@@ 5237,14 5237,24 @@ Setting up network access is almost always a requirement because the
image does not contain all the software and tools that may be needed.
@item
-Unless this has already been done, you must partition and format the
-target partitions.
+Unless this has already been done, you must partition, optionally
+encrypt, and then format the target partitions.
Preferably, assign partitions a label so that you can easily and
reliably refer to them in @code{file-system} declarations (@pxref{File
Systems}). This is typically done using the @code{-L} option of
@command{mkfs.ext4} and related commands.
+A typical command sequence may be:
+
+@example
+# fdisk /dev/sdX
+@dots{} Create partitions etc.@dots{}
+# cryptsetup luksFormat /dev/sdX1
+# cryptsetup open --type luks /dev/sdX1 my-partition
+# mkfs.ext4 -L my-root /dev/mapper/my-partition
+@end example
+
The installation image includes Parted (@pxref{Overview,,, parted, GNU
Parted User Manual}), @command{fdisk}, Cryptsetup/LUKS for disk
encryption, and e2fsprogs, the suite of tools to manipulate
@@ 13,9 13,17 @@
;; Assuming /dev/sdX is the target hard disk, and "root" is
;; the label of the target root file system.
(bootloader (grub-configuration (device "/dev/sdX")))
+
+ ;; Here we assume that /dev/sdX1 contains a LUKS-encrypted
+ ;; root partition created with 'cryptsetup luksFormat'.
+ (mapped-devices (list (mapped-device
+ (source "/dev/sdX1")
+ (target "root-partition")
+ (type luks-device-mapping))))
+
+ ;; Mount said encrypted partition.
(file-systems (cons (file-system
- (device "root")
- (title 'label)
+ (device "/dev/mapper/root-partition")
(mount-point "/")
(type "ext4"))
%base-file-systems))