Slackware 14.1 install with LUKS/LVM/GRUB
I'm installing Slackware64 14.1 on my X200 with libreboot, and I'm following the Slackware README_CRYPT.TXT instructions for disk encryption using LUKS and LVM. The setup is:
Code:
/dev/sda1 100MB /boot (unencrypted boot partition) Code:
grub-mkconfig -o /boot/grub/libreboot_grub.cfg |
Here are some links that might help if you took some time to read them. :)
http://www.jveweb.net/en/archives/20...ypted-lvm.html http://blog.darknedgy.net/technology/2014/07/27/1/ http://www.funtoo.org/Rootfs_over_encrypted_lvm http://libreboot.org/docs/gnulinux/index.html Especially check out all the articles listed on the last link. |
Quote:
What I'm after is the right way to generate /boot/grub/libreboot_grub.cfg from inside the Slackware install environment (after installing everything and doing a chroot /mnt and making the initram). I suppose trial and error will get me there eventually, but I was hoping someone might know the method for doing it. |
The first two links deal with encrypting in slackware, try following them up to making an initrd.gz. The funtoo link provides an additional explanation that helps elaborate on the concept and the last links deal with libreboot and grub.
You can boot with something like: Quote:
You also don't have to flash the firmware: Quote:
|
Yep, I had done all those steps, and I can get into the Slack system that way. But my original question was how do I generate the appropriate /boot/grub/libreboot_grub.cfg file? That is the part that I cannot get working. The problem is that I cannot get to grips with Slackware+LUKS+LVM+GRUB. I've been reading but and it just doesn't make sense to me.
|
After a lot of playing around, I found out that this is not that hard at all. If you follow the instructions under "Combining LUKS and LVM" in the Slack docs on encryption, then at the end after you do:
Code:
chroot /mnt Code:
mkdir /boot/grub Code:
linux /vmlinuz-huge-3.10.17 root=/dev/mapper/cryptvg-root ro Code:
linux /vmlinuz-generic-3.10.17 root=/dev/mapper/cryptvg-root ro Btw, if you can edit your libreboot firmware grub file then you can follow their docs and probably encrypt everything, including /boot, because grub can unlock LUKS and handle LVM too. |
have you tired full disk encryption.
I updated the grub.cfg within the rom and have a fully encrypted drive. My issue now is having to enter the luks password twice. Once on the grub menu and a second time during kernel boot. According to the instructions at the end here https://libreboot.org/docs/gnulinux/..._parabola.html it is possible to use a keyfile, but unless I'm misunderstanding it's not possible on Slackware because mkinitrd requires a separate fat partition with the file; and not one that can be stored locally.
So for this line mkinitrd -c -k 4.4.8-smp -m ext4 -f ext4 -r /dev/cryptvg/root -C /dev/sdx2 -L -K LABEL=TRAVELSTICK:/keys/alien.luks I can't do something like mkinitrd -c -k 4.4.8-smp -m ext4 -f ext4 -r /dev/cryptvg/root -C /dev/sdx2 -L -K LABEL=root:/etc/keyfile |
All times are GMT -5. The time now is 05:56 PM. |