Differences
This shows you the differences between two versions of the page.
Both sides previous revision Previous revision Next revision | Previous revision | ||
scratch [2019/03/09 15:07] – [LUKS] admin | scratch [2019/03/10 13:03] (current) – [LUKS] admin | ||
---|---|---|---|
Line 191: | Line 191: | ||
############################### | ############################### | ||
########### Encrypt ########### | ########### Encrypt ########### | ||
+ | | ||
# Shrink root filesystem (NOT the partition) | # Shrink root filesystem (NOT the partition) | ||
sudo e2fsck -f $ROOTPART | sudo e2fsck -f $ROOTPART | ||
sudo resize2fs -M $ROOTPART | sudo resize2fs -M $ROOTPART | ||
| | ||
- | | + | # Encrypt |
- | # A) Using luksipc | + | sudo cryptsetup-reencrypt --type=luks2 --new --reduce-device-size |
- | + | | |
- | # | + | |
- | # Copy luksipc-master.zip to your home dir. If you have internet connection, | + | |
- | # you can directly download it (wget), else copy it manually. | + | |
- | # | + | |
- | + | ||
- | # cd ~ | + | |
- | # wget https:// | + | |
- | # or: | + | |
- | # wget https:// | + | |
- | # or copy manually: | + | |
- | cp luksipc-master.zip ~ | + | |
- | cd ~ | + | |
- | + | ||
- | # If you have no unzip, uncompress it with the GUI | + | |
- | unzip luksipc-master.zip | + | |
- | cd luksipc-master | + | |
- | make | + | |
- | sudo ./luksipc -d $ROOTPART | + | |
- | + | ||
- | | + | |
- | sudo cryptsetup luksAddKey $ROOTPART --key-file=/ | + | |
- | # Let’s check this worked (slot 0 and 1 are populated) | + | |
- | sudo cryptsetup luksDump $ROOTPART | + | |
- | # Let’s scrub the initial keyslot so the initial keyfile becomes useless | + | |
- | sudo cryptsetup luksKillSlot $ROOTPART 0 | + | |
- | # And check again (slot 1 is empty now) | + | |
- | sudo cryptsetup luksDump $ROOTPART | + | |
- | + | ||
- | =============================================================================== | + | |
- | # B) or using cryptsetup-reencrypt: | + | |
- | sudo cryptsetup-reencrypt --type=luks2 --new --reduce-device-size | + | |
- | + | ||
- | =============================================================================== | + | |
- | | + | |
# resize the filesystem to its original size | # resize the filesystem to its original size | ||
sudo cryptsetup luksOpen $ROOTPART newcryptofs | sudo cryptsetup luksOpen $ROOTPART newcryptofs | ||
Line 250: | Line 217: | ||
HOOKS=(base systemd autodetect keyboard keymap sd-vconsole modconf block sd-encrypt filesystems fsck) | HOOKS=(base systemd autodetect keyboard keymap sd-vconsole modconf block sd-encrypt filesystems fsck) | ||
| | ||
- | + | | |
- | | + | |
echo -e " | echo -e " | ||
- | # and / | ||
echo -e "title Arch Linux\nlinux / | echo -e "title Arch Linux\nlinux / | ||
/ | / | ||
root=/ | root=/ | ||
- | # and / | ||
echo -e "title Arch Linux Fallback\nlinux / | echo -e "title Arch Linux Fallback\nlinux / | ||
/ | / | ||
root=/ | root=/ | ||
- | | ||
- | # You might want to delete all entries in / | ||
- | # arch.conf and arch-fallback.conf as they won't boot anymore anyway. | ||
- | ls / | ||
- | | ||
| | ||
sudo chroot /mnt | sudo chroot /mnt | ||
Line 281: | Line 241: | ||
=============================================================================== | =============================================================================== | ||
- | # change | + | # Convert |
sudo cryptsetup convert --type=luks2 $ROOTPART | sudo cryptsetup convert --type=luks2 $ROOTPART | ||
| |