Prev: Ubuntu 10.4 network setup
Next: High load mailserver setup (Postfix)
From: Douglas Mayne on 30 Apr 2010 10:06
On Thu, 29 Apr 2010 11:03:29 -0700, michael redman wrote:

> is there a way to do this?
>
> all the system encryption howtos i found leave /boot on the hard drive.
>
> if there is a way to do this, does it complicate the situation if the
> root device is unknown at the time we burn the readonly boot media? for
> example, i have an external usb hard drive that appears as /dev/ sda
> when attached to a system that uses an ide internal drive (which shows
> up as /dev/hda) but appears as /dev/sdb when attached to a system that
> uses a sata internal drive (which takes /dev/sda for itself).
>
> i tried making a grub cd with a full /boot directory, but that did not
> work. grub booted fine and loaded the kernel and initrd but the kernel
> would not boot. either i did not know how to pass the kernel the right
> boot parameters, or something else was wrong.
>
> thanks in advance,
> michael
>
It is possible, but it is somewhat dependant on which distribution you are
using. This mainly because startup and making an initrd is distribution
dependant. I know how to do it for slackware.

The first step is to make sure that you know how to create a grub CD or
external USB device that boots a _non-encrypted_ disk. Once you know how
to that, you can attempt to add encryption. Again, that will depend on
which distribution you are using. I "hacked" in a method to use device
mapper and cryptsetup on Slackware. Other distos may or may not be easily
hackable. If you are using luks, then it may be somewhat simplified.

--
Douglas Mayne
 | 
Pages: 1
Prev: Ubuntu 10.4 network setup
Next: High load mailserver setup (Postfix)