Swap /dev/disk/by-id/ata-Samsung_SSD_840_PRO_Series_-part2 /dev/urandom swap,cipher=aes-xts-plain64:sha256Īfter a reboot lsblk output will be NAME MAJ:MIN RM SIZE RO TYPE MOUNTPOINTĮncrypt data drives and derive keys from root Usable) find -L /dev/disk -samefile /dev/sde2 encrypted swapįind the unique partition and use it as swap (UUID is always different, so not Now you are able to login like normal and access OMV. To unlock root partition, and maybe others like swap, run `cryptroot-unlock`īusyBox v1.22.1 (Debian 1:1.22.0-19+b3) built-in shell (ash)Įnter 'help' for a list of built-in commands. Log into the dropbear and run cryptroot-unlock ssh -o UserKnownHostsFile=/dev/null -o StrictHostKe圜hecking=no -p2222 Permanently added ':2222' (ECDSA) to the list of known hosts. Make sure the livecd is not booted boot the system Umount every device after leaving the chroot and reboot logout To proper unload the dropbear network settings add the pre-up to the corresponding Pre-up lead to not working network with me. RESUME is not wanted in initramfs rm /etc/initramfs-tools/conf.d/resume Use UUID to make sure the correct drive is mounted ( blkid /dev/sde3) /etc/crypttab: # swap was on /dev/sde5 during installation
Next we will update everything /etc/fstab: Then bind folders needed to chroot mount -bind /dev /newroot/dev Lets open the drive and create a filesystem cryptsetup luksOpen /dev/sde3 root
Verify it worked with cryptsetup luksDump /dev/sde3
apt update & apt install cryptsetupĬryptsetup -cipher aes-xts-plain64 -s 512 -h sha256 -iter-time 5000 luksFormat /dev/sde3 Now let's encrypt the root partition sde3 and choosing a strong crypt key.