scratch

Differences

This shows you the differences between two versions of the page.

Link to this comparison view

Both sides previous revision Previous revision
Next revisionBoth sides next revision
scratch [2019/03/09 15:07] – [LUKS] adminscratch [2019/03/09 17:21] – [LUKS] admin
Line 191: Line 191:
   ###############################   ###############################
   ########### Encrypt ###########   ########### Encrypt ###########
 +
   # Shrink root filesystem (NOT the partition)   # Shrink root filesystem (NOT the partition)
   sudo e2fsck -f $ROOTPART   sudo e2fsck -f $ROOTPART
   sudo resize2fs -M $ROOTPART   sudo resize2fs -M $ROOTPART
      
-  =============================================================================== +  # Encrypt
-  A) Using luksipc +
-   +
-  # +
-  # Copy luksipc-master.zip to your home dir. If you have internet connection, +
-  # you can directly download it (wget), else copy it manually. +
-  # +
-   +
-  # cd ~ +
-  # wget https://github.com/johndoe31415/luksipc/archive/master.zip +
-  # or: +
-  # wget https://confluence.opt01.net/download/attachments/5637570/luksipc-master.zip?version=1&modificationDate=1551682022444&api=v2 +
-  # or copy manually: +
-  cp luksipc-master.zip ~ +
-  cd ~ +
-   +
-  # If you have no unzip, uncompress it with the GUI +
-  unzip luksipc-master.zip +
-  cd luksipc-master +
-  make +
-  sudo ./luksipc -d $ROOTPART +
-   +
-  # Add keyphrase (and remember it!) +
-  sudo cryptsetup luksAddKey $ROOTPART --key-file=/root/initial_keyfile.bin +
-  # Let’s check this worked (slot 0 and 1 are populated) +
-  sudo cryptsetup luksDump $ROOTPART +
-  # Let’s scrub the initial keyslot so the initial keyfile becomes useless +
-  sudo cryptsetup luksKillSlot $ROOTPART 0 +
-  # And check again (slot 1 is empty now) +
-  sudo cryptsetup luksDump $ROOTPART +
-   +
-  ===============================================================================  +
-  # B) or using cryptsetup-reencrypt:+
   sudo cryptsetup-reencrypt --type=luks2 --new --reduce-device-size 8M $ROOTPART   # or --type=luks1   sudo cryptsetup-reencrypt --type=luks2 --new --reduce-device-size 8M $ROOTPART   # or --type=luks1
-   +   
-  ===============================================================================  +
-  +
   # resize the filesystem to its original size   # resize the filesystem to its original size
   sudo cryptsetup luksOpen $ROOTPART newcryptofs   sudo cryptsetup luksOpen $ROOTPART newcryptofs
Line 250: Line 217:
   HOOKS=(base systemd autodetect keyboard keymap sd-vconsole modconf block sd-encrypt filesystems fsck)   HOOKS=(base systemd autodetect keyboard keymap sd-vconsole modconf block sd-encrypt filesystems fsck)
      
 +  # Backup old config files
 +  for f in /mnt/boot/loader/entries/*.conf; do sudo mv $f $f.bak; done
      
-  # Set the content of the file /boot/loader/loader.conf:+  # Set the content of the file /boot/loader/loader.conf, arch.conf and arch-fallback.conf:
   echo -e "default arch\ntimeout 5\nconsole-mode max\n" | sudo dd of=/mnt/boot/loader/loader.conf   echo -e "default arch\ntimeout 5\nconsole-mode max\n" | sudo dd of=/mnt/boot/loader/loader.conf
-  # and /boot/loader/entries/arch.conf: 
   echo -e "title Arch Linux\nlinux /vmlinuz-linux\ninitrd /intel-ucode.img\ninitrd \   echo -e "title Arch Linux\nlinux /vmlinuz-linux\ninitrd /intel-ucode.img\ninitrd \
   /initramfs-linux.img\noptions rd.luks.name=$(lsblk $ROOTPART -o UUID -n -d)=cryptroot \   /initramfs-linux.img\noptions rd.luks.name=$(lsblk $ROOTPART -o UUID -n -d)=cryptroot \
   root=/dev/mapper/cryptroot nvidia-drm.modeset=1" | sudo dd of=/mnt/boot/loader/entries/arch.conf   root=/dev/mapper/cryptroot nvidia-drm.modeset=1" | sudo dd of=/mnt/boot/loader/entries/arch.conf
-  # and /boot/loader/entries/arch-fallback.conf: 
   echo -e "title Arch Linux Fallback\nlinux /vmlinuz-linux\ninitrd /intel-ucode.img\ninitrd \   echo -e "title Arch Linux Fallback\nlinux /vmlinuz-linux\ninitrd /intel-ucode.img\ninitrd \
   /initramfs-linux-fallback.img\noptions rd.luks.name=$(lsblk $ROOTPART -o UUID -n -d)=cryptroot \   /initramfs-linux-fallback.img\noptions rd.luks.name=$(lsblk $ROOTPART -o UUID -n -d)=cryptroot \
   root=/dev/mapper/cryptroot" | sudo dd of=/mnt/boot/loader/entries/arch-fallback.conf   root=/dev/mapper/cryptroot" | sudo dd of=/mnt/boot/loader/entries/arch-fallback.conf
-   
-  # You might want to delete all entries in /mnt/boot/loader/entries/ except 
-  # arch.conf and arch-fallback.conf as they won't boot anymore anyway. 
-  ls /mnt/boot/loader/entries 
-   
      
   sudo chroot /mnt   sudo chroot /mnt
Line 281: Line 243:
  
   ===============================================================================    =============================================================================== 
-  # change luks1 to luks2 (or vice versa)+  # Convert luks1 to luks2 (or vice versa)
   sudo cryptsetup convert --type=luks2 $ROOTPART   sudo cryptsetup convert --type=luks2 $ROOTPART
      
  • scratch.txt
  • Last modified: 2019/03/10 13:03
  • by admin