我在博客上没有外壳的情况下就如何做到这一点做了说明,并将其与完整的磁盘加密安装结合在一起。
我们到达那里的分区方案如下所示:
1st - storage - FAT32, not bootable
no mount point
This can be as small or large as you want, this is just for the unencrypted storage.
2nd - boot - EXT4 unencrypted, bootable
used as Ext4 journaling file system
mount point: /boot
This only has to be a few hundred MB, the default for kali is just over 100MB, so 2-300 will do fine. This contains some static files to get the FDE'd Linux up and running.
Seeing as GRUB supports some encryption, you could include this, but we'll be keeping it simple today.
3rd- crypt - Logical volume group, not bootable
used as: physical volume for encryption.
mount point: /
At least 4GB. This will contain 2 'virtual' partitions, one for the root mount point, the other for swap space.