=====LVM=====

LVM is a tool for logical volume management which includes allocating disks, striping, mirroring and resizing logical volumes. With LVM, a hard drive or set of hard drives is allocated to one or more physical volumes. LVM physical volumes can be placed on other block devices which might span two or more disks.

=====LUKS=====

LUKS is the standard for Linux hard disk encryption. By providing a standard on-disk-format, it does not

only facilitate compatibility among distributions, but also provides secure management of multiple user passwords.

LUKS stores all necessary setup information in the partition header, enabling you to transport or migrate data seamlessly.

This article assumes that this will be the only operating system installed. Also wherever you see '''''sdx2''''' it is referring to the single large partition (probably /dev/sda2) made in the first step. It also assumes you know your way around the slackware installer.

Swap space setup is documented here but note its only needed if you plan to hibernate e.g. a laptop.

=====Partitioning=====

Boot the installer. Login as '''''root''''' and run

<code>cfdisk</code>

What you’re doing here is setting up the partitions. Essentially, we’re dividing up the hard drive into a few logical partitions so that certain things can run in certain places, and not be affected by others. In order to create a bootable encrypted drive there needs to be a small partition that is not encrypted, it’s unencrypted and readable, so the computer can use it to figure out how to start the operating system.

The first partition to make is a boot partition. Delete every other existing partition (if there are any) and write (again, assuming this will be your only OS). Next, select new and create a primary partition that is relatively small, I usually do 1G (which is rather large but i often juggle multiple kernels). Select ''Beginning'', which puts the partition at the front of the disk. DO NOT forget to make the first partition bootable, otherwise the installation won’t know to use this partition to install the boot scripts and such.

Next, create another partition with the remaining space. Follow the same steps, except do not make it bootable and use the rest of the available space. Just hit enter when it asks how much space to use. After you’ve done this, make sure you go down and select '''''write''''' to ensure the changes are made. Then exit cfdisk.

It's a good idea for you to rewrite the entire large partition with random data. This is so computer forensics folks cannot determine where encryption starts and stops, making it harder to find out a way to circumvent the encryption and stuff. To do this, run

<code>dd if=/dev/urandom of=/dev/sdx2</code>

=====LVM / Luks Config=====

LVM or Logical Volume Manager is used here to configure volumes inside of the large partition set up earlier (sdx2). LVM makes it easy to separate things internally and keep it all encrypted as one partition.

<code>cryptsetup -s 512 -y luksFormat /dev/sdx2</code>

Type '''''YES''''', then decide on a password and type it. Be careful, later on if you put stuff on the drive and you forget your password, it’s gone forever. Such is the nature of encryption.

Basically this is setting up luks encryption on /dev/sdx2.

<code>cryptsetup luksOpen /dev/sdx2 slackcrypt</code>

pvcreate is a linux command used to initialize physical volumes for use by logical volume management (lvm) later.

<code>pvcreate /dev/mapper/slackcrypt</code>

This creates the volume group “cryptvg”.

<code>vgcreate cryptvg /dev/mapper/slackcrypt</code>

Create three internal logical volumes, '''''root''''', '''''home''''', and '''''swap'''''. If you have a unique setup and prefer it a different way, just follow the same steps and size them how you want. the sizes used are example only

<code>lvcreate -L 20G -n root cryptvg</code>

<code>lvcreate -L 2G -n swap cryptvg</code>

<code>lvcreate -l 100%FREE -n home cryptvg</code>

These will be your '''''/root''''', '''''/home''''', and '''''/swap''''' “partitions”. You can adjust the sizes to whatever you want them to be. I use a pretty large amount of space in root because I have run out of space installing tons of programs before, but I’ve also used tiny root partitions on machines where I didn’t plan on installing much. It really depends, but if you have the extra space I’d do like 20+ just to be on the safe side. The home directory gets everything that’s not allocated to swap or root.

Next thing we’ve got to do is make sure some nodes get set so everything knows where things are and what not

<code>vgscan --mknodes</code>

<code>vgchange -ay</code>

make sure the slackware installer can detect the swap partition

<code>mkswap /dev/cryptvg/swap</code>

=====Slack Setup and Installation=====

Run the slackware installer

<code>setup</code>

the installer will walk you through it from here. it should auto-detect the swap partition we designated

Selecting '''''root''''' partition

Make sure you select /dev/cryptvg/root here, because that’ll be your LVM root partition. Pick whichever file-system you like. After that it should bring you back to the same screen. It’s important to designate your other partitions here.

Select /dev/cryptvg/home and format it.

Next designate boot, which is essential, otherwise your machine will not work properly. Select '''''/dev/sdx1/''''' (probably /dev/sda1), format it, and type ''/boot''.

Now simply install slackware as you normally would until you get to

=====Install LILO=====

To install the bootloader Lilo select '''''expert''''', then begin. Ignore the optional LILO Append, you probably don’t need to do anything with that.

Select ''mbr'', hit confirm when it asks you to confirm /dev/sdx (probably /dev/sda), and keep going through the options until you’re back at the screen where you selected “begin”.

Now you have to select '''''Linux: Add a linux partition'''''... and select /dev/cryptvg/root. (/dev/cryptvg/root, NOT /boot).

Once that’s been selected, install lilo. . Continue with the installation until you reach a screen listing slackwares installation steps.

Eit the installer and select '''''No''''' to get dropped to a command prompt.

=====Creating an initrd=====

Now we have to fix lilo because of our encryption scheme.

<code>chroot /mnt</code>

The simple explanation for this command is that you basically just entered the installed system, which is mounted at /mnt. Now you can work on things that are installed on the system.

The initial RAM disk (initrd) is an initial root file system that is mounted prior to when the real root file system is available. The initrd is bound to the kernel and loaded as part of the kernel boot procedure. to create an initrd run

<code>/usr/share/mkinitrd/mkinitrd_command_generator.sh</code>

it will look similar to this

mkinitrd -c -k 4.19.0 -f ext4 -r /dev/cryptvg/root -m usb-storage:xhci-

hcd:usbhid:hid_generic:mbcache:jbd2:ext4 -C /dev/sda2 -h /dev/cryptvg/swap

-L -u -o /boot/initrd.gz

Run the resulting command (yours will surely be different from the example). This will write an image to /boot/initrd.gz in your system which we will use for booting. The '''''-h /dev/cryptvg/swap''''' has been added to enable hibernation. it was not part of the resulting mikinitrd_command_generator.sh command

If you need to know what kernel you just installed try

<code>uname -a</code>

=====Fixing LILO=====

Next, you have to edit lilo’s configuration file and point it to the correct places so it knows what to boot with. Don’t forget the initrd line here.

(use your preferred editor)

<code>nano /etc/lilo.conf</code>

Edit the pertinent parts to look like this:

<code>image = /boot/vmlinuz-generic-4.19.0

initrd = /boot/initrd.gz

root = /dev/cryptvg/root

label = Slackware

read-only # Partitions should be mounted read-only for checking</code>

Above that, there’s an “append” line. Edit it to look something like this:

append = "vt.default_utf8=0 resume=/dev/cryptvg/swap"

Of course, substituting your kernel where necessary. You can check what you need to put for “image = ” by going to /boot and checking which generic kernel you want to use to boot. Save your changes and exit.

Run

<code>lilo -v</code>

You may get an error or two from lilo, but you can usually ignore these.

type

<code>exit</code>

to leave the chroot and then

<code>reboot</code>

If something went wrong, you probably configured something incorrectly along the way. To get back into your system and repair lilo or some other part of the system, follow these steps to chroot from installation media

<code> cryptsetup luksOpen /dev/sdx2 slackcrypt

vgscan --mknodes

vgchange -ay

lvscan

mount /dev/cryptvg/root /mnt

mount /dev/cryptvg/home /mnt/home

mount /dev/sdx1 /mnt/boot

mount -o bind /proc /mnt/proc

mount -o bind /sys /mnt/sys

mount -o bind /dev /mnt/dev

chroot /mnt</code>

When you update your kernel all you have to do is make another initrd (run the same command mkinitrd_commaand_generator.sh gave you earlier with updated kernel info),

edit /etc/lilo.conf to reflect the new kernel and run lilo