OCz Vertex 2 probably has an eraseblock size of 512kiB, so 1MB alignment works Same with Kingston SSDNow V-series
Pregap only needs 32 sectors; boot only needs about 16MB Make sure LUKS partition is aligned to 2048 sectors (1MB) on both sides! Leave about 40MB at the end. Might as well
Here's a layout for MBR:
p start end size type ---------------------------------------- p 0 31 32 0x00 # Pregap 1 32 34815 34784 0x83 # Boot 2 34816 107380735 107345920 0x44 # LUKS 3 107380736 107463887 83152 0x00 # SSD-padding
Here's a layout for GPT: Note the presence of EFIboot (32MB FAT32 /boot filesystem) and BIOSboot (where the GRUB2 stage1.5 code). Once again, make sure the LUKS partition is aligned to 2048 sectors (1MB) on both sides!
Ended up using Windows 7 installer to create the necessary GPT stuff; apparently the boot settings manager in the system configuration rom does not set it up correctly.
----start ------end -----size -----type ----name
0 0 1 pmbr ----
1 33 33 GPT ----
34 67583 67550 efi EFIboot
67584 107462655 107395072 LUKS LUKS
107462656 107463854 1199 boot BIOSboot
107463855 107463887 33 GPT ----
# Create the encrypted store # aes-xts-plain and aes-cbc-essiv:sha256 are equivalent, since they both mask the watermarking attacks present in aes-cbc-plain; aes-xts-essiv:sha256 is unnecessary. cryptsetup luksFormat -v -s 256 -c aes-cbc-essiv:sha256 -h sha1 --align-payload 2048 /dev/sda2 cryptsetup luksOpen /dev/sda2 mapajani # Obfuscate all empty space on the backing store badblocks -b1024 -c1024 -vvwt 0x00 /dev/mapper/mapajani # Or random or whatever; just need to write every sector of the raw dev # Carve up the encrypted store using LVM lvm pvcreate --verbose --metadatasize 1000k /dev/mapper/mapajani lvm pvs -oname,vg_mda_size,pe_start --units s # Make sure 'pe_start' is a multiple of 2048 (1MB) lvm vgcreate --verbose mapajani /dev/mapper/mapajani lvm pvs -oname,vg_mda_size,pe_start --units s # Output changes; make sure 'pe_start' is a multiple of 2048 (1MB) lvm lvcreate --verbose --extents 12079 --name root mapajani lvm lvcreate --verbose --extents 1024 --name swap mapajani # If using MBR: mke2fs -vvt ext2 -L mapajani-boot /dev/sda1 # If using GPT: mkdosfs -vvF32 -n mapajani-boot /dev/sda1 # Make root and swap: mke2fs -vvt ext4 -E lazy_itable_init=1 -L mapajani-root /dev/mapper/mapajani-root mkswap -f -L mapajani-swap /dev/mapper/mapajani-swap
When reconstituting an existing image, do something like this:
mkdir -p /media/dst mount -t ext4 -orelatime /dev/mapper/mapajani-root /media/dst # Copy critical stuff first ( cd /media/src/root; rsync --archive --hard-links --progress --sparse --stats --verbose +boot bin boot etc lib lib32 lib64 sbin /media/dst/ ) # Copy core stuff next ( cd /media/src/root; rsync --archive --hard-links --progress --sparse --stats --verbose dev root usr var /media/dst/ ) # Copy all the rest ( cd /media/src/root; rsync --archive --hard-links --progress --sparse --stats --verbose ./ /media/dst/ ) # Mount stuff to prepare for chroot # For MBR: mount -t ext2 -orelatime /dev/sda1 /media/dst/boot # For GPT: mount -t vfat -orelatime /dev/sda1 /media/dst/boot # Prepare for chroot mount -t devtmpfs devtmpfs /media/dst/dev mount -t devpts devpts /media/dst/dev/pts mount -t proc procfs /media/dst/proc mount -t sysfs sysfs /media/dst/sysfs # Chroot: chroot /media/dst bash # Install boot rsync --archive --hard-links --progress --sparse --stats --verbose /+boot/ /boot/ # Install grub grub-install /dev/sda
Make sure to update grub boot to include the new LUKS UUID so it can be autoloaded by initrd