Encrypted install

How to install Kanotix into an encrypted LVM-volume:

This is an example installation, you may alter the partitioning, names, sizes, etc. to your needs:


Partitioning the System

usually you need two partitions:

  • /dev/sdX1 (ext3)
    Boot-Partition (not encrypted)
    Size: at least 120 MB... 200MB should be enough
  • /dev/sdX2 (not formated)
    encrypted LVM-Volume
    Size: usually the available rest, at least 8 GB (root-partition + swap)

Encrypting the partition

cryptsetup -c aes-xts-plain -s 512 luksFormat /dev/sdX2
cryptsetup luksOpen /dev/sdX2 lukslvm

Creating the LVM volumes

pvcreate /dev/mapper/lukslvm
vgcreate vgkanotix /dev/mapper/lukslvm
lvcreate -L 1500M -n swap vgkanotix
mkswap /dev/mapper/vgkanotix-swap
lvcreate -l 100%FREE -n root vgkanotix
mkfs.ext4 /dev/mapper/vgkanotix-root

Edit /etc/crypttab

look up the UUID of your crypto-partition using

blkid /dev/sdX2

and add it to /etc/crypttab:

echo lukslvm UUID=1234-YOUR-UUID-5678 none luks >> /etc/crypttab

Installation

  • Start the installer from the menu (Kanotix -> Install Kanotix)
  • At the "Select root partition"-step choose "advanced partition options"
  • Set the mountpoint of /dev/mapper/vgkanotix-root to / and check ([X]) the automount-checkbox
  • Set the mountpoint of /dev/mapper/sdX1 to /boot and check ([X]) the automount-checkbox
  • Set no mountpoint for /dev/mapper/lukslvm, /dev/mapper/vgkanotix-swap and /dev/sdX2 and uncheck ([_]) the automount-checkbox

Boot

Reboot after you finished the installation. You will be asked to enter your passphrase. Type it in and press Enter, that's it.