sudo cp ../initrd.img /mnt/initrd.img-2.6.26-2-686
</pre></p>
+<h3>Custom disk layout</h3>
+
+<p>USB sticks tend to be too small for what they are needed.
+Therefore it is a good idea to save as much space as possible. You
+don't need 256 MB for <code>/boot</code> for example. 64 MB space is
+sufficient for two kernels and initrd. Since USB sticks also tend to
+be slow for write accesses their usefullness as swap device is highly
+questionable. To have some more space for your GNU/Linux system, you
+may want to skip the swap partition as well.</p>
+
+<p>Select "Manual" in the partitioner and clean remov all partitions
+from the USB stick. Next create your boot partition of the size you
+prefer and select <code>ext2</code> as filesystem. Don't forget the
+<code>noatime</code> and <code>relatime</code> options.</p>
+
+<p>The next step is to create the encrypted container for your root
+filesystem. Create another partition on your stick but don't assign a
+filesystem to it. Select "Physical volume for encryption" instead.
+Then switch back to the partition menu.</p>
+
+<p>Now select "Configure encrypted volumnes" and prepare the new
+partition. You should be prepared to enter a long passphrase to
+protect the encrypted container. Wiping the disk before will take a
+while. Use it to generate a good passphrase. After the container has
+been created an <code>ext3</code> filesystem is built upon it. You
+can switch to <code>ext2</code> and select filesystem options later.
+The filesystem will be rebuilt afterwards.</p>
+
+<p>The rest of the installation is as usual. Select the meta packages
+you'd like to install and install GRUB in the master boot record.
+Booting the system after reboot might not work, so you'll need an
+existing GNU/Linux system to alter the initial ramdisk.</p>
+
+<p>Find out the UUID of the partition hosting the encrypted container
+and adjust the config file <code>/conf/conf.d/cryptroot</code> to use
+the UUID instead of the canonical device name. The file should look
+like:</p>
+
+<p><pre>
+ target=sda2_crypt,source=UUID=118aad92-4ba2-4834-befa-1c3ff7a75689,key=none
+</pre></p>
+
+<p>After rebuilding the ramdisk as described above edit the
+<code>menu.lst</code> file to append <code>rootdelay=8</code>
+option. A boot record should look like:</p>
+
+<p><pre>
+ title Debian GNU/Linux, kernel 2.6.26-2-686
+ root (hd0,0)
+ kernel /vmlinuz-2.6.26-2-686 root=/dev/mapper/sda2_crypt ro quiet rootdelay=8
+ initrd /initrd.img-2.6.26-2-686
+</pre></p>
+
+<p>After that you should be able to boot your newly created system. The
+boot system will ask for the passphrase automatically upon boot and is
+unable to continue unless you have entered the correct passphrase.</p>
+
+<p>I've installed a regular Debian desktop on a USB stick with laptop
+features. After executing <code>apt-get clean</code> there was about
+1.2 GB free space on a 4 GB stick. That should be enough for a mobile
+system with some data. The larger the stick the more data can be
+stored on it, of course.</p>
+
</page>
# Local variables:
projects / infodrom.org / www.infodrom.org / commitdiff