Differences
This shows you the differences between two versions of the page.
Both sides previous revision Previous revision Next revision | Previous revisionLast revisionBoth sides next revision | ||
projects:howtos:archlinux-full-disk-encryption [2017/02/05 22:49] – [Mounting] prometheus | projects:howtos:archlinux-full-disk-encryption [2021/07/19 23:47] – update warning xbr | ||
---|---|---|---|
Line 3: | Line 3: | ||
Full Disk Encryption is probable one of the most important things to do first, when setting up a new system in a world in which #BigBrother is always watching you. The issue we had was, having a keyfile which is needed to decrypt your system is nice, but if its [the keyfile] unencrypted on a USB device it doesn' | Full Disk Encryption is probable one of the most important things to do first, when setting up a new system in a world in which #BigBrother is always watching you. The issue we had was, having a keyfile which is needed to decrypt your system is nice, but if its [the keyfile] unencrypted on a USB device it doesn' | ||
- | < | + | < |
===== Requirements ===== | ===== Requirements ===== | ||
Line 23: | Line 23: | ||
<sxh bash;> | <sxh bash;> | ||
# if necessary reconfigure your keyboard layout | # if necessary reconfigure your keyboard layout | ||
- | root@archiso | + | ~$ loadkeys fr |
# check for network connectivity | # check for network connectivity | ||
- | root@archiso | + | ~$ ping 8.8.8.8 |
# request IP address | # request IP address | ||
- | root@archiso | + | ~$ ifconfig -a |
- | root@archiso | + | ~$ dhclient $NIC |
</ | </ | ||
Line 34: | Line 34: | ||
<sxh> | <sxh> | ||
- | root@archiso | + | ~$ fdisk -l | grep Disk |
- | root@archiso | + | ~$ mkdir ./mytmpfs |
- | root@archiso | + | ~$ mount tmpfs ./mytmpfs -t tmpfs -o size=32m |
- | root@archiso | + | ~$ cd ./mytmpfs |
- | root@archiso | + | ~$ dd if=/ |
- | root@archiso | + | ~$ mkdir /mnt/boot && mkdir /mnt/home |
</ | </ | ||
Line 67: | Line 67: | ||
<sxh bash; title: with keyfile> | <sxh bash; title: with keyfile> | ||
- | root@archiso | + | ~$ cryptsetup -v --cipher aes-xts-plain64 --key-size 512 --hash sha512 --iter-time 5000 --use-urandom luksFormat < |
- | root@archiso | + | ~$ cryptsetup luksOpen -d keyfile / |
- | root@archiso | + | ~$ cryptsetup luksOpen -d keyfile / |
- | root@archiso | + | ~$ cfdisk / |
- | root@archiso | + | ~$ cryptsetup -c aes-xts-plain -y -s 512 luksFormat / |
- | root@archiso | + | ~$ mkfs.vfat -F 32 -I / |
- | root@archiso | + | ~$ cfdisk / |
</ | </ | ||
<sxh bash; title: with password> | <sxh bash; title: with password> | ||
- | root@archiso | + | ~$ cryptsetup -v --cipher aes-xts-plain64 --key-size 512 --hash sha512 --iter-time 5000 --use-urandom --verify-passphrase luksFormat < |
- | root@archiso | + | ~$ cryptsetup luksOpen / |
- | root@archiso | + | ~$ mkfs.btrfs / |
- | root@archiso | + | ~$ mount / |
</ | </ | ||
Line 86: | Line 86: | ||
<sxh bash; title: on disk boot device> | <sxh bash; title: on disk boot device> | ||
- | root@archiso | + | ~$ mkfs.ext3 -L boot / |
# DOS; primary partition + bootable | # DOS; primary partition + bootable | ||
- | root@archiso | + | ~$ cfdisk / |
- | root@archiso | + | ~$ mount / |
</ | </ | ||
<sxh bash; title: external boot device> | <sxh bash; title: external boot device> | ||
- | root@archiso | + | ~$ mkfs.ext3 -L boot / |
- | root@archiso | + | ~$ cfdisk / |
- | root@archiso | + | ~$ mkfs.ext3 -L boot / |
- | root@archiso | + | ~$ mount / |
</ | </ | ||
Line 103: | Line 103: | ||
<sxh bash; title: mounting> | <sxh bash; title: mounting> | ||
~$ mkdir /mnt/boot | ~$ mkdir /mnt/boot | ||
- | ~$ mount / | + | ~$ mount / |
~$ mount / | ~$ mount / | ||
</ | </ | ||
Line 110: | Line 110: | ||
<sxh bash;> | <sxh bash;> | ||
- | root@archiso | + | ~$ pacstrap -i /mnt base base-devel |
- | root@archiso | + | ~$ genfstab -U /mnt > / |
- | root@archiso | + | ~$ arch-chroot /mnt /bin/bash |
- | root@archiso | + | ~$ nano / |
- | root@archiso | + | ~$ locale-gen |
- | root@archiso | + | ~$ echo LANG=en_IE.UTF-8 > / |
- | root@archiso | + | ~$ nano / |
- | root@archiso | + | ~$ ln -sf / |
- | root@archiso | + | ~$ hwclock --systohc --utc |
- | root@archiso | + | ~$ echo $HOSTNAME > / |
- | root@archiso | + | ~$ nano / |
- | root@archiso | + | # add: keymap keyboard encrypt **before** filesystem in the HOOKS variable |
- | root@archiso | + | ~$ mkinitcpio -p linux |
- | root@archiso ~ # pacman -S syslinux | + | ~$ passwd root |
- | root@archiso ~ # syslinux-install_update -iam | + | </sxh> |
- | root@archiso ~ # nano /boot/ | + | |
- | root@archiso ~ # exit | + | |
- | root@archiso ~ # umount -R /mnt | + | |
+ | ===== syslinux ===== | ||
+ | |||
+ | <sxh bash;> | ||
+ | ~$ pacman -S syslinux gptfdisk | ||
+ | ~$ syslinux-install_update -iam | ||
+ | ~$ nano / | ||
</ | </ | ||
+ | ===== Unmount & Reboot ===== | ||
+ | |||
+ | Good luck! | ||
+ | |||
+ | <sxh bash;> | ||
+ | ~$ exit | ||
+ | ~$ umount -R /mnt | ||
+ | </ | ||
===== Troubleshooting ===== | ===== Troubleshooting ===== | ||
+ | |||
+ | Tiny troubles might pup up. The few below have a tendency to occur due to human interaction failure. ;) | ||
+ | ==== cryptsetup failed ==== | ||
+ | |||
+ | Command failed with code 22: Invalid argument | ||
+ | | ||
+ | Enter the ' | ||
==== syslinux ==== | ==== syslinux ==== | ||
Line 138: | Line 156: | ||
Is /boot mounted? | Is /boot mounted? | ||
| | ||
- | Reinstall syslinux package. | + | Reinstall syslinux package. |
==== Write-Protected ==== | ==== Write-Protected ==== | ||
Line 147: | Line 165: | ||
<sxh bash;> | <sxh bash;> | ||
- | root@archiso | + | ~$ cryptsetup luksOpen / |
- | root@archiso | + | ~$ mount / |
- | root@archiso | + | ~$ mkfs.ext2 / |
- | root@archiso | + | ~$ mount / |
- | root@archiso | + | ~$ genfstab -U /mnt > / |
- | root@archiso | + | ~$ arch-chroot /mnt /bin/bash |
- | root@archiso | + | ~$ pacman -R syslinux |
- | root@archiso | + | ~$ pacman -Syy syslinux |
- | root@archiso | + | ~$ syslinux-install_update -iam |
- | root@archiso | + | ~$ nano / |
- | root@archiso | + | ~$ pacman -S linux |
- | root@archiso | + | ~$ exit |
+ | ~$ umount -R /mnt | ||
</ | </ | ||