Creating a Boot Partition on RHEL or CentOS 7

HyTrust requires a separate boot partition in which the HyTrust DataControl Policy Agent can be installed. How you do this depends on the version of Linux running on the server. For your convenience, the following sections explain how to set up a separate boot partition on CentOS 7.

Assume that the current Linux is installed on device /dev/sda and the GRUB stage1 bootloader is also installed on /dev/sda. This is a typical Linux installation. Assuming you add a new device named /dev/sdb to hold the new boot partition, you should create a partition on it using fdisk or sfdisk. For example:

# sfdisk -f -uS -D /dev/sdb << EOF
2048,,83,*

EOF

# partprobe

Find out the space required by the /boot subtree:

# du -sh /boot

The new boot partition should have at least have two times this space. As a rule of thumb, the space provided should be twice the space used by /boot, plus 100MB. Format the new partition with ext4 or ext3. For example:

# mkfs.ext4 /dev/sdb1

Copy the files from the /boot directory to the new boot partition:

# mkdir -p /tmp/sdb1
# mount /dev/sdb1  /tmp/sdb1
# cp -a /boot/* /tmp/sdb1

Find the UUID of the new boot partition:

# blkid /dev/sdb1
# umount /tmp/sdb1

Add an entry to /etc/fstab to mount the new boot partition, as follows:

UUID=<uuid> /boot ext4 rw 0 0

Mount the /boot partition.

# mount /boot

Re-install GRUB on the current boot device (GRUB files go to /boot which you mounted in the previous step). For example:

# grub2-install /dev/sda

Note that GRUB is being installed on /dev/sda but the boot directory comes from /dev/sdb1. Update your GRUB configuration to take this change into account:

# grub2-mkconfig -o /boot/grub2/grub.cfg

Your system is ready now, so reboot and confirm that all is well.

What to Do Next 

Verify the configuration as described in Verifying the Current VM Configuration and then encrypt the boot disk as described in Encrypting Linux Root and Swap Drives.