Welcome to Eric Hameleers (Alien BOB)'s Wiki pages.
This is an old revision of the document!
Installation to encrypted partitions works well with the stock Slackware kernels.
If you want to compile your own custom kernel to work with LUKS encrypted partitions you need to enable at least the following two options in your kernel configuration:
Multiple devices driver support (RAID and LVM) ---> <*> Device mapper support <*> Crypt target support
This is equivalent to the following options in your
Do not compile these as module! They are required in your kernel.
When you use an initrd file for your box(a requirement for installing Slackware to LVM or LUKS partitions) you will notice that there is a maximum to the size of the kernel you use with it. If the kernel grows to big (like with the 'huge' kernels of Slackware > 12.0) you will see the following lilo error message:
Warning: The initial RAM disk is too big to fit between the kernel and the 15M-16M memory hole. It will be loaded in the highest memory as though the configuration file specified "large-memory" and it will be assumed that the BIOS supports memory moves above 16M.
As far as I know there is no remedy against this message - you need to shrink your kernel until there is room for the initrd image. A Slackware 'generic' kernel is small enough. The recommendation for 'huge' kernels is that they are not meant for daily use anyway. Either you compile your own custom kernel, or use one of the generic kernels with an initrd.
I'd like to correct two things omitted in the README_CRYPT.TXT file for Slackware 12.0. They relate to setting up an encrypted root partition in Slackware.
- First issue:
When you finish the installation and the README prompts you to
perform a chroot into the new installation, there is one command missing. As a result, there will not be a
/dev/mapper/cryptrootavailable inside the chroot and therefore the attempt to install LILO will fail.
Please change the list of commands that goes like
mount -o bind /proc /mnt/proc mount -o bind /sys /mnt/sys chroot /mnt
mount -o bind /proc /mnt/proc mount -o bind /sys /mnt/sys mount -o bind /dev /mnt/dev chroot /mnt
and then proceed with the remainder of the README.
IF for whatever reason you get something like this error after running ”
mount -o bind /dev/mnt/dev”:
mount: wrong fs type, bad option, bad superblock on /dev, missing codepage or other error In some cases useful info is found in syslog - try dmesg | tail
then please run this command instead:
cp -a /dev/mapper /mnt/dev/
which will add the required files intto the installed system so that lilo will install successfully. I have had reports from several people who experienced the above error, and I have seen it happen myself too, for reasons unclear to me.
The README_CRYPT.TXT mentions
Change the boot device to name of the small unencrypted partition you've created and which is mounted under /boot- it should be clear that this advice should not be taken when you configured LILO to be installed in the MBR.
The example shown in README_CRYPT.TXT is for a Slackware setup when there is another OS bootloader (such as MS Windows) already installed in the MBR, and your encrypted Slackware installation is a secondary install for which LILO needs to be installed into the root sector of a partition instead.
If you are installing Slackware as the first and only Operating System on the computer, please configure
/etc/lilo.confso that LILO installs into the MBR. You still need that small unencrypted partition for
/bootof course… LILO can only load the kernel and initrd if they are found on an unencrypted medium.
When you run the
lilocommand and you are using LVM and/or LUKS-encrypted partitions, lilo will show the following warning message (or something very similar):
Warning: "/proc/partitions' does not match '/dev' directory structure. Name change: '/dev/dm-0' -> '/dev/mapper/cryptroot' Warning: Name change: ... etc.
These messages are harmless and you can safely ignore them.
I hope this clarifies the issues some people reported to me after Slackware 12.0 was released.
– Eric 03-july-2007