mirror of
https://github.com/AlexBocken/mykb.git
synced 2024-11-22 11:19:37 +01:00
remove references to sda3
This commit is contained in:
parent
e17201e8e9
commit
d9e33fc1de
@ -15,8 +15,8 @@ Note: for BIOS systems a dummy 1M parition would be also required. For UEFI this
|
|||||||
|
|
||||||
## Create LVM
|
## Create LVM
|
||||||
```sh
|
```sh
|
||||||
cryptsetup luksFormat /dev/sda3
|
cryptsetup luksFormat /dev/sda2
|
||||||
cryptsetup open /dev/sda3 cryptlvm
|
cryptsetup open /dev/sda2 cryptlvm
|
||||||
pvcreate /dev/mapper/cryptlvm
|
pvcreate /dev/mapper/cryptlvm
|
||||||
vgcreate vg /dev/mapper/crypylvm
|
vgcreate vg /dev/mapper/crypylvm
|
||||||
```
|
```
|
||||||
@ -102,7 +102,7 @@ and add to `GRUB_CMDLINE_LINUX`: (can have multiple, space-separated arguments s
|
|||||||
```/etc/default/grub
|
```/etc/default/grub
|
||||||
GRUB_CMDLINE_LINUX="cryptdevice=UUID=device-UUID:cryptlvm"
|
GRUB_CMDLINE_LINUX="cryptdevice=UUID=device-UUID:cryptlvm"
|
||||||
```
|
```
|
||||||
and replace "device-UUID" with the uuid we got for `/dev/sda3` from the previous `ls` command. Of course remove all the trailing `ls` output.
|
and replace "device-UUID" with the uuid we got for `/dev/sda2` from the previous `ls` command. Of course remove all the trailing `ls` output.
|
||||||
|
|
||||||
```sh
|
```sh
|
||||||
grub-install --target=x86_64-efi --efi-directory=/efi --bootloader-id=GRUB --recheck
|
grub-install --target=x86_64-efi --efi-directory=/efi --bootloader-id=GRUB --recheck
|
||||||
@ -120,7 +120,7 @@ set prefix=($root)/boot/grub
|
|||||||
insmod normal
|
insmod normal
|
||||||
normal
|
normal
|
||||||
```
|
```
|
||||||
and replace device-UUID with the same device-UUID as before, (again, a `ls -l /dev/disk/by-uuid >> /boot/grub/grub-pre.cfg` can help here to get the UUID for `/dev/sda3`)
|
and replace device-UUID with the same device-UUID as before, (again, a `ls -l /dev/disk/by-uuid >> /boot/grub/grub-pre.cfg` can help here to get the UUID for `/dev/sda2`)
|
||||||
|
|
||||||
Now we can overwrite our previously generated grubx64.efi with a luks2 compatible one:
|
Now we can overwrite our previously generated grubx64.efi with a luks2 compatible one:
|
||||||
```sh
|
```sh
|
||||||
@ -135,7 +135,7 @@ Create a keyfile:
|
|||||||
```sh
|
```sh
|
||||||
dd bs=512 count=4 if=/dev/random of=/crypto_keyfile.bin iflag=fullblock
|
dd bs=512 count=4 if=/dev/random of=/crypto_keyfile.bin iflag=fullblock
|
||||||
chmod 600 /crypto_keyfile.bin
|
chmod 600 /crypto_keyfile.bin
|
||||||
cryptsetup luksAddKey /dev/sda3 /crypto_keyfile.bin
|
cryptsetup luksAddKey /dev/sda2 /crypto_keyfile.bin
|
||||||
```
|
```
|
||||||
Add this to the initramfs:
|
Add this to the initramfs:
|
||||||
```/etc/mkinitcpio.conf
|
```/etc/mkinitcpio.conf
|
||||||
@ -167,8 +167,8 @@ cryptsetup luksFormat /dev/sdX
|
|||||||
cryptsetup open /dev/sdX YourDiskNameHere
|
cryptsetup open /dev/sdX YourDiskNameHere
|
||||||
mkfs.ext4 /dev/mapper/YourDiskNameHere
|
mkfs.ext4 /dev/mapper/YourDiskNameHere
|
||||||
```
|
```
|
||||||
If you do not wish to have to enter the additional password on boot-up you will have to create a keyfile like we did for our /dev/sda3 above.
|
If you do not wish to have to enter the additional password on boot-up you will have to create a keyfile like we did for our /dev/sda2 above.
|
||||||
Of course this will lessen security as any additional hard-drives can also be decrypted if `/dev/sda3` has been decrypted or cracked.
|
Of course this will lessen security as any additional hard-drives can also be decrypted if `/dev/sda2` has been decrypted or cracked.
|
||||||
|
|
||||||
Systemd can autodetec keys in `/etc/cryptsetup-keys.d` if they have the pattern `YourDiskNameHere.key`. Create this directory if not already present:
|
Systemd can autodetec keys in `/etc/cryptsetup-keys.d` if they have the pattern `YourDiskNameHere.key`. Create this directory if not already present:
|
||||||
```sh
|
```sh
|
||||||
|
Loading…
Reference in New Issue
Block a user