I think I made a (tollerateable) mistake: My hard drive has two partitions: - sda1 - encrypted swap - sda2 - encrypted root
How should it boot? One way could be by external media (e.g. stick), other is from hard drive. But that is encrypted. So I must leave a small area left for kernel, initrd, System.map and maybe config. So the page at [1] is a little wrong because it misses the boot partition, so the new layout should be: - sda1 - unencrypted boot (/boot) partition - sda2 - encrypted swap (at least as double as your RAM) (crypt-swap) - sda3 - encrypted root (crypt-root) Can someone update this? Regards, Roland [1]: http://wiki.gentoo.org/wiki/DM-Crypt