Differences
This shows you the differences between two versions of the page.
Both sides previous revision Previous revision Next revision | Previous revision | ||
scratch [2019/03/03 20:22] – [LUKS] admin | scratch [2019/03/10 13:03] (current) – [LUKS] admin | ||
---|---|---|---|
Line 167: | Line 167: | ||
====== LUKS ====== | ====== LUKS ====== | ||
- | | + | https://wiki.archlinux.org/index.php/dm-crypt/Device_encryption |
- | | + | |
- | https:// | + | |
- | https:// | + | |
| | ||
- | # Find the right partition | + | |
+ | ########## Preparation ########## | ||
+ | # - Boot a Linux from a USB stick or CD / DVD | ||
+ | # - Open a terminal | ||
+ | |||
+ | |||
+ | ################################# | ||
+ | ### Find the right partitions ### | ||
lsblk -o name, | lsblk -o name, | ||
| | ||
- | nvme0n1 | + | |
- | ├─nvme0n1p1 vfat | + | |
- | ├─nvme0n1p2 ext4 | + | |
- | └─nvme0n1p3 swap 39,1G | + | |
| | ||
- | # Set boot and root partition names, change | + | # Set boot and root partition names according |
BOOTPART=/ | BOOTPART=/ | ||
ROOTPART=/ | ROOTPART=/ | ||
| | ||
- | # Shrink root filesystem (NOT the partition) | ||
- | tune2fs -l $ROOTPART | ||
- | # Block count: | ||
| | ||
- | | + | |
- | | + | ########### Encrypt ########### |
| | ||
- | # Encrypt | + | # Shrink root filesystem (NOT the partition) |
- | | + | |
- | unzip master.zip | + | sudo resize2fs |
- | cd luksipc-master | + | |
- | make | + | |
- | sudo ./ | + | |
| | ||
- | # Add keyphrase | + | # Encrypt |
- | sudo cryptsetup | + | sudo cryptsetup-reencrypt |
- | # Let’s check this worked (slot 0 and 1 are populated) | + | |
- | cryptsetup luksDump | + | |
- | | + | |
- | | + | |
- | # And check again (slot 1 is empty) | + | |
- | cryptsetup luksDump $ROOTPART | + | |
# resize the filesystem to its original size | # resize the filesystem to its original size | ||
sudo cryptsetup luksOpen $ROOTPART newcryptofs | sudo cryptsetup luksOpen $ROOTPART newcryptofs | ||
- | resize2fs / | + | |
| | ||
| | ||
- | # Make the system boot from the encrypted filesystem | + | |
+ | ### Make the system boot from the encrypted filesystem | ||
+ | | ||
sudo mount / | sudo mount / | ||
sudo mount $BOOTPART /mnt/boot | sudo mount $BOOTPART /mnt/boot | ||
- | | ||
| | ||
# Edit / | # Edit / | ||
Line 220: | Line 214: | ||
# change MODULES=() to | # change MODULES=() to | ||
MODULES=(nvidia_uvm nvidia_drm) | MODULES=(nvidia_uvm nvidia_drm) | ||
- | # set HOOKS to | + | # set HOOKS to |
HOOKS=(base systemd autodetect keyboard keymap sd-vconsole modconf block sd-encrypt filesystems fsck) | HOOKS=(base systemd autodetect keyboard keymap sd-vconsole modconf block sd-encrypt filesystems fsck) | ||
| | ||
- | + | | |
- | | + | |
echo -e " | echo -e " | ||
- | echo -e "title Arch Linux\nlinux / | + | echo -e "title Arch Linux\nlinux / |
+ | | ||
+ | | ||
+ | echo -e "title Arch Linux Fallback\nlinux / | ||
+ | / | ||
+ | root=/ | ||
| | ||
sudo chroot /mnt | sudo chroot /mnt | ||
Line 237: | Line 236: | ||
| | ||
# reboot | # reboot | ||
+ | sudo reboot | ||
+ | |||
+ | |||
+ | =============================================================================== | ||
+ | # Convert luks1 to luks2 (or vice versa) | ||
+ | sudo cryptsetup convert --type=luks2 $ROOTPART | ||
+ | | ||
+ | =============================================================================== | ||
+ | |||
+ | |