User:Zulu Foxtrott/GentooOnARM/EasyInstall/EncryptedRootfs

Optional: Using LUKS to encrypt the main partition
Nowadays encrypting storage devices is widely regarded best practice to protect user data, for instance in case of theft or as a measurement against espionage or stalking. On Linux this is usually realized via the Linux Unified Key Setup (LUKS) on top of the kernel's dm-crypt disk encryption system. The application is the reference implementation of LUKS and is used to manage encrypted storage and associated passphrases and keys.

Encrypting the main partition will make the creation of an initial RAM file system (initramfs) later on in the installation process mandatory - otherwise the kernel won't be able to access the rootfs. Also, the kernel must be configured to support device encryption.

To encrypt the main partition of the default partitioning scheme use and specify the cipher to use with the command line argument   (the default), the keysize with   and the hash with. To ensure that instead of the legacy LUKS version the modern LUKS2 is used, pass the parameter.

TODO: correct output

This will ask for a password that in future can be used to unlock the encrypted partition.

Before a filesystem can be created on the newly encrypted partition, it needs to be unlocked. In the example it will be named  and thus afterwards be mapped to the device handle. Make the main partition accessible with:

At the password prompt, enter the password chosen before. If no error is shown the device should be unlocked now.

Next
Creating file systems