scratch

Differences

This shows you the differences between two versions of the page.

Link to this comparison view

Both sides previous revision Previous revision
Next revision		 Previous revision
Next revisionBoth sides next revision
scratch [2019/03/08 21:55] – [LUKS] adminscratch [2019/03/09 15:07] – [LUKS] admin
Line 168: Line 168:
 ====== LUKS ====== ====== LUKS ======
   https://wiki.archlinux.org/index.php/dm-crypt/Device_encryption   https://wiki.archlinux.org/index.php/dm-crypt/Device_encryption
 +  
   #################################   #################################
   ########## Preparation ##########   ########## Preparation ##########
Line 178: Line 178:
   ### Find the right partitions ###   ### Find the right partitions ###
   lsblk -o name,fstype,size   lsblk -o name,fstype,size
-   +  
   # nvme0n1                477G   # nvme0n1                477G
   # ├─nvme0n1p1 vfat       512M  <== boot   # ├─nvme0n1p1 vfat       512M  <== boot
   # ├─nvme0n1p2 ext4     437,4G  <== root   # ├─nvme0n1p2 ext4     437,4G  <== root
   # └─nvme0n1p3 swap      39,1G   # └─nvme0n1p3 swap      39,1G
-   +  
   # Set boot and root partition names according to above output!   # Set boot and root partition names according to above output!
   BOOTPART=/dev/nvme0n1p1   BOOTPART=/dev/nvme0n1p1
   ROOTPART=/dev/nvme0n1p2   ROOTPART=/dev/nvme0n1p2
-   +   
 +   
 +  ############################### 
 +  ########### Encrypt ###########
   # Shrink root filesystem (NOT the partition)   # Shrink root filesystem (NOT the partition)
-  BLKCNT=$(sudo tune2fs -l $ROOTPART | grep "Block count:" | awk '{print $3}') 
-  BLKCNT_SHRINK=$(($BLKCNT - 32768)) 
-  echo "Blockcount original: $BLKCNT, shrinked: $BLKCNT_SHRINK" 
-    
   sudo e2fsck -f $ROOTPART   sudo e2fsck -f $ROOTPART
-  sudo resize2fs $ROOTPART $BLKCNT_SHRINK +  sudo resize2fs -M $ROOTPART
-    +
-  ############################### +
-  ########### Encrypt ###########+
      
   ===============================================================================   ===============================================================================
Line 206: Line 202:
   # you can directly download it (wget), else copy it manually.   # you can directly download it (wget), else copy it manually.
   #   #
-   +  
   # cd ~   # cd ~
   # wget https://github.com/johndoe31415/luksipc/archive/master.zip   # wget https://github.com/johndoe31415/luksipc/archive/master.zip
Line 214: Line 210:
   cp luksipc-master.zip ~   cp luksipc-master.zip ~
   cd ~   cd ~
-   +  
   # If you have no unzip, uncompress it with the GUI   # If you have no unzip, uncompress it with the GUI
   unzip luksipc-master.zip   unzip luksipc-master.zip
Line 232: Line 228:
   ===============================================================================    =============================================================================== 
   # B) or using cryptsetup-reencrypt:   # B) or using cryptsetup-reencrypt:
-  sudo cryptsetup-reencrypt --type=luks2 ---reduce-device-size 4MiB $ROOTPART   # or --type=luks1+  sudo cryptsetup-reencrypt --type=luks2 --new --reduce-device-size 8M $ROOTPART   # or --type=luks1
      
   ===============================================================================    =============================================================================== 
Line 239: Line 235:
   sudo cryptsetup luksOpen $ROOTPART newcryptofs   sudo cryptsetup luksOpen $ROOTPART newcryptofs
   sudo resize2fs /dev/mapper/newcryptofs   sudo resize2fs /dev/mapper/newcryptofs
-    +   
-   +  
   ##########################################################   ##########################################################
   ### Make the system boot from the encrypted filesystem ###   ### Make the system boot from the encrypted filesystem ###
-   +  
   sudo mount /dev/mapper/newcryptofs /mnt   sudo mount /dev/mapper/newcryptofs /mnt
   sudo mount $BOOTPART /mnt/boot   sudo mount $BOOTPART /mnt/boot
-   +  
   # Edit /etc/mkinitcpio.conf   # Edit /etc/mkinitcpio.conf
   sudo nano /mnt/etc/mkinitcpio.conf   sudo nano /mnt/etc/mkinitcpio.conf
Line 253: Line 249:
   # set HOOKS to   # set HOOKS to
   HOOKS=(base systemd autodetect keyboard keymap sd-vconsole modconf block sd-encrypt filesystems fsck)   HOOKS=(base systemd autodetect keyboard keymap sd-vconsole modconf block sd-encrypt filesystems fsck)
-    +   
-   +  
   # Set the content of the file /boot/loader/loader.conf:   # Set the content of the file /boot/loader/loader.conf:
   echo -e "default arch\ntimeout 5\nconsole-mode max\n" | sudo dd of=/mnt/boot/loader/loader.conf   echo -e "default arch\ntimeout 5\nconsole-mode max\n" | sudo dd of=/mnt/boot/loader/loader.conf
Line 265: Line 261:
   /initramfs-linux-fallback.img\noptions rd.luks.name=$(lsblk $ROOTPART -o UUID -n -d)=cryptroot \   /initramfs-linux-fallback.img\noptions rd.luks.name=$(lsblk $ROOTPART -o UUID -n -d)=cryptroot \
   root=/dev/mapper/cryptroot" | sudo dd of=/mnt/boot/loader/entries/arch-fallback.conf   root=/dev/mapper/cryptroot" | sudo dd of=/mnt/boot/loader/entries/arch-fallback.conf
-   +  
   # You might want to delete all entries in /mnt/boot/loader/entries/ except   # You might want to delete all entries in /mnt/boot/loader/entries/ except
   # arch.conf and arch-fallback.conf as they won't boot anymore anyway.   # arch.conf and arch-fallback.conf as they won't boot anymore anyway.
   ls /mnt/boot/loader/entries   ls /mnt/boot/loader/entries
-    +   
-   +  
   sudo chroot /mnt   sudo chroot /mnt
   mount -t proc proc /proc   mount -t proc proc /proc
   mount -t sysfs sys /sys   mount -t sysfs sys /sys
   mount -t devtmpfs udev /dev   mount -t devtmpfs udev /dev
-   +  
   mkinitcpio -p linux   mkinitcpio -p linux
   exit  # leave chroot   exit  # leave chroot
-   +  
   # reboot   # reboot
   sudo reboot   sudo reboot
Line 284: Line 280:
  
  
-  Not sure if this works: 
   ===============================================================================    =============================================================================== 
   # change luks1 to luks2 (or vice versa)   # change luks1 to luks2 (or vice versa)
  • scratch.txt
  • Last modified: 2019/03/10 13:03
  • by admin