4. Final steps
Still inside chroot, modify /etc/fstab so that it contains:
/dev/loop0 / ext3 defaults 0 1 |
Delete /etc/mtab and exit from chroot. Finally, run "umount -d /mnt/efs"
and reboot. If something goes wrong, you can still boot your unencrypted
partition by entering "Linux root=/dev/hda3" at the LILO: prompt.
If everything went well, you can now re-partition your disk and encrypt
hda3 as well as hda4. In the following scripts, we assume that hda3 will
hold the swap device and hda4 will contain /home; you should initialize
both partitions first:
shred -n 1 -v /dev/hda3
shred -n 1 -v /dev/hda4
losetup -e aes256 -S xxxxxx /dev/loop1 /dev/hda3
losetup -e aes256 -S xxxxxx /dev/loop2 /dev/hda4
mkswap /dev/loop1
mke2fs -j /dev/loop2 |
Then create a script in the system startup directory and update fstab:
cat > /etc/init.d/loop << "EOF"
#!/bin/sh
if [ "`/usr/bin/md5sum /dev/hda1`" != \
"5671cebdb3bed87c3b3c345f0101d016 /dev/hda1" ]
then
echo -n "WARNING! hda1 integrity verification FAILED - press enter."
read
fi
echo "1st password chosen above" | \
/sbin/losetup -p 0 -e aes256 -S xxxxxx /dev/loop1 /dev/hda3
echo "2nd password chosen above" | \
/sbin/losetup -p 0 -e aes256 -S xxxxxx /dev/loop2 /dev/hda4
/sbin/swapon /dev/loop1
for i in `seq 0 63`
do
echo -n -e "\33[10;10]\33[11;10]" > /dev/tty$i
done
EOF
chmod 700 /etc/init.d/loop
ln -s ../init.d/loop /etc/rcS.d/S00loop
vi /etc/fstab
...
/dev/loop2 /home ext3 defaults 0 2 |