Full Disk Encryption From Scratch Simplified

This article discusses several aspects of using Dm-crypt for full disk encryption with LVM (with some notes for SSD) for daily usage from scratch.

Most of details you can find on great article here: https://wiki.gentoo.org/wiki/Sakaki%27s_EFI_Install_Guide/Preparing_the_LUKS-LVM_Filesystem_and_Boot_USB_Key

= Prepare required partitions = In this HOWTO used GPT disk partition schema and grub boot loader. Disk schema creates with help of gparted

Partition schema are: /dev/sdX |--> GRUB BIOS (2Mb) |--> Boot partitions (512Mb, contain kernel) |--> LVM volume encrypted (All free space, rootfs and home) |--> /    |--> /var |--> /home

Create grub BIOS

Setup default units to MegaBits

Create GPT partition table

Create BIOS partition

Create Boot partition. This partition will contain grub files, plain (unencrypted) kernel and kernel initrd

Everything is done, exit from parted

Next, create fat32 filesystem. First, install required package: mkfs.vfat -F32 /dev/sdb1

Configure DM-CRYPT for /dev/sdb2 Note, if you use Ubuntu live cd, execute this command: sudo modprobe dm-crypt

cryptsetup luksFormat -c aes-cbc-essiv:sha256 -s 256 /dev/sdb2
 * 1) Crypt the partition we named lvm (in my case that would be /dev/sdb2)

Next, we will open encrypted device: cryptsetup luksOpen /dev/sdb2 lvm

And create lvm structure for future partition mapping: lvm pvcreate /dev/mapper/lvm
 * 1) Setup a LVM physical volume

And create all partitions for lvm https://wiki.gentoo.org/wiki/LVM

vgcreate vg0 /dev/mapper/lvm

Next, we will create root, var and home lvm LV: Logical Volume root@ubuntu:~# lvcreate -L 25G -n root vg0 Logical volume "root" created. root@ubuntu:~# lvcreate -L 40G -n var vg0 Logical volume "var" created. root@ubuntu:~# lvcreate -l 100%FREE -n home vg0 Logical volume "home" created.

Next, create ext4 filesystem on all partitions: mkfs.ext4 /dev/mapper/vg0-root mkfs.ext4 /dev/mapper/vg0-var mkfs.ext4 /dev/mapper/vg0-home

Create mountpoint for permanent gentoo: mkdir /mnt/gentoo

mount /dev/mapper/vg0-root /mnt/gentoo

copy stage3 to /mnt/gentoo cd to /mnt/gentoo

tar xvjpf stage3-*.tar.bz2 --xattrs --numeric-owner

mount mount /dev/mapper/vg0-root /mnt/gentoo/var