Hi guys. The forum has been invaluable to me over the years. Anyway, just got a new laptop and would like to start encrypting the whole filesystem. I have no issues doing these things on "bios" with lilo in a Virtualbox, but when it comes to EFI and also installing grub - on first install, I just cannot seem to get it right (for now I am just playing in VirtualBox). I have spent countless hours the last couple of weeks trying to merge tutorials together with common sense and docs, without any luck and I start to get a bit desperate. Does any of you have experience from a clean Slackware install to fully encrypted fs (preferably over LVM) with grub2 on uefi hardware? Would love some information - planning on writing a blogpost on the topic once I get it running.

By these resources: README_CRYPT.TXT and README_LVM.TXT I seem to get the layout as I want ('/', '/home' and swap) over one virtual group (on /dev/sda2), And '/boot' on /dev/sda1 formatted as fat32. Running the setup works great - seemingly.

After the slackware setup, I drop back out to a shell and before I try to install grub:
Sometimes I'm getting an error that /boot/grub is not readable by grub and the installation aborts, other times this seems to work. I then move onto generating an initrd
After adding some changes to the config, such as 'GRUB_ENABLE_CRYPTODISK=y' and 'GRUB_CMDLINE_LINUX="cryptdevice=/dev/sda2:slackluks', I have run the command After trying reboots and several permutations of these combinations, I seem to end up with a boot error (dropping into this weird VirtualBox boot-shell?). EFI support has been activated in VirtualBox and it seems to work. Thanks for any feedback on the topic, or corrections. And forgive my ignorance if I have overlooked something obvious or something well-documented. Cheers!
Edit: Running Slackware64-current

Solved: By adding 'GRUB_ENABLE_CRYPTODISK=y' in /etc/default/grub before installing grub seems to have solved it(?). More details will come when I get more of a clue of what is going on.

I'm missing the "...on uefi hardware" portion. Slackware fully encrypted fs on top of LVM with grub2 on a bios system, yes.

See if you can skip the grub install and be successful with the insturctions for LVM and LUKS to a standard install with lilo. You've remembered /boot not encrypted and available with a proper intrd for lilo. What might help is to understand the differences between lilo and grub2. So first see if your installation works with simple lilo on your uefi. If not you should work out the lilo+uefi issues first. Then move on to grub2. It seems to be that alienbob has used grup with his recently released "LIVE" Slackware ISO and documented some of what GRUB is doing on https://docs.slackware.com/slackware:liveslak.

Additionally the slackbook wiki has this about GRUB2. http://may have great articles about grub.

Hopefully this helps. Cheers BrianA_MN

1 members found this post helpful.

Hi, I hope you mean 'elilo' + uefi?? Lilo and uefi won't play together... only apart from each other; lilo uses a MBR while elilo runs the EFI-partition...

The OP is looking for help, so I thought the best thing to do was break-down the testing to single changes from the documented processes available. Since then I've found and additional reference. http://docs.slackware.com/howtos:slackware_admin:set_up_grub_as_boot_loader_on_uefi_based_hardware?s[]=efi

Hopefully that will help the OP. Cheers, BrianA_MN

Yes, breaking down the problem is best. But as the Uefi also requires another partitioning system, it might be best to start from the uefi angle and when that works, set-up the encryption.

Thanks guys. But yeah, I think there is something along the lines of getting the bootloader to start things correctly and being installed correctly. I just downloaded the live iso and will give it a go, perhaps something reveals itself.

I've been running a fully encrypted system with LVM on a LUKS partition for a few years now. Reading through your process, I think you may have missed an important step. In order to make GRUB2 aware of LUKS encrypted volumes, you actually have to set GRUB_CRYPTODISK_ENABLE=y in /etc/default/grub BEFORE running grub-install, not just prior to running grub-mkconfig. It took a bit of digging in the grub-install script and bashing my head against the wall to figure that out.

Also, a really cool feature of using LUKS with GRUB2 is that you don't even need /boot on an unencrypted partition, just the EFI partition.

Hopefully this helps you get a little further along in your path to slack

2 members found this post helpful.

Thanks bl0tt0! That seems to have done the trick! Still a few weird module loading errors and such, but some of it is because of VirtualBox, I think. I think some more throughout planning of configs will solve it. As soon as has finished on the 1TB SSD I will go ahead and install it, somehow more confident than I was before. Will post a solution when I sort of know what's going on. In the meanwhile I will mark this as solved.

Be prepared for that to take quite a while. I get around 10-11 MB/s reading urandom, so for a 1TB that's going to be a good day of wait.

Unless your stuff is "super duper - they're all out to get me!- secret" then you might want to consider skipping that step. It'll still be 'secure' to all practical intents and purposes, and any difference it might make will probably be mitigated by the xkcd 538 factor.

1 members found this post helpful.

@GazL, you must be precognitive ...

Just don't float me in a bath-tub and make me talk to Tom Cruise!

Well, the pre-cog didn't talk to Tom Cruise until after she was out of the tub... so there's that