Talk:Dm-crypt full disk encryption
This is a Talk page - please see the documentation about using talk pages. Add newer comments below older ones, sign comments using four tildes (
~~~~), and indent successive comments with colons (:).
Add new sections at the bottom of the page, under a heading (== ==). Please remember to mark sections as "open for discussion" using {{talk|open}}, so they will show up in the list of open discussions.Warning removed
I removed the warning at the beginning of the article, as we can't rely on external resources that might be unavailable. — yngwin 08:44, 2 July 2012 (UTC)
Wrong command parameter?
Is that seek supposed to be count there? dd if=/dev/zero of=key.lbd bs=512 seek=2050 Otherwise it will create a file until out of space. --EmanueLczirai (talk) 04:42, 4 February 2015 (UTC)
- Indeed... it should be a count instead. There are a few minor typos, but this one is... a gem. Tclover (talk) 08:41, 4 February 2015 (UTC)
- Nice. Thanks! --EmanueLczirai (talk) 18:04, 4 February 2015 (UTC)
- 2050 is probably too small. Requested offset is beyond real size of device /dev/loop0. The same thing is also done here: Custom Initramfs#Encrypted Keyfile Frostschutz (talk) 18:12, 4 February 2015 (UTC)
- Also if you check the history, the seek= was correct once, except someone else changed /dev/null to /dev/zero. A clearer way to create sparse files is `truncate -s size file` instead of `dd`, or just `dd` without any `if=` and no stdin provider or `count=0`. Frostschutz (talk) 18:18, 4 February 2015 (UTC)
This:
Requested offset is beyond real size of device /dev/loop0.
is still the case for count=2050 (or 4096, only greater than somewhere 8192 doesn't get me that message).MiroR
— The preceding undated comment was added by MiroR (talk • contribs) 9 July 2016
- This command no longer appears in the article. Closing. --Grknight (talk) 01:56, 8 November 2018 (UTC)
Early Userspace without Initramfs
I am requesting permission to add a new section to this page with a link to a guide I've published on how to set up an early userspace environment (with support for opening and mounting a LUKS-encrypted root file system) without using initramfs. I believe this method is a superior alternative to initramfs, especially since Gentoo users often build their own kernels with storage device drivers built-in and so really have no need of an initramfs. My guide also details how this early userspace environment can be used as an interactive rescue environment and how to enable the ability to input the decryption passphrase remotely over SSH, which is valuable when the administrator may not have physical access to the machine following a reboot. Whitslack (talk) 20:56, 16 February 2016 (UTC)
The:
early userspace environment (with support for opening and mounting a LUKS-encrypted root file system) without using initramfs
is exactly what I would need. Pls. write for us hat guide, if you read here! Teach us to use a screwdriver where we don't need the initramfs sledgehammer! MiroR
Nope! That page by Whitslack ( a guide ) may work if you have to use MBR and extlinux. I spent two days with it, errors there that need correcting, and esp. if you are with grub and need gdisk, then it's not a screwdriver from that comparison of his anymore.
I found the screwdriver that I needed in this old page (written at the time of Linux 2.6.9) which is amazingly still relevant today (at least if you only need to encrypt your root parition, and you use grub:
Cach0rr0's guide
which only took me hours to successfully complete what I needed.MiroR
— The preceding undated comment was added by MiroR (talk • contribs) 11 July 2016
Dracut: boot configuration
The Dracut section has information for the boot configuration with GRUB. There is a lack of information for other bootloaders! Currently, I'm using an UEFI image (UEFI stub kernel) to load Gentoo. So, I don't know if this section could be rewritten in another way. I'm going to add some hyperlinks that I found useful to load Gentoo with a UEFI stub kernel. Feng (talk) 08:14, 8 November 2016 (UTC)
The title of the article
I propose another title: Disk encryption (LUKS) — Feng (talk) 08:41, 30 November 2016 (UTC)
The article needs to be rewritten
A lot of duplicate information. Content that could be synthesized. Current content could be added. — Feng (talk) 08:01, 1 December 2016 (UTC)
Genkernel failing to integrate GPG support
The information that genkernel is ready to use GPG encrypted key files is wrong for a long time now as of bug #599704 --Massimo B. (talk) 06:15, 8 May 2017 (UTC)
More information for Mkinitramfs-LL
I'm working out a problem that I'm having with pretty much every kernel since 4.11.x, and while I use dracut, I'm hoping this line will shed some light on my issue. The problem is the "<MAPPING>-UUID=<uuid>" isn't really detailed anywhere that I have found. I get the "uuid" of course but have no idea what is meant by "<MAPPING>". Can someone clarify this a bit?
GRUB_CMDLINE_LINUX="root=<VG-LV> luks=reg:LABEL=PENDRIVE:/key.reg lvm=<MAPPING>-UUID=<uuid>"
Ehrichweiss (talk) 03:05, 30 March 2018 (UTC)
Obsolete
I think this page is Obsolete now with the Full_Disk_Encryption_From_Scratch_Simplified and Rootfs_encryption guides. The Rootfs guide is meant to be simple while the FDE guide is more advanced and could probably use some of the info that is in this guide.