In a previous post, I described how to install Arch with LVM. Now I will inject the commands to encrypt a disk partition using LUKS and use that for your LVM physical volume with dm-crypt. I use this method to install a new Arch Linux laptop, for example, one that will not span physical drives, and done at installation time. If you wish to encrypt your desktop drive, it may be better to follow the LUKS on LVM method instead of the LVM on LUKS that I use here.
So after you have encrypted your drive but before creating your physical volume, encrypt that partition.
cryptsetup --verify-passphrase luksFormat /dev/sda2Now you need to open the newly encrypted partition, naming it lvm, to create the LVM physical volume upon.
cryptsetup open --type luks /dev/sda2 lvmNow replace the following commands with these that use the encrypted partition.
pvcreate /dev/mapper/lvm
vgcreate system /dev/mapper/lvmNow continue with the LVM posting and your installation guide of choice. Your disk will look like this:
My /etc/fstab now looks like this - note, this is an SSD drive.
When you get to the configuring mkinitcpio.conf section, add encrypt before lvm2 in the HOOKS parameter.
HOOKS="...block encrypt lvm2..."I disabled UUID disk identification, but this is optional, in this file as well.
GRUB_DISABLE_LINUX_UUID=trueEnsure you create the new initramfs file after editing.
Only one more thing, you need to tell the bootloader about the encrypted partition by editing /etc/default/grub.
GRUB_CMDLINE_LINUX="cryptdevice=/dev/sda2:system:allow-discards"Finish your Arch install.
No comments:
Post a Comment