Home :: International :: Manuals :: Howto :: FAQ :: Man Pages :: Email Login
 
 
 
Encrypted Root Filesystem HOWTO
PrevNext

2. Creating the encrypted root filesystem

Fill the target partition with random data: 

shred -n 1 -v /dev/hda2

Setup the encrypted loopback device: 

losetup -e aes256 -S xxxxxxxxxx /dev/loop0 /dev/hda2
Password:

To prevent optimized dictionary attacks, it is recommended to add the -S xxxxxxxxxx option, where "xxxxxxxxxx" is your randomly chosen seed. Also, in order to avoid boot-time problems with the keyboard map, do not use non-ASCII characters (accents, etc.) in your password.

Now create the ext3 filesystem: 

mke2fs -j /dev/loop0

Check that you correctly entered the password: 

losetup -d /dev/loop0
losetup -e aes256 -S xxxxxxxxxx /dev/loop0 /dev/hda2
Password:

mkdir /mnt/efs
mount /dev/loop0 /mnt/efs

You can compare the encrypted and unencrypted data: 

xxd /dev/hda2  | less
xxd /dev/loop0 | less

It's time to install your encrypted Linux system. If you use a GNU/Linux distribution (such as Debian, Slackware, Gentoo, Mandrake, RedHat/Fedora, SuSE, etc.), run the following command: 

cp -avx / /mnt/efs

If you use the Linux From Scratch book, proceed as described in the manual, with the modifications below:

  • Chapter 6 - Installing util-linux:

    Apply the loop-AES patch after unpacking the sources.

  • Chapter 8 - Making the LFS system bootable:

    Refer to the next section.

PrevHomeNext
Preparing the system Setting up the boot device
 
 
 
 
Google
  Web Linuxinfor   
 

Home :: Copyright :: Privacy :: Credits :: Get a free Linuxinfor Email Account

Document on this page is part of "Encrypted Root Filesystem HOWTO". See Index Page for more info about Authorship and Copyright.

1999-2008 Linuxinfor.com. No rights reserved.