Talk:Dm-crypt full disk encryption

From Gentoo Wiki
Jump to:navigation Jump to:search
Note
Before creating a discussion or leaving a comment, please read about using talk pages. To create a new discussion, click here. Comments on an existing discussion should be signed using ~~~~:
A comment [[User:Larry|Larry]] 13:52, 13 May 2024 (UTC)
: A reply [[User:Sally|Sally]] 03:05, 25 June 2024 (UTC)
:: Your reply ~~~~

Warning removed

Talk status
This discussion is done.

I removed the warning at the beginning of the article, as we can't rely on external resources that might be unavailable. — yngwin 08:44, 2 July 2012 (UTC)

Wrong command parameter?

Talk status
This discussion is done.

Is that seek supposed to be count there? dd if=/dev/zero of=key.lbd bs=512 seek=2050 Otherwise it will create a file until out of space. --EmanueLczirai (talk) 04:42, 4 February 2015 (UTC)

Indeed... it should be a count instead. There are a few minor typos, but this one is... a gem. Tclover (talk) 08:41, 4 February 2015 (UTC)
Nice. Thanks! --EmanueLczirai (talk) 18:04, 4 February 2015 (UTC)
2050 is probably too small. Requested offset is beyond real size of device /dev/loop0. The same thing is also done here: Custom Initramfs#Encrypted Keyfile Frostschutz (talk) 18:12, 4 February 2015 (UTC)
Also if you check the history, the seek= was correct once, except someone else changed /dev/null to /dev/zero. A clearer way to create sparse files is `truncate -s size file` instead of `dd`, or just `dd` without any `if=` and no stdin provider or `count=0`. Frostschutz (talk) 18:18, 4 February 2015 (UTC)

This:

Requested offset is beyond real size of device /dev/loop0.

is still the case for count=2050 (or 4096, only greater than somewhere 8192 doesn't get me that message).MiroR

— The preceding undated comment was added by MiroR (talkcontribs) 9 July 2016

This command no longer appears in the article. Closing. --Grknight (talk) 01:56, 8 November 2018 (UTC)

Early Userspace without Initramfs

Talk status
This discussion is done as of 2024-06-03.

I am requesting permission to add a new section to this page with a link to a guide I've published on how to set up an early userspace environment (with support for opening and mounting a LUKS-encrypted root file system) without using initramfs. I believe this method is a superior alternative to initramfs, especially since Gentoo users often build their own kernels with storage device drivers built-in and so really have no need of an initramfs. My guide also details how this early userspace environment can be used as an interactive rescue environment and how to enable the ability to input the decryption passphrase remotely over SSH, which is valuable when the administrator may not have physical access to the machine following a reboot. Whitslack (talk) 20:56, 16 February 2016 (UTC)

The:
early userspace environment (with support for opening and mounting a LUKS-encrypted root file system) without using initramfs
is exactly what I would need. Pls. write for us hat guide, if you read here! Teach us to use a screwdriver where we don't need the initramfs sledgehammer! MiroR

Nope! That page by Whitslack ( a guide ) may work if you have to use MBR and extlinux. I spent two days with it, errors there that need correcting, and esp. if you are with grub and need gdisk, then it's not a screwdriver from that comparison of his anymore.
I found the screwdriver that I needed in this old page (written at the time of Linux 2.6.9) which is amazingly still relevant today (at least if you only need to encrypt your root parition, and you use grub:

Cach0rr0's guide

which only took me hours to successfully complete what I needed.MiroR
— The preceding undated comment was added by MiroR (talkcontribs) 11 July 2016
That should definitely be its own page on the wiki, not a section on this page.
If you want to link to your Gist, you can do so from the External resources section.
Waldo Lemmer 05:59, 3 June 2024 (UTC)

Dracut: boot configuration

Talk status
This discussion needs help as of 2024-06-03.
Tip: To get this fixed sooner, use {{Proposal}}.

The Dracut section has information for the boot configuration with GRUB. There is a lack of information for other bootloaders! Currently, I'm using an UEFI image (UEFI stub kernel) to load Gentoo. So, I don't know if this section could be rewritten in another way. I'm going to add some hyperlinks that I found useful to load Gentoo with a UEFI stub kernel. Feng (talk) 08:14, 8 November 2016 (UTC)

The title of the article

Talk status
This discussion needs a response from its author as of 2024-06-03.

I propose another title: Disk encryption (LUKS) — Feng (talk) 08:41, 30 November 2016 (UTC)

Any reason why?
Waldo Lemmer 06:04, 3 June 2024 (UTC)

The article needs to be rewritten

Talk status
This discussion needs a response from its author as of 2024-06-03.

A lot of duplicate information. Content that could be synthesized. Current content could be added. — Feng (talk) 08:01, 1 December 2016 (UTC)

Please do point out the specific aspects that need improvement. Note that #Obsolete proposes deleting this page in favor of two other pages that are much better maintained.
Waldo Lemmer 06:07, 3 June 2024 (UTC)

Genkernel failing to integrate GPG support

Talk status
This discussion is done as of 2024-06-03.

The information that genkernel is ready to use GPG encrypted key files is wrong for a long time now as of bug #599704 --Massimo B. (talk) 06:15, 8 May 2017 (UTC)

I removed that sentence.
Waldo Lemmer 06:10, 3 June 2024 (UTC)

More information for Mkinitramfs-LL

Talk status
This discussion needs help as of 2024-06-03.
Tip: To get this fixed sooner, use {{Proposal}}.

I'm working out a problem that I'm having with pretty much every kernel since 4.11.x, and while I use dracut, I'm hoping this line will shed some light on my issue. The problem is the "<MAPPING>-UUID=<uuid>" isn't really detailed anywhere that I have found. I get the "uuid" of course but have no idea what is meant by "<MAPPING>". Can someone clarify this a bit?

GRUB_CMDLINE_LINUX="root=<VG-LV> luks=reg:LABEL=PENDRIVE:/key.reg lvm=<MAPPING>-UUID=<uuid>"

Ehrichweiss (talk) 03:05, 30 March 2018 (UTC)

Obsolete

Talk status
This discussion needs help as of 2024-06-03.
Tip: To get this fixed sooner, use {{Proposal}}.

I think this page is Obsolete now with the Full_Disk_Encryption_From_Scratch_Simplified and Rootfs_encryption guides. The Rootfs guide is meant to be simple while the FDE guide is more advanced and could probably use some of the info that is in this guide.

Zen desu (talk) 19:41, 16 October 2023 (UTC)

After the content from this page has been moved over to Full Disk Encryption From Scratch, this page should become a redirect to that page.
Waldo Lemmer 06:13, 3 June 2024 (UTC)