Tag Archives: arch

Arch: encrypted partition above lvm

1. Create two partitions:
sda1 — for /boot
sda2 — for lvm

2. Create lvm partitions:

3. Encrypt partitions with «cryptosetup luksFormat»

4. Example of /boot/grub/menu.lst:
title Arch Linux Crypto
root (hd0,0)
kernel /vmlinuz26-lts cryptdevice=/dev/local/root:root root=/dev/mapper/root ro
initrd /kernel26-lts.img

5. Setup crypttab:
home            /dev/local/home         /etc/cryptfs.key
swap            /dev/local/swap         /etc/cryptfs.key

6. Setup fstab:
add there devices names of unencrypted devices like «/dev/mapper/root», example:
tmpfs /tmp tmpfs nodev,nosuid 0 0
LABEL=localboot /boot ext2 defaults 0 1
/dev/mapper/root / ext4 defaults 0 1
/dev/mapper/home /home ext4 defaults 0 0
/dev/mapper/swap swap swap defaults 0 0

7. Edit /etc/mkinitcpio.conf
HOOKS="base udev autodetect pata scsi sata lvm2 encrypt filesystems usbinput"

8. Regenerate initrd:
mkinitcpio -p kernel26-lts