User:Zulu Foxtrott/GentooOnARM/EasyInstall/LuksKernel

From Gentoo Wiki
Jump to:navigation Jump to:search

Activating options required for LUKS encryption

If the main partition has been encrypted, an initial RAM file system (initramfs) needs to be created. It provides a minimal root filesystem and some tools (applications) to the kernel and takes care of making the "real" root filesystem accessible (it unlocks the encrypted partition). To keep its size small, it can be compressed. In this document gzip will be used as an example.

To have the kernel support a gzip compressed initramfs select Initial RAM filesystem and RAM disk (initramfs/initrd) support and Support initial ramdisk/ramfs compressed using gzip"" (CONFIG_BLK_DEV_INITRD and CONFIG_RD_GZIP):

KERNEL Enabling initramfs support
General setup  --->
    [*] Initial RAM filesystem and RAM disk (initramfs/initrd) support
    [*]   Support initial ramdisk/ramfs compressed using gzip

As LUKS relies on the dm-crypt disk encryption system, which is part of the kernel's device mapper subsystem, also select Device mapper support and Crypt target support (CONFIG_BLK_DEV_DM and CONFIG_DM_CRYPT):

KERNEL Enabling device mapper and crypt target
[*] Enable loadable module support
Device Drivers --->
    [*] Multiple devices driver support (RAID and LVM) --->
        <*> Device mapper support
        <*>   Crypt target support

Last but not least, the kernel needs built-in support for the ciphers, keys and hashes used to encrypt the storage device. (CONFIG_CRYPTO_XTS, CONFIG_CRYPTO_SHA512, CONFIG_CRYPTO_AES, CONFIG_CRYPTO_USER_API_HASH and CONFIG_CRYPTO_USER_API_SKCIPHER)

KERNEL Enabling cryptographic API functions
[*] Cryptographic API --->
    <*> XTS support
    <*> SHA384 and SHA512 digest algorithms
    <*> AES cipher algorithms
    <*> User-space interface for hash algorithms
    <*> User-space interface for symmetric key cipher algorithms

Do not skip the following section and build an initramfs now.


Building an initramfs