You are not logged in.

Pages: 1

#1 2009-10-17 20:59:34

duke11235
Member
Registered: 2009-10-09
Posts: 221

Install Code Check

Before beginning I'll have set up the hard drive with a 25gb Windows FAT partition on dev/sda3 and 25 GB free space remaining.
Creates Linux system with all partitions including /boot in lvm group, and encrypts /home /var and /root
NOTE: Grub as installed in normal Arch setup will not work. Grub2 will have to be installed later

modprobe dm-crypt
modprobe aes-i586
Boot the live cd, then login and.
cfdisk /dev/sda
Create a lvm partition type in free space
pvcreate /dev/sda4
create a physical volume
vgcreate archvol01 /dev/sda4
lvcreate -L  64MB archvol01 -n lvolboot
create boot partition
lvcreate -L 3G archvol01 -n lvolvar
create var partition
lvcreate -L 12G archvol01 -n lvolroot
create root partition
lvcreate -L 11GB archvol01 lvolhome
create home partition
lvcreate -C y -L 4G archvol01 -n lvolswap
cryptsetup -c aes-xts-plain -y -s 512 luksFormat /dev/archvol01/lvolhome
encrypts home partition
cryptsetup -c aes-xts-plain -y -s 512 luksFormat /dev/archvol01/lvolroot
encrypts root partition
cryptsetup -c aes-xts-plain -y -s 512 luksFormat /dev/archvol01/lvolvar
encrypts var partition
cryptsetup luksOpen /dev/archvol01/lvolhome
opens lvolhome
cryptsetup luksOpen /dev/archvol01/lvolroot
open lvolroot
cryptsetup luksOpen /dev/archvol01/lvolvar
opens lvolvar
start arch installer
set timezone etc,
skip partition/autoprepare hard disk, go straight to select filesystem mountpoints
You need to answer the question Do you need support for booting from encrypted volumes? with yes.
/etc/mkinitcpio.conf
Alter this line:
HOOKS="base udev autodetect pata scsi sata filesystems"
to this:
HOOKS="base udev autodetect pata scsi sata encrypt lvm2 filesystems"


Edit /etc/rc.conf from USELVM="no" to USELVM="yes"





Is it more secure to use aes-xts-plain or  aes-lrw-benb or  aes-cbc-essiv:sha256?
Anyone  see a problem with the code besides having /boot in a lvm group?
Thanks for comments

Sources:
Arch Wiki
http://wiki.archlinux.org/index.php/Sys … r_dm-crypt
Circle of Friends Blog
http://www.pindarsign.de/webblog/?p=767

Last edited by duke11235 (2009-10-18 22:05:54)

Offline

Pages: 1

Board footer

Powered by FluxBB