Partial update of translation

7 files changed, 499 insertions, 76 deletions

diff --git a/nl/appendix/preseed.xml b/nl/appendix/preseed.xml
index 256a8cac1..fb860ef5c 100644
--- a/nl/appendix/preseed.xml
+++ b/nl/appendix/preseed.xml
@@ -1,5 +1,5 @@
 <!-- retain these comments for translator revision tracking -->
-<!-- original version: 38290 untranslated -->
+<!-- original version: 38662 untranslated -->
 
 <!--
 Be carefull with the format of this file as it is parsed to generate
@@ -610,6 +610,21 @@ If you need to pick a particular interface when netbooting before loading
 a preconfiguration file from the network, use a boot parameter such as
 <userinput>interface=<replaceable>eth1</replaceable></userinput>.
 
+</para><para>
+
+Although preseeding the network configuration is normally not possible when
+using network preseeding (using <quote>preseed/url</quote>), you can use
+the following hack to work around that, for example if you'd like to set a
+static address for the network interface. The hack is to force the network
+configuration to run again after the preconfiguration file has been loaded
+by creating a <quote>preseed/run</quote> script containing the following
+lines:
+
+<informalexample><screen>
+killall.sh dhclient
+netcfg
+</screen></informalexample>
+
 </para>
 
 <informalexample role="example"><screen>
@@ -727,6 +742,8 @@ correct one will be selected before using preseeding.
 # be given in either devfs or traditional non-devfs format.
 # For example, to use the first disk devfs knows of:
 d-i partman-auto/disk string /dev/discs/disc0/disc
+# Or, if you want to use LVM:
+#d-i partman-auto-lvm/disk string /dev/discs/disc0/disc
 
 # You can choose from any of the predefined partitioning recipes.
 # Note: this must be preseeded with a localized (translated) value.
diff --git a/nl/hardware/hardware-supported.xml b/nl/hardware/hardware-supported.xml
index 48c9f2acb..8d077a974 100644
--- a/nl/hardware/hardware-supported.xml
+++ b/nl/hardware/hardware-supported.xml
@@ -1,5 +1,5 @@
 <!-- retain these comments for translator revision tracking -->
-<!-- original version: 36908 untranslated -->
+<!-- original version: 38778 untranslated -->
 
  <sect1 id="hardware-supported">
  <title>Supported Hardware</title>
@@ -100,7 +100,7 @@ variations of each architecture known as <quote>flavors</quote>.
   <entry>nslu2</entry>
 </row><row>
   <entry>RiscPC</entry>
-  <entry>riscpc</entry>
+  <entry>rpc</entry>
 </row>
 
 <row>
@@ -137,13 +137,11 @@ variations of each architecture known as <quote>flavors</quote>.
 </row>
 
 <row>
-  <entry morerows="4">MIPS (big endian)</entry>
-  <entry morerows="4">mips</entry>
-  <entry morerows="1">SGI IP22 (Indy/Indigo 2)</entry>
+  <entry morerows="3">MIPS (big endian)</entry>
+  <entry morerows="3">mips</entry>
+  <entry>SGI IP22 (Indy/Indigo 2)</entry>
   <entry>r4k-ip22</entry>
 </row><row>
-  <entry>r5k-ip22</entry>
-</row><row>
   <entry>SGI IP32 (O2)</entry>
   <entry>r5k-ip32</entry>
 </row><row>
diff --git a/nl/hardware/supported/powerpc.xml b/nl/hardware/supported/powerpc.xml
index fbc4b2f8b..4074149d4 100644
--- a/nl/hardware/supported/powerpc.xml
+++ b/nl/hardware/supported/powerpc.xml
@@ -1,13 +1,13 @@
 <!-- retain these comments for translator revision tracking -->
-<!-- original version: 30269 untranslated -->
+<!-- original version: 38791 untranslated -->
 
 
   <sect2 arch="powerpc"><title>CPU, Main Boards, and Video Support</title>
 <para>
 
 There are four major supported <emphasis>&architecture;</emphasis>
-subarchitectures: PMac (Power-Macintosh), PReP, APUS (Amiga Power-UP
-System), and CHRP machines. Each subarchitecture has its own boot
+subarchitectures: PMac (Power-Macintosh or PowerMac), PReP, APUS (Amiga 
+Power-UP System), and CHRP machines. Each subarchitecture has its own boot
 methods. In addition, there are four different kernel flavours,
 supporting different CPU variants.
 
@@ -32,34 +32,42 @@ CPU type:
 <listitem><para>
 
 Most systems use this kernel flavour, which supports the PowerPC 601,
-603, 604, 740, 750, and 7400 processors. All Apple Power Macintosh
-systems up to and including the G4 use one of these processors.
+603, 604, 740, 750, and 7400 processors. All Apple PowerMac machines 
+up to and including the one marketed as G4 use one of these processors.
 
 </para></listitem>
 </varlistentry>
 
 <varlistentry>
-<term>power3</term>
+<term>power64</term>
 <listitem><para>
 
+The power64 kernel flavour supports the following CPUs:
+
+</para><para>
+
 The POWER3 processor is used in older IBM 64-bit server systems: known
 models include the IntelliStation POWER Model 265, the pSeries 610 and
 640, and the RS/6000 7044-170, 7043-260, and 7044-270.
 
-</para></listitem>
-</varlistentry>
-
-<varlistentry>
-<term>power4</term>
-<listitem><para>
+</para><para>
 
 The POWER4 processor is used in more recent IBM 64-bit server systems:
 known models include the pSeries 615, 630, 650, 655, 670, and 690.
 
 </para><para>
 
-The Apple G5 is also based on the POWER4 architecture, and uses this
-kernel flavour.
+Systems using the Apple G5 (PPC970FX processor) are also based on the
+POWER4 architecture, and use this kernel flavour.
+
+</para></listitem>
+</varlistentry>
+
+<varlistentry>
+<term>prep</term>
+<listitem><para>
+
+This kernel flavour supports the PReP subarchitecture.
 
 </para></listitem>
 </varlistentry>
@@ -68,7 +76,8 @@ kernel flavour.
 <term>apus</term>
 <listitem><para>
 
-This kernel flavour supports the Amiga Power-UP System.
+This kernel flavour supports the Amiga Power-UP System, though it is
+currently disabled.
 
 </para></listitem>
 </varlistentry>
@@ -83,62 +92,24 @@ This kernel flavour supports the Amiga Power-UP System.
 <para>
 
 Apple (and briefly a few other manufacturers &mdash; Power Computing, for
-example) makes a series of Macintosh computers based on the PowerPC
+example) made a series of Macintosh computers based on the PowerPC
 processor. For purposes of architecture support, they are categorized
-as NuBus, OldWorld PCI, and NewWorld.
-
-</para><para>
-
-Macintosh computers using the 680x0 series of processors are not in
-the PowerPC family but are instead m68k machines. Those models start
-with <quote>Mac II</quote> or have a 3-digit model number such as Centris 650
-or Quadra 950. Apple's pre-iMac PowerPC model numbers have four digits.
-
-</para><para>
-
-NuBus systems are not currently supported by debian/powerpc. The
-monolithic Linux/PPC kernel architecture does not have support for
-these machines; instead, one must use the MkLinux Mach microkernel,
-which Debian does not yet support. These include the following:
-
-<itemizedlist>
-<listitem><para>
-
-Power Macintosh 6100, 7100, 8100
-
-</para></listitem>
-<listitem><para>
-
-Performa 5200, 6200, 6300
-
-</para></listitem>
-<listitem><para>
-
-Powerbook 1400, 2300, and 5300
-
-</para></listitem>
-<listitem><para>
-
-Workgroup Server 6150, 8150, 9150
-
-</para></listitem>
-</itemizedlist>
-
-A linux kernel for these machines and limited support is available at
-<ulink url="http://nubus-pmac.sourceforge.net/"></ulink>
+as NuBus (not supported by Debian), OldWorld, and NewWorld.
 
 </para><para>
 
 OldWorld systems are most Power Macintoshes with a floppy drive and a
 PCI bus. Most 603, 603e, 604, and 604e based Power Macintoshes are
-OldWorld machines. The beige colored G3 systems are also OldWorld.
+OldWorld machines. Those pre-iMac PowerPC models from Apple use a 
+four digit naming scheme, except for the beige colored G3 systems, which 
+are also OldWorld.
 
 </para><para>
 
 The so called NewWorld PowerMacs are any PowerMacs in translucent
-colored plastic cases. That includes all iMacs, iBooks, G4 systems,
-blue colored G3 systems, and most PowerBooks manufactured in and after
-1999. The NewWorld PowerMacs are also known for using the <quote>ROM in
+colored plastic cases and later models. That includes all iMacs, iBooks,
+G4 systems, blue colored G3 systems, and most PowerBooks manufactured in and
+after 1999. The NewWorld PowerMacs are also known for using the <quote>ROM in
 RAM</quote> system for MacOS, and were manufactured from mid-1998 onwards.
 
 </para><para>
@@ -164,7 +135,7 @@ and, for older hardware,
 
 <tbody>
 <row>
-  <entry morerows="22">Apple</entry>
+  <entry morerows="27">Apple</entry>
   <entry>iMac Bondi Blue, 5 Flavors, Slot Loading</entry>
   <entry>NewWorld</entry>
 </row><row>
@@ -281,7 +252,7 @@ and, for older hardware,
 </para>
 
    </sect3>
-
+ 
    <sect3><title>PReP subarchitecture</title>
 
 <para>
@@ -377,5 +348,74 @@ and, for older hardware,
 </tbody></tgroup></informaltable>
 
 </para>
+
+   </sect3>
+
+   <sect3><title>Nubus PowerMac subarchitecture (unsupported)</title>
+
+<para>
+
+NuBus systems are not currently supported by Debian/powerpc. The
+monolithic Linux/PPC kernel architecture does not have support for
+these machines; instead, one must use the MkLinux Mach microkernel,
+which Debian does not yet support. These include the following:
+
+<itemizedlist>
+<listitem><para>
+
+Power Macintosh 6100, 7100, 8100
+
+</para></listitem>
+<listitem><para>
+
+Performa 5200, 6200, 6300
+
+</para></listitem>
+<listitem><para>
+
+Powerbook 1400, 2300, and 5300
+
+</para></listitem>
+<listitem><para>
+
+Workgroup Server 6150, 8150, 9150
+
+</para></listitem>
+</itemizedlist>
+
+A linux kernel for these machines and limited support is available at
+<ulink url="http://nubus-pmac.sourceforge.net/"></ulink>.
+
+</para>
+
+   </sect3>
+
+   <sect3><title>Non-PowerPC Macs</title>
+
+<para>
+
+Macintosh computers using the 680x0 series of processors are
+<emphasis>not</emphasis> in the PowerPC family but are instead m68k
+machines. Those models start with <quote>Mac II</quote> series, go on
+to the <quote>LC</quote> family, then the Centris series, and culminate
+in the Quadras and Performas. These models usually have a Roman numeral
+or 3-digit model number such as Mac IIcx, LCIII or Quadra 950.
+
+</para><para>
+
+This model range started with the Mac II (Mac II, IIx, IIcx, IIci,
+IIsi, IIvi, IIvx, IIfx), then the LC (LC, LCII, III, III+, 475, 520,
+550, 575, 580, 630), then the Mac TV, then the Centris (610, 650,
+660AV), the Quadra (605, 610, 630, 650, 660AV, 700, 800, 840AV, 900,
+950), and finally the Performa 200-640CD.
+
+</para><para>
+
+In laptops, it started with the Mac Portable, then the PowerBook
+100-190cs and the PowerBook Duo 210-550c (excluding PowerBook 500
+which is Nubus, please see the section above).
+
+</para>
+
    </sect3>
-  </sect2>
+ </sect2>
diff --git a/nl/preparing/needed-info.xml b/nl/preparing/needed-info.xml
index d86263e77..5b530d25e 100644
--- a/nl/preparing/needed-info.xml
+++ b/nl/preparing/needed-info.xml
@@ -1,5 +1,5 @@
 <?xml version="1.0" encoding="ISO-8859-1"?>
-<!-- original version: 35130 -->
+<!-- original version: 38334 -->
 
  <sect1 id="needed-info">
  <title>Benodigde informatie</title>
@@ -208,7 +208,8 @@ uw netwerk en e-mail.
   <entry>Hoeveel heeft u er.</entry>
 </row>
 <row arch="not-s390"><entry>Hun volgorde in het systeem.</entry></row>
-<row arch="not-s390;not-m68k">
+<!-- "not-m68k;not-s390" would really turn out to be everything... -->
+<row arch="alpha;arm;hppa;i386;ia64;mips;mipsel;powerpc;sparc">
   <entry>Zijn ze IDE of SCSI (de meeste computers hebben IDE).</entry>
 </row>
 <row arch="m68k">
diff --git a/nl/using-d-i/components.xml b/nl/using-d-i/components.xml
index 3399fcf6c..11b8c3460 100644
--- a/nl/using-d-i/components.xml
+++ b/nl/using-d-i/components.xml
@@ -1,5 +1,5 @@
 <?xml version="1.0" encoding="ISO-8859-1"?>
-<!-- original version: 37253 -->
+<!-- original version: 38703 -->
 
  <sect1 id="module-details">
  <title>Individuele modules gebruiken</title>
@@ -77,6 +77,7 @@ LVM of RAID worden geconfigureerd.
 &module-partconf.xml;
 &module-lvmcfg.xml;
 &module-mdcfg.xml;
+&module-partman-crypto.xml;
   </sect2>
 
   <sect2 id="di-system-setup">
diff --git a/nl/using-d-i/modules/mdcfg.xml b/nl/using-d-i/modules/mdcfg.xml
index 5211bc12c..80316b63f 100644
--- a/nl/using-d-i/modules/mdcfg.xml
+++ b/nl/using-d-i/modules/mdcfg.xml
@@ -1,5 +1,5 @@
 <?xml version="1.0" encoding="ISO-8859-1"?>
-<!-- original version: 33725 -->
+<!-- original version: 38703 -->
 
    <sect3 id="mdcfg">
    <title>Meervoudige schijfapparaten configureren (Software-RAID)</title>
@@ -172,6 +172,9 @@ installatiestappen handmatig uit te voeren vanuit een opdrachtschil.
 
 Vervolgens dient u in het hoofdmenu van <command>partman</command>
 te kiezen voor <guimenuitem>Software-RAID instellen</guimenuitem>.
+(N.B. Dit menu verschijnt pas nadat u tenminste één partitie heeft
+gemarkeerd voor gebruik als <guimenuitem>Fysiek volume voor
+RAID</guimenuitem>.)
 Kies dan op het eerste scherm van <command>mdcfg</command> voor
 <guimenuitem>MD-apparaat aanmaken</guimenuitem>. Er zal een lijst
 met ondersteunde typen MD-apparaten worden getoond, waaruit u er één
diff --git a/nl/using-d-i/modules/partman-crypto.xml b/nl/using-d-i/modules/partman-crypto.xml
new file mode 100644
index 000000000..08fbbe1ec
--- /dev/null
+++ b/nl/using-d-i/modules/partman-crypto.xml
@@ -0,0 +1,363 @@
+<!-- retain these comments for translator revision tracking -->
+<!-- original version: 38703 untranslated -->
+
+   <sect3 id="partman-crypto">
+   <title>Configuring Encrypted Volumes</title>
+<para>
+
+&d-i; allows you to set up encrypted partitions. Every file you write
+to such a partition is immediately saved to the device in encrypted
+form. Access to the encrypted data is granted only after entering
+the <firstterm>passphrase</firstterm> used when the encrypted
+partition was originally created. This feature is useful to protect
+sensitive data in case your laptop or hard drive gets stolen. The
+thief might get physical access to the hard drive, but without knowing
+the right passphrase, the data on the hard drive will look like random
+characters.
+
+</para><para>
+
+The two most important partitions to encrypt are: the home partition,
+where your private data resides, and the swap partition, where
+sensitive data might be stored temporarily during operation. Of
+course, nothing prevents you from encrypting any other partitions that might
+be of interest. For example <filename>/var</filename> where database
+servers, mail servers or print servers store their data, or
+<filename>/tmp</filename> which is used by various programs to store
+potentially interesting temporary files. Some people may even want to
+encrypt their whole system.  The only exception is
+the <filename>/boot</filename> partition which must remain
+unencrypted, because currently there is no way to load the kernel from
+an encrypted partition.
+
+</para><note><para>
+
+Please note that the performance of encrypted partitions will be
+less than that of unencrypted ones because the data needs to be
+decrypted or encrypted for every read or write. The performance impact
+depends on your CPU speed, chosen cipher and a key length.
+
+</para></note><para>
+
+To use encryption, you have to create a new partition by selecting
+some free space in the main partitioning menu. Another option is to
+choose an existing partition (e.g. a regular partition, an LVM logical
+volume or a RAID volume). In the <guimenu>Partition setting</guimenu>
+menu, you need to select <guimenuitem>physical volume for
+encryption</guimenuitem> at the <menuchoice> <guimenu>Use
+as:</guimenu> </menuchoice> option. The menu will then change to
+include several cryptographic options for the partition.
+
+</para><para>
+
+&d-i; supports several encryption methods. The default method
+is <firstterm>dm-crypt</firstterm> (included in newer Linux kernels,
+able to host LVM physical volumes), the other
+is <firstterm>loop-AES</firstterm> (older, maintained separately from
+the Linux kernel tree). Unless you have compelling reasons to do
+otherwise, it is recommended to use the default.
+
+<!-- TODO: link to the "Debian block device encryption guide"
+     once Max writes it :-) -->
+
+</para><para>
+
+First, let's have a look at available options available when you
+select <userinput>Device-mapper (dm-crypt)</userinput> as the
+encryption method. As always: when in doubt, use the defaults, because
+they have been carefully chosen with security in mind.
+
+<variablelist>
+
+<varlistentry>
+<term>Encryption: <userinput>aes</userinput></term>
+
+<listitem><para>
+
+This option lets you select the encryption algorithm
+(<firstterm>cipher</firstterm>) which will be used to encrypt the data
+on the partition. &d-i; currently supports the following block
+ciphers: <firstterm>aes</firstterm>, <firstterm>blowfish</firstterm>,
+<firstterm>serpent</firstterm>, and <firstterm>twofish</firstterm>.
+It is beyond the scope of this document to discuss the qualities of
+these different algorithms, however, it might help your decision to
+know that in 2000, <emphasis>AES</emphasis> was chosen by the American
+National Institute of Standards and Technology as the standard
+encryption algorithm for protecting sensitive information in the 21st
+century.
+
+</para></listitem>
+</varlistentry>
+
+<varlistentry>
+<term>Key size: <userinput>256</userinput></term>
+
+<listitem><para>
+
+Here you can specify the length of the encryption key. With a larger
+key size, the strength of the encryption is generally improved. On the
+other hand, increasing the length of the key usually has a negative
+impact on performance. Available key sizes vary depending on the
+cipher.
+
+</para></listitem>
+</varlistentry>
+
+<varlistentry>
+<term>IV algorithm: <userinput>cbc-essiv:sha256</userinput></term>
+
+<listitem><para>
+
+The <firstterm>Initialization Vector</firstterm> or
+<firstterm>IV</firstterm> algorithm is used in cryptography to ensure
+that applying the cipher on the same <firstterm>clear text</firstterm>
+data with the same key always produces a unique
+<firstterm>cipher text</firstterm>. The idea is to prevent the
+attacker from deducing information from repeated patterns in the encrypted
+data.
+
+</para><para>
+
+From the provided alternatives, the default
+<userinput>cbc-essiv:sha256</userinput> is currently the least
+vulnerable to known attacks. Use the other alternatives only when you
+need to ensure compatibility with some previously installed system
+that is not able to use newer algorithms.
+
+</para></listitem>
+</varlistentry>
+
+<varlistentry>
+<term>Encryption key: <userinput>Passphrase</userinput></term>
+
+<listitem><para>
+
+Here you can choose the type of the encryption key for this partition.
+
+ <variablelist>
+ <varlistentry>
+ <term>Passphrase</term>
+ <listitem><para>
+
+The encryption key will be computed<footnote>
+<para>
+
+Using a passphrase as the key currently means that the partition will
+be set up using <ulink url="&url-luks;">LUKS</ulink>.
+
+</para></footnote> on the basis of a passphrase which you will be able
+to enter later in the process.
+
+ </para></listitem>
+ </varlistentry>
+
+ <varlistentry>
+ <term>Random key</term>
+ <listitem><para>
+
+A new encryption key will be generated from random data each time you
+try to bring up the encrypted partition.  In other words: on every
+shutdown the content of the partition will be lost as the key is
+deleted from memory. (Of course, you could try to guess the key with a
+brute force attack, but unless there is an unknown weakness in the
+cipher algorithm, it is not achievable in our lifetime.)
+
+ </para><para>
+
+Random keys are useful for swap partitions because you do not need to
+bother yourself with remembering the passphrase or wiping sensitive
+information from the swap partition before shutting down your
+computer. However, it also means that you
+will <emphasis>not</emphasis> be able to use
+the <quote>suspend-to-disk</quote> functionality offered by newer
+Linux kernels as it will be impossible (during a subsequent boot) to
+recover the suspended data written to the swap partition.
+
+ </para></listitem>
+ </varlistentry>
+ </variablelist>
+
+</para></listitem>
+</varlistentry>
+
+<varlistentry>
+<term>Erase data: <userinput>yes</userinput></term>
+
+<listitem><para>
+
+Determines whether the content of this partition should be overwritten
+with random data before setting up the encryption. This is recommended
+because it might otherwise be possible for an attacker to discern
+which parts of the partition are in use and which are not. In
+addition, this will make it harder to recover any leftover data from
+previous installations<footnote><para>
+
+It is believed that the guys from three-letter agencies can restore
+the data even after several rewrites of the magnetooptical media,
+though.
+
+</para></footnote>.
+
+</para></listitem>
+</varlistentry>
+
+</variablelist>
+
+</para><para>
+
+If you select <menuchoice> <guimenu>Encryption method:</guimenu>
+<guimenuitem>Loopback (loop-AES)</guimenuitem> </menuchoice>, the menu
+changes to provide the following options:
+
+
+<variablelist>
+<varlistentry>
+<term>Encryption: <userinput>AES256</userinput></term>
+
+<listitem><para>
+
+For loop-AES, unlike dm-crypt, the options for cipher and key size are
+combined, so you can select both at the same time.  Please see the
+above sections on ciphers and key sizes for further information.
+
+</para></listitem>
+</varlistentry>
+
+<varlistentry>
+<term>Encryption key: <userinput>Keyfile (GnuPG)</userinput></term>
+
+<listitem><para>
+
+Here you can select the type of the encryption key for this partition.
+
+ <variablelist>
+ <varlistentry>
+ <term>Keyfile (GnuPG)</term>
+ <listitem><para>
+
+The encryption key will be generated from random data during the
+installation. Moreover this key will be encrypted
+with <application>GnuPG</application>, so to use it, you will need to
+enter the proper passphrase (you will be asked to provide one later in
+the process).
+
+ </para></listitem>
+ </varlistentry>
+
+ <varlistentry>
+ <term>Random key</term>
+ <listitem><para>
+
+Please see the the section on random keys above.
+
+ </para></listitem>
+ </varlistentry>
+ </variablelist>
+
+</para></listitem>
+</varlistentry>
+
+<varlistentry>
+<term>Erase data: <userinput>yes</userinput></term>
+
+<listitem><para>
+
+Please see the the section on erasing data above.
+
+</para></listitem>
+</varlistentry>
+
+</variablelist>
+
+</para><note><para>
+
+Please note that the <emphasis>graphical</emphasis> version of the
+installer still has some limitations when compared to the textual
+one. For cryptography it means you can set up only volumes using
+<emphasis>passphrases</emphasis> as the encryption keys.
+
+</para></note><para>
+
+
+After you have selected the desired parameters for your encrypted
+partitions, return back to the main partitioning menu. There should
+now be a new menu item called <guimenu>Configure encrypted
+volumes</guimenu>.  After you select it, you will be asked to confirm
+the deletion of data on partitions marked to be erased and possibly
+other actions such as writing a new partition table.  For large
+partitions this might take some time.
+
+</para><para>
+
+Next you will be asked to enter a passphrase for partitions configured
+to use one.  Good passphrases should be longer than 8 characters,
+should be a mixture of letters, numbers and other characters and
+should not contain common dictionary words or information easily
+associable with you (such as birthdates, hobbies, pet names, names of
+family members or relatives, etc.).
+
+</para><warning><para>
+
+Before you input any passphrases, you should have made sure that your
+keyboard is configured correctly and generates the expected
+characters. If you are unsure, you can switch to the second virtual
+console and type some text at the prompt. This ensures that you won't be
+surprised later, e.g. by trying to input a passphrase using a qwerty 
+keyboard layout when you used an azerty layout during the installation.
+This situation can have several causes. Maybe you switched to another
+keyboard layout during the installation, or the selected keyboard layout
+might not have been set up yet when entering the passphrase for the
+root file system.
+
+</para></warning><para>
+
+If you selected to use methods other than a passphrase to create
+encryption keys, they will be generated now. Because the kernel may
+not have gathered a sufficient amount of entropy at this early stage
+of the installation, the process may take a long time. You can help
+speed up the process by generating entropy: e.g. by pressing random
+keys, or by switching to the shell on the second virtual console and
+generating some network and disk traffic (downloading some files,
+feeding big files into <filename>/dev/null</filename>, etc.).
+
+<!-- TODO: Mention hardware random generators when we will support
+     them -->
+
+This will be repeated for each partition to be encrypted.
+
+</para><para>
+
+After returning to the main partitioning menu, you will see all
+encrypted volumes as additional partitions which can be configured in
+the same way as ordinary partitions. The following example shows two
+different volumes. The first one is encrypted via dm-crypt, the second
+one via loop-AES.
+
+<informalexample><screen>
+Encrypted volume (<replaceable>crypt0</replaceable>) - 115.1 GB Linux device-mapper
+     #1 115.1 GB  F ext3
+
+Loopback (<replaceable>loop0</replaceable>) - 515.2 MB AES256 keyfile
+     #1 515.2 MB  F ext3
+</screen></informalexample>
+
+Now is the time to assign mount points to the volumes and optionally
+change the file system types if the defaults do not suit you.
+
+</para><para>
+
+One thing to note here are the identifiers in parentheses
+(<replaceable>crypt0</replaceable>
+and <replaceable>loop0</replaceable> in this case) and the mount
+points you assigned to each encrypted volume. You will need this
+information later when booting the new system. The differences between
+ordinary boot process and boot process with encryption involved will
+be covered later in <xref linkend="mount-encrypted-volumes"/>.
+
+</para><para>
+
+Once you are satisfied with the partitioning scheme, continue with the
+installation.
+
+</para>
+   </sect3>