2. Creating the encrypted root filesystem
Fill the target partition with random data:
Setup the encrypted loopback device:
losetup -e aes256 -S xxxxxx /dev/loop0 /dev/hda2 |
To prevent optimized dictionary attacks, it is recommended to add
the -S xxxxxx option, where "xxxxxx" is your randomly chosen
seed (for example, you might choose "gPk4lA"). Write down your seed on
a piece of paper so that you don't loose it afterwards. Also, in order
to avoid boot-time problems with the keyboard map, do not use non-ASCII
characters (accents, etc.) in your password. The
Diceware site offers
a simple way to create strong, yet easy to remember, passphrases.
Now create the ext3 filesystem:
Check that the password you entered is correct:
losetup -d /dev/loop0
losetup -e aes256 -S xxxxxx /dev/loop0 /dev/hda2 |
mkdir /mnt/efs
mount /dev/loop0 /mnt/efs |
You can compare the encrypted and unencrypted data:
xxd /dev/hda2 | less
xxd /dev/loop0 | less |
It's time to install your encrypted Linux system. If you use a GNU/Linux
distribution (such as Debian, Slackware, Gentoo, Mandrake, RedHat/Fedora,
SuSE, etc.), run the following command:
If you use the Linux From Scratch book, proceed as described in
the manual, with the modifications below:
Chapter 6 - Installing util-linux:
Apply the loop-AES patch after unpacking the sources.
Chapter 8 - Making the LFS system bootable:
Refer to the next section (Setting up the boot device).