Share your knowledge at the LQ Wiki.
Go Back > Forums > Linux Forums > Linux - Distributions > Slackware
User Name
Slackware This Forum is for the discussion of Slackware Linux.


  Search this Thread
Old 03-08-2008, 11:10 AM   #1
Registered: Jan 2006
Location: berlin, germany
Distribution: slackware 12.0
Posts: 58

Rep: Reputation: 17
encrypted rootfs on Slackware 12.0

encrypted rootfs on Slackware 12.0

**WARNING:** The procedure outlined below will destroy all data
that is currently stored on the first IDE device /dev/hda.

This is not some kind of documentation for dm-crypt on Slackware Linux 12.0, but a real world example. You can read this in addition to README_CRYPT.TXT ( on your Slackware 12.0 disks (You should also read for latest hints and tips). First copy/rsync your data to a safe place ...

I booted my Thinkpad X30 with a USBinstaller ( that worked for me (I failed on booting with the official usbboot method - Than cleaned my harddisc over night with dd after logging in as root (just before setup).

# dd if=/dev/urandom of=/dev/hda
I like cfdisk for creating tables (reboot afterwards required).

# cfdisk
It looks like that. hda1 is /boot, hda2 is swap, hda3 is rootfs (/) and hda4 is /home.
# fdisk -l /dev/hda 

Platte /dev/hda: 40.0 GByte, 40060403712 Byte 
255 Köpfe, 63 Sektoren/Spuren, 4870 Zylinder 
Einheiten = Zylinder von 16065 × 512 = 8225280 Bytes 

Gerät boot. Anfang Ende Blöcke Id System 
/dev/hda1 * 1 4 32098+ 83 Linux 
/dev/hda2 5 40 289170 82 Linux Swap 
/dev/hda3 41 1620 12691350 83 Linux 
/dev/hda4 1621 4870 26105625 83 Linux
We need to encrypt the last two

# cryptsetup -s 256 -y luksFormat /dev/hda3
# cryptsetup -s 256 -y luksFormat /dev/hda4
And now we open them in order to be able to install on them.

# cryptsetup luksOpen /dev/hda3 cryptroot
# cryptsetup luksOpen /dev/hda4 crypthome
Now you can start the setup program. As you can see I did not encrypt the swap (hda2), we take care of this later.

During setup make sure to install to /dev/mapper/cryptroot rather then to /dev/hda3 (also /dev/mapper/crypthome for /home), but select /dev/hda2 as swap.

Don't reboot after setup, but chroot into your new system and edit /etc/fstab and /etc/crypttab accordingly.
# mount -o bind /proc /mnt/proc 
# mount -o bind /sys /mnt/sys 
# cp -a /dev/mapper /mnt/dev/ 
# chroot /mnt
# cat /etc/fstab 
/dev/mapper/cryptswap swap swap defaults 0 0 
/dev/mapper/cryptroot / ext3 defaults 1 1 
/dev/mapper/crypthome /home ext3 defaults 1 2 
/dev/hda1 /boot ext3 defaults 1 2 
#/dev/cdrom /mnt/cdrom auto noauto,owner,ro 0 0 
/dev/fd0 /mnt/floppy auto noauto,owner 0 0 
devpts /dev/pts devpts gid=5,mode=620 0 0 
proc /proc proc defaults 0 0
# cat /etc/crypttab 
cryptswap /dev/hda2 none swap 
crypthome /dev/hda4
As a last step before rebooting you need do get your initrd going in order do be able to mount your encrypted rootpartition during boot.

In the README_CRYPT.TXT they say run

# mkinitrd -c -k -m ext3 -f ext3 -r cryptroot -C /dev/sda1 -L
We need to specify /dev/hda3 but we also do not need the -L flag because it enables LVM (we don't use it and it needs time during boot). Double check with

# ls -l /boot/vmlinuz
which kernel you use and than run

# mkinitrd -c -k -m ext3 -f ext3 -r cryptroot -C /dev/hda3
accordingly. In order to use this initrd.gz you need to edit /etc/lilo.conf. The lilo.conf described in README_CRYPT.TXT did not work for me. My working lilo.conf looks like that:

# cat /etc/lilo.conf 

boot = /dev/hda 
compact # faster, but won't work on all systems. 
#timeout = 5 
# VESA framebuffer console @ 1024x768x256 
vga = 773 
image = /boot/vmlinuz 
  initrd = /boot/initrd.gz 
  root = /dev/hda1 
  label = Linux 
  read-only # Partitions should be mounted read-only for checking
Dont forget to run lilo in order to apply the changes. Have fun after reboot ...

# lilo
# shutdown -r now
You get a kernel panic and it seems like you will not be able to boot into your system?
With your installation media you will be able to boot the installer and than log in as root. Than do:

# cryptsetup luksOpen /dev/hda3 cryptroot 
# mount /dev/mapper/cryptroot /mnt 
# mount -o bind /proc /mnt/proc 
# mount -o bind /sys /mnt/sys 
# cp -a /dev/mapper /mnt/dev/ 
# chroot /mnt 
# mount /boot
Now you are in your installed system, are able to edit your lilo.conf, make another initrd and so on ...

Last edited by /y0shi; 03-08-2008 at 11:13 AM.
Old 03-10-2008, 11:33 AM   #2
LQ Newbie
Registered: Sep 2003
Posts: 14

Rep: Reputation: 0
Thumbs up

Thank you, /y0shi!
Old 03-12-2008, 10:18 AM   #3
Registered: Jan 2006
Location: berlin, germany
Distribution: slackware 12.0
Posts: 58

Original Poster
Rep: Reputation: 17
Originally Posted by lemmy_kilmister View Post
Thank you, /y0shi!
You're Welcome ;-)


Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off

Similar Threads
Thread Thread Starter Forum Replies Last Post
Encrypted Filesystems with Slackware 12 AMarkos Slackware 7 10-27-2007 01:33 PM
rootfs and etab ashlesha Linux - Newbie 0 09-20-2006 07:54 PM
why ext3 change to rootfs ?? jiawj Red Hat 5 02-02-2005 03:10 AM
Connect to a WPA-encrypted router in Slackware garnser Linux - Wireless Networking 0 08-22-2004 02:12 PM
rootfs is mounted twice! elconde Linux - General 3 11-04-2003 08:37 PM > Forums > Linux Forums > Linux - Distributions > Slackware

All times are GMT -5. The time now is 11:39 AM.

Main Menu
Write for LQ is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
Facebook: linuxquestions Google+: linuxquestions
Open Source Consulting | Domain Registration