Talk:Dm-crypt full disk encryption

From Gentoo Wiki
Jump to: navigation, search
Note
This is a talk page. Please add newer comments below older ones, and sign your comments using four tildes (~~~~). When adding a new section (at the bottom of the page), please mark it as "open for discussion" by using {{talk|open}} so it will show up in the list of open discussions.

Warning removed

Talk status
This discussion is done.

I removed the warning at the beginning of the article, as we can't rely on external resources that might be unavailable. — yngwin 08:44, 2 July 2012 (UTC)

Wrong command parameter?

Talk status
This discussion is still ongoing.

Is that seek supposed to be count there? dd if=/dev/zero of=key.lbd bs=512 seek=2050 Otherwise it will create a file until out of space. --EmanueLczirai (talk) 04:42, 4 February 2015 (UTC)

Indeed... it should be a count instead. There are a few minor typos, but this one is... a gem. Tclover (talk) 08:41, 4 February 2015 (UTC)
Nice. Thanks! --EmanueLczirai (talk) 18:04, 4 February 2015 (UTC)
2050 is probably too small. Requested offset is beyond real size of device /dev/loop0. The same thing is also done here: Custom Initramfs#Encrypted Keyfile Frostschutz (talk) 18:12, 4 February 2015 (UTC)
Also if you check the history, the seek= was correct once, except someone else changed /dev/null to /dev/zero. A clearer way to create sparse files is `truncate -s size file` instead of `dd`, or just `dd` without any `if=` and no stdin provider or `count=0`. Frostschutz (talk) 18:18, 4 February 2015 (UTC)

This:

Requested offset is beyond real size of device /dev/loop0.

is still the case for count=2050 (or 4096, only greater than somewhere 8192 doesn't get me that message).MiroR

— The preceding undated comment was added by MiroR (talkcontribs) 9 July 2016

Early Userspace without Initramfs

I am requesting permission to add a new section to this page with a link to a guide I've published on how to set up an early userspace environment (with support for opening and mounting a LUKS-encrypted root file system) without using initramfs. I believe this method is a superior alternative to initramfs, especially since Gentoo users often build their own kernels with storage device drivers built-in and so really have no need of an initramfs. My guide also details how this early userspace environment can be used as an interactive rescue environment and how to enable the ability to input the decryption passphrase remotely over SSH, which is valuable when the administrator may not have physical access to the machine following a reboot. Whitslack (talk) 20:56, 16 February 2016 (UTC)
The:
early userspace environment (with support for opening and mounting a LUKS-encrypted root file system) without using initramfs
is exactly what I would need. Pls. write for us hat guide, if you read here! Teach us to use a screwdriver where we don't need the initramfs sledgehammer! MiroR
Nope! That page by Whitslack ( a guide ) may work if you have to use MBR and extlinux. I spent two days with it, errors there that need correcting, and esp. if you are with grub and need gdisk, then it's not a screwdriver from that comparison of his anymore. I found the screwdriver that I needed in this old page (written at the time of Linux 2.6.9) which is amazingly still relevant today (at least if you only need to encrypt your root parition, and you use grub:
Cach0rr0's guide
which only took me hours to successfully complete what I needed.MiroR

— The preceding undated comment was added by MiroR (talkcontribs) 11 July 2016

Outdated information

Talk status
This discussion is still ongoing.

This article has a number of issues; outdated information and factually wrong information. I will go ahead and fix this. — Tamiko (talk) 03:36, 24 August 2016 (UTC)

Dracut: boot configuration

Talk status
This discussion is still ongoing.

The Dracut section has information for the boot configuration with GRUB. There is a lack of information for other bootloaders! Currently, I'm using an UEFI image (UEFI stub kernel) to load Gentoo. So, I don't know if this section could be rewritten in another way. I'm going to add some hyperlinks that I found useful to load Gentoo with a UEFI stub kernel. Feng (talk) 08:14, 8 November 2016 (UTC)

The title of the article

Talk status
This discussion is still ongoing.

I propose another title: Disk encryption (LUKS) — Feng (talk) 08:41, 30 November 2016 (UTC)

The article needs to be rewritten

Talk status
This discussion is still ongoing.

A lot of duplicate information. Content that could be synthesized. Current content could be added. — Feng (talk) 08:01, 1 December 2016 (UTC)

Genkernel failing to integrate GPG support

Talk status
This discussion is still ongoing.

The information that genkernel is ready to use GPG encrypted key files is wrong for a long time now as of bug #599704 --Massimo B. (talk) 06:15, 8 May 2017 (UTC)