Make sure your /etc/fstab contains:
/dev/loop0 / ext2 defaults 0 1 |
At this point, hda3 is not needed anymore, so you can create an encrypted filesystem on this partition and use it as a backup.
Also, it is a good idea to check the boot partition integrity inside the encrypted partition, in order to spot if a government agency like the FBI or the NSA has modified your boot partition so as to grab your password. Add the following script, which can be called for example S00checkloader, in the system startup directory (/etc/rcS.d/ under Debian):
#!/bin/sh
echo -n "Checking master boot record integrity: "
if [ "`dd if=/dev/hda count=1 2>/dev/null | md5sum`" = \
"e051a4532356709c73b86789acfbdbbd -" ]
then
echo "OK."
else
echo -n "FAILED! press Enter to continue."
read
fi
echo -n "Checking boot partition integrity: "
if [ "`dd if=/dev/hda1 2>/dev/null | md5sum`" = \
"f3686a17fac8a1090d962bef59c86d3b -" ]
then
echo "OK."
else
echo -n "FAILED! press Enter to continue."
read
fi |
(you should replace the two md5sums above with the correct ones).
Now, if you're low on RAM you'll need some swap space. Let's suppose hda4 will hold your encrypted swap partition; you must create the swap device first:
# shred -n 1 -v /dev/hda4 # losetup -e aes128 /dev/loop1 /dev/hda4 # mkswap /dev/loop1 |
Then add the following lines at the end of S00checkloader:
echo "password chosen above" | \
losetup -p 0 -e aes128 /dev/loop1 /dev/hda4
swapon /dev/loop1 |