Security related stuff for system administrators
and/or courious people :) some notes might actually
be interesting, some other are just boring, common
facts...
Using cryptpart and suspend to disk in Debian, and encrypted root
[46]
At time of writing, if you want to use cryptsetup,
dmcrypt, and all those cool new things, the only option
you have to be able to boot your system out of an
encrypted root partition is to use mkinitramfs.
Both yaird and mkinitrd are unable to generate images
supporting resume from swap AND encrypted filesystems.
Just:
apt-get install mkinitramfs
|
|
and change /etc/kernel-img.conf, to have something like:
now, install the kernel you want, do all the setup you need
to do to have all the encryption you want, and finally
run:
% uname -a
Linux matteotti 2.6.8-3-686-smp #1 SMP Tue Dec 5 23:17:50 UTC 2006 i686 GNU/Linux
% update-initramfs -k 2.6.8-3-686-smp -u
|
|
or similar. Make sure you have a backup of /boot/initrd.whatever
handy in case initramfs generated an unusable ramdisk (it can easily happen!)
This note is available in the following categories: