Tuesday, April 3, 2018

Step by Step full Disk Encryption GENTOO after Windows Install

avoid forget it how 2 do it since i tend to lost my notes :0

Installer environment:

# fdisk n p +512 t 4 a 3
# fdisk n e FULL
--------------------/dev/sda layout------------------------
/dev/sda1 * 7 boot win7
/dev/sda2 7 c:
/dev/sda3 * 4 512 linux boot
/dev/sda4 5 extended

# mkfs.ext2 /dev/sda3
# cryptsetup luksFormat -c aes-cbc-essiv:sha256 /dev/sda5
 YES
  pass
# cryptsetup luksOpern /dev/sda5 lvm
# lvm pvcreate /dev/mapper/lvm
# vgcreate vg0 /dev/mapper/lvm
# lvcreate -l 100%FREE -n root vg0
# mkfs.ext4 /dev/mapper/vg0-root
# mount /dev/mapper/vg0-root /mnt/gentoo

----------------AFETER DOWNLOAD STAGE TARBALL-----------

# cd /mnt/gentoo
# tar xvf stage-blabla.tar.blabla
# mkdir --parents /mnt/gentoo/etc/portage/repos.conf
# cp /mnt/gentoo/usr/share/poratege/config/repos.config \
       /mnt/gentoo/etc/portage/repos.conf/gentoo.conf
# mirrorselec -i -o >> /mnt/gentoo/etc/portage/make.conf
---------------------FILE ../make.conf ------------------
CFLAGS="-march=native -O2 -pipe"
CXXFLAGS="${CFLAGS}"
MAKEOPTS="-j2"
all the other are defaults
# cp --dereference /etc/resolv.conf /mnt/gentoo/etc
# mount -t proc /proc /mnt/gentoo/proc
# mount --rbind /sys /mnt/gentoo/sys
# mount --make-rslave /mnt/gentoo/sys
# mount --rbind /dev /mnt/gentoo/dev
# mount --make-rslave /mnt/gentoo/dev
# test -L /dev/shm && rm /dev/shm && mkdir /dev/shm
# mount -t tmpfs -o nosuid,nodev,noexec shm /dev/shm
# chmod 1777 /dev/shm
# chroot /mnt/gentoo /bin/bash
# . /etc/profile
# export PS1="(chroot)${PS1}"
# mount /dev/sda3 /boot
# emerge-webrsync
# eselect profile (list|set) <--- make your choice
# emerge --update --deep --newuse @world

if for some reason need to suspend the install boot again and repeat the steps above except emerge and eselect commands

# echo "YOUR/TUMEZONE" > /etc/timezone
# locale-gen
# emerge --config sys-libs/timezone-data
# eselect locale (list|set) <-------- list and set your locale
# env-update && source /etc/profile
# emerge sys-kernel/gentoo-sources
# emerge sys-kernel/genkernel
# emerge sys-fs/cryptsetup
# genkernel --luks --lvm all
# emerge -av grub
# emerge sys-boot/os-prober

in order to grub to decrypt the system it needs to adjust the grub file

------- FILE /etc/default/grub---------------------------------- GRUB_CMDLINE_LINUX="dolvm crypt_root=UUID=your uuid root=/dev/mapper/vg0-root"
# grub-install /dev/sda
# grub-mkconfig -o /boot/grub/grub.cfg
------- FILE /etc/fstab----------------------------------
/dev/sda3 /boot ext2 noauto,noatime 1 2
/dev/sda5 / ext4 defaults 0 1
shm /shm tmpfs nodev,nosuid,noexec 0 0

At this point and after setting up the user account and pass 4 root we will be able to boot into full disk encrypted device