Activating options required for LUKS encryption
If the main partition has been encrypted, an initial RAM file system (initramfs) needs to be created. It provides a minimal root filesystem and some tools (applications) to the kernel and takes care of making the "real" root filesystem accessible (it unlocks the encrypted partition). To keep its size small, it can be compressed. In this document gzip will be used as an example.
To have the kernel support a gzip compressed initramfs select Initial RAM filesystem and RAM disk (initramfs/initrd) support and Support initial ramdisk/ramfs compressed using gzip"" (CONFIG_BLK_DEV_INITRD and CONFIG_RD_GZIP):
General setup ---> [*] Initial RAM filesystem and RAM disk (initramfs/initrd) support [*] Support initial ramdisk/ramfs compressed using gzip
As LUKS relies on the dm-crypt disk encryption system, which is part of the kernel's device mapper subsystem, also select Device mapper support and Crypt target support (CONFIG_BLK_DEV_DM and CONFIG_DM_CRYPT):
[*] Enable loadable module support Device Drivers ---> [*] Multiple devices driver support (RAID and LVM) ---> <*> Device mapper support <*> Crypt target support
Last but not least, the kernel needs built-in support for the ciphers, keys and hashes used to encrypt the storage device. (CONFIG_CRYPTO_XTS, CONFIG_CRYPTO_SHA512, CONFIG_CRYPTO_AES, CONFIG_CRYPTO_USER_API_HASH and CONFIG_CRYPTO_USER_API_SKCIPHER)
[*] Cryptographic API ---> <*> XTS support <*> SHA384 and SHA512 digest algorithms <*> AES cipher algorithms <*> User-space interface for hash algorithms <*> User-space interface for symmetric key cipher algorithms
Do not skip the following section and build an initramfs now.