Boot Encrypted Linux Rootfs /w `cryptsetup open --type tcrypt --veracrypt`

[justhx0r]

As of now, Veracrrypt doesn't( officially - though workarounds exist ) support encrypting a linux rootfs.

Reason probably having to do with it's custom boot manager.

Suggestion: Implement Temporary support cia the cryptsetup open --type tcrypt --veracrypt . The only thing missing there is an askpass shellscript to ask the user for the pim.

Suggestsed Encryption flow:

• Check whether /boot is a partition, if nott, make the rootfs smaller by 512MiB,,move kernel to a (private!!!) temporary directory, create /boot, move kernel over, thern continue
• Encrypt the linux filesystem the same way as on windows
• Write /etc/crypttab, specfiying tcrypt-veracrypt as well as the hash type chosen by the user
• Replace askpass shellscript with extended version
• EDIT: Forgot updating the initramfs, sorry Where would be the issue rolling this change out tomorrow? If you need help with either the shell script diving into your own projects code, feel free to ask, I'd be happy to help.

I mean, you might actually need to create a statically linked encryption helper, but since we have a TEMPDIR variable, there are hacks that can be used for that.

I must admit that there might be some differences between ext4 and ntfs I am not familiar with that, complicating the issue, depending on the existing implementation, but I would totally be willing to try implementing it in your project myself, but since I am not familiar with the code base yet I though I might just put this ... here ... to potentially decrease the time necessary for this implementation.

If I am mistaken, I would apologize, but still ask for any stumbling blocks that you see as the reason for you to believe that this wouldn't work, so that I might be aware of these potential issues along the way.