Gentoo-Wiki describing the entire process step by step. Manual installation takes a bit too long and since I need encrypted hard drive on every computer, especially a laptop I wrote a set of scripts and got Gentoo to install on an encrypted root+swap in 10 quick steps. All you need is a Gentoo Minimal Installation CD version 2006.1 or 2007.0 and Internet access. Let's start!
The installation process:
0. Boot off a Gentoo Mini Install CD
1. Partition your hard drive, so that you have at least 3 partitions: boot, swap and root.
2. wget http://oozie.fm.interia.pl/src/gentoo-crypto.tar.bz2
3. tar xjf gentoo-crypto.tar.bz2
4. cd gentoo-crypto
5. cat README
6. run ./00config.sh and answer the questions
7. run ./0?*.sh files one by one and look for errors.
8. You should finish with setting up root password.
9. You write a basic /boot/grub/menu.lst and install grub onto your hard drive from a chrooted environment on /mnt/gentoo
That's it :)
0. Create a basic config file with 00config.sh :)
Partitions on your disk should be laid out prior to this step!
- 01modules.sh - this script loads appropriate cryptographic modules that are necessary for cryptsetup to proceed.
- 02crypt_dwnld.sh - downloads the statically liked binary of cryptsetup
- 03cryptswap.sh - sets up and encrypts the swap space
- 04cryptroot.sh - does the same as the one above, but with the root partition
- 05filesystem.sh - creates the root filesystem and mounts it
- 06baseinstall.sh - downloads stage3 and portage, extracts them, makes you select a mirror and downloads the kernel source
- 07etcfiles.sh - the script edits /etc/fstab and points both root and swap to /dev/mapper/root and /dev/mapper/swap
- 08kernelchk.sh - this script checks your kernel config for all required options. This may not be reliable, as the option names may change from one kernel version to another. I attach a simple config for 2.6.24 kernel.
- 09initramfs.sh - creation of initramfs takes
- 0Abasicsetup.sh - merges a couple of ebuilds, the ones that are crucial for the system to work and those specified in config.crypto EBUILDS variable. Most importantly, it reemerges udev to the newer version, thus letting you emerge device-mapper which is necessary for the /dev/mapper/root device to be recognized in the system*.
* If you neglect re-emerging udev and device-mapper ebuilds you are very likely to see a message like this:
* Checking root filesystem ...
fsck.ext3: No such file or directory while trying to open /dev/mapper/root
The superblock could not be read or does not describe a correct ext2
filesystem. If the device is valid and it really contains an ext2
filesystem (and not swap or ufs or something else), then the superblock
is corrupt, and you might try running e2fsck with an alternate superblock:
e2fsck -b 8193
* Filesystem couldn't be fixed :(
Give root password for maintenance
(or type Control-D to continue):
The super block can not be read, because /dev/mapper/ directory is empty, non-existent or contains only the special character device control. You can otherwise fix this message by changing two last fields in /etc/fstab from "0 1" to "0 0", but it's not a real solution - you just prevent the partition from being checked.