Last time I kinda cheated and gave pretty much a redux of an earlier post. This one will hopefully have some more substance to it.
The partitioning scheme I’m currently using is like this:
/dev/sda1 - /boot (ext2)
/dev/sda2 - LUKS encrypted lvm2 physical volume
The /boot partition is created like any normal ext2 partition.
The sda2 partition is created like so:
cryptsetup luksFormat /dev/sda2
This usually is sufficient to provide decent encryption, but it is worth checking the documentation for cryptsetup to look for further options — in particular, the option to use a keyfile.
Once we formatted this partition, we’ll need to open it, so that we can then add our lvm pv to it:
cryptsetup luksOpen /dev/sda2 sda2_crypt
We’ll now have a new device available as /dev/mapper/sda2_crypt. This can be treated just like any other block device — we could just format it as a regular ext3 partition, but then we can’t really ever resize it. So, we’re going to make a LVM2 partition:
Now, we create a volume group. I choose ‘Exherbo’ as the name, but you can really just use whatever (often people just use ‘vg’).
vgcreate Exherbo /dev/mapper/sda2_crypt
Now, we just need to make our partitions:
lvcreate -L 1G -n swap Exherbo
lvcreate -n root Exherbo
vgchange -a y
This creates a 1G swap partition, and uses the rest of the space for our root (/) partition. Again, see the documentation for lvm2 for more options.
Finally, we need to format those partitions:
mke2fs -T ext3 /dev/mapper/Exherbo-root
Next time, I’ll go over how to boot this system.