View previous topic :: View next topic |
Author |
Message |
thelordi n00b
Joined: 16 Sep 2023 Posts: 16
|
Posted: Wed Oct 25, 2023 6:09 pm Post subject: [Solved] dm-crypt without modules? |
|
|
Hello everyone, I wanted to increase the security of my computer by removing modules from the kernel. I have a configuration without modules that could boot, however, I still need an initramfs (and through it, modules) because I have an encrypted / partition and an encrypted /home partition. In the wiki section it says to enable loadable module support when using dm-crypt, even when including it in the kernel. So my question is: (How) can I get dm-crypt to work without needing to rely on kernel modules and to some extent dracut (because I have not yet tried to integrate the dm-crypt module in the kernel without an initramfs but as a module)?
Last edited by thelordi on Thu Oct 26, 2023 8:05 pm; edited 1 time in total |
|
Back to top |
|
|
pietinger Moderator
Joined: 17 Oct 2006 Posts: 4162 Location: Bavaria
|
|
Back to top |
|
|
Hu Moderator
Joined: 06 Mar 2007 Posts: 21639
|
Posted: Wed Oct 25, 2023 6:46 pm Post subject: |
|
|
When referring to a Wiki page, please link to it so we can check what you read. In this case, I can tell you that it is possible to have a kernel with (1) no module support, (2) dm-crypt support built-in, and (3) an initramfs that can unlock and mount an encrypted root filesystem. In almost all cases, the advice to make something a module when it is permanently used is because making it a module affects the order of when it activates, which can avoid the need to sequence components correctly and avoid the need to have the required components ready as early in the boot process. This advice most often comes up with firmware.
I cannot say whether dracut can handle this correctly, but I think it should be able to do so. |
|
Back to top |
|
|
NeddySeagoon Administrator
Joined: 05 Jul 2003 Posts: 54259 Location: 56N 3W
|
|
Back to top |
|
|
sublogic Apprentice
Joined: 21 Mar 2022 Posts: 222 Location: Pennsylvania, USA
|
Posted: Thu Oct 26, 2023 2:15 am Post subject: Re: dm-crypt without modules? |
|
|
thelordi wrote: | So my question is: (How) can I get dm-crypt to work without needing to rely on kernel modules and to some extent dracut (because I have not yet tried to integrate the dm-crypt module in the kernel without an initramfs but as a module)? | Can't you do a make localyesconfig and rebuild the kernel ? That will turn all the modules that are loaded at the time into builtin drivers, and deselect the rest.
(Don't forget to embed the firmware needed by your drivers.) |
|
Back to top |
|
|
thelordi n00b
Joined: 16 Sep 2023 Posts: 16
|
Posted: Thu Oct 26, 2023 8:04 pm Post subject: |
|
|
Thank you very much for all the help!
After now understanding the initramfs and modules a fair bit better, I was able to get it working without modules, until I managed to screw a fair few things up with dmcrypt. I now use an unencrypted / but still an encrypted /home, so I no longer need the initramfs as well.
And thank you pietinger for your guide, that was actually very much what I was looking for! |
|
Back to top |
|
|
pietinger Moderator
Joined: 17 Oct 2006 Posts: 4162 Location: Bavaria
|
Posted: Thu Oct 26, 2023 8:10 pm Post subject: |
|
|
thelordi wrote: | And thank you pietinger for your guide, that was actually very much what I was looking for! |
You a very Welcome !
Have fun with Gentoo ! |
|
Back to top |
|
|
|