Well, the EXACT (and USB-disk-proof) syntax is:
echo 'target=#TARGET#,source=/dev/disk/by-uuid/#UUID#' > /etc/initramfs-tools/conf.d/cryptroot
(thus leading to a '/dev/mapper/#TARGET#' device; otherwise, you get a '/dev/mapper/cryptroot' device)
Also, make sure to add the proper modules in '/etc/initramfs-tools/modules'. Mine are:
dm_crypt
aes_i586
gf128mul
lrw
(this depends on which ciphers you use; 'diff' the 'lsmod' output before/after activating the LUKS partition to find out which additional modules may be needed)
As for "best practices": I personally see no benefits (more like drawbacks) in encrypting my system libraries, executables, package cache, etc. on a netbook with a slow CPU...
Well, the EXACT (and USB-disk-proof) syntax is: #TARGET# ,source= /dev/disk/ by-uuid/ #UUID#' > /etc/initramfs- tools/conf. d/cryptroot #TARGET# ' device; otherwise, you get a '/dev/mapper/ cryptroot' device)
echo 'target=
(thus leading to a '/dev/mapper/
Also, make sure to add the proper modules in '/etc/initramfs -tools/ modules' . Mine are:
dm_crypt
aes_i586
gf128mul
lrw
(this depends on which ciphers you use; 'diff' the 'lsmod' output before/after activating the LUKS partition to find out which additional modules may be needed)
As for "best practices": I personally see no benefits (more like drawbacks) in encrypting my system libraries, executables, package cache, etc. on a netbook with a slow CPU...
Cheers