i recently set up my laptop with a new install of gentoo linux. i’ve been using gentoo for years, but not on my laptop recently.
since encryption was no issue back then i had to get myself up to speed with cryptsetup and initramfs, which you can build yourself in gentoo. there is an option via genkernel to do this automatically, but where is the fun in that?
my basic setup includes two partitions. sda1 is boot, sda2 contains a crypt device, which contains the root partition and the user’s home partition in a lvm container.
this post is about cryptsetup and the method i use to swap the password for the container on every bootup with a cycling challenge response provided by the yubikey. let’s get to it!