readable by grub and the installation aborts, other times this seems to work. I then move onto generating an initrd
Code:
mkinitrd -c -k 4.4.13 -m ext4 -f ext4 -r /dev/cryptvg/root -C /dev/sda2 -L
After adding some changes to the config, such as 'GRUB_ENABLE_CRYPTODISK=y' and 'GRUB_CMDLINE_LINUX="cryptdevice=/dev/sda2:slackluks', I have run the command
Code:
grub-mkconfig -o /boot/grub/grub.cfg
After trying reboots and several permutations of these combinations, I seem to end up with a boot error (dropping into this weird VirtualBox boot-shell?). EFI support has been activated in VirtualBox and it seems to work. Thanks for any feedback on the topic, or corrections. And forgive my ignorance if I have overlooked something obvious or something well-documented. Cheers!
Edit: Running Slackware64-current
Solved: By adding 'GRUB_ENABLE_CRYPTODISK=y' in /etc/default/grub before installing grub seems to have solved it(?). More details will come when I get more of a clue of what is going on.