Differences
This shows you the differences between two versions of the page.
Both sides previous revision Previous revision Next revision | Previous revisionLast revisionBoth sides next revision | ||
projects:howtos:archlinux-full-disk-encryption [2017/02/05 23:53] – [Repairing boot partition] prometheus | projects:howtos:archlinux-full-disk-encryption [2021/07/19 23:47] – update warning xbr | ||
---|---|---|---|
Line 3: | Line 3: | ||
Full Disk Encryption is probable one of the most important things to do first, when setting up a new system in a world in which #BigBrother is always watching you. The issue we had was, having a keyfile which is needed to decrypt your system is nice, but if its [the keyfile] unencrypted on a USB device it doesn' | Full Disk Encryption is probable one of the most important things to do first, when setting up a new system in a world in which #BigBrother is always watching you. The issue we had was, having a keyfile which is needed to decrypt your system is nice, but if its [the keyfile] unencrypted on a USB device it doesn' | ||
- | < | + | < |
===== Requirements ===== | ===== Requirements ===== | ||
Line 23: | Line 23: | ||
<sxh bash;> | <sxh bash;> | ||
# if necessary reconfigure your keyboard layout | # if necessary reconfigure your keyboard layout | ||
- | root@archiso | + | ~$ loadkeys fr |
# check for network connectivity | # check for network connectivity | ||
- | root@archiso | + | ~$ ping 8.8.8.8 |
# request IP address | # request IP address | ||
- | root@archiso | + | ~$ ifconfig -a |
- | root@archiso | + | ~$ dhclient $NIC |
</ | </ | ||
Line 34: | Line 34: | ||
<sxh> | <sxh> | ||
- | root@archiso | + | ~$ fdisk -l | grep Disk |
- | root@archiso | + | ~$ mkdir ./mytmpfs |
- | root@archiso | + | ~$ mount tmpfs ./mytmpfs -t tmpfs -o size=32m |
- | root@archiso | + | ~$ cd ./mytmpfs |
- | root@archiso | + | ~$ dd if=/ |
- | root@archiso | + | ~$ mkdir /mnt/boot && mkdir /mnt/home |
</ | </ | ||
Line 67: | Line 67: | ||
<sxh bash; title: with keyfile> | <sxh bash; title: with keyfile> | ||
- | root@archiso | + | ~$ cryptsetup -v --cipher aes-xts-plain64 --key-size 512 --hash sha512 --iter-time 5000 --use-urandom luksFormat < |
- | root@archiso | + | ~$ cryptsetup luksOpen -d keyfile / |
- | root@archiso | + | ~$ cryptsetup luksOpen -d keyfile / |
- | root@archiso | + | ~$ cfdisk / |
- | root@archiso | + | ~$ cryptsetup -c aes-xts-plain -y -s 512 luksFormat / |
- | root@archiso | + | ~$ mkfs.vfat -F 32 -I / |
- | root@archiso | + | ~$ cfdisk / |
</ | </ | ||
<sxh bash; title: with password> | <sxh bash; title: with password> | ||
- | root@archiso | + | ~$ cryptsetup -v --cipher aes-xts-plain64 --key-size 512 --hash sha512 --iter-time 5000 --use-urandom --verify-passphrase luksFormat < |
- | root@archiso | + | ~$ cryptsetup luksOpen / |
- | root@archiso | + | ~$ mkfs.btrfs / |
- | root@archiso | + | ~$ mount / |
</ | </ | ||
Line 133: | Line 133: | ||
~$ nano / | ~$ nano / | ||
</ | </ | ||
+ | |||
+ | ===== Unmount & Reboot ===== | ||
+ | |||
+ | Good luck! | ||
<sxh bash;> | <sxh bash;> | ||
Line 139: | Line 143: | ||
</ | </ | ||
===== Troubleshooting ===== | ===== Troubleshooting ===== | ||
+ | |||
+ | Tiny troubles might pup up. The few below have a tendency to occur due to human interaction failure. ;) | ||
+ | ==== cryptsetup failed ==== | ||
+ | |||
+ | Command failed with code 22: Invalid argument | ||
+ | | ||
+ | Enter the ' | ||
==== syslinux ==== | ==== syslinux ==== | ||
Line 145: | Line 156: | ||
Is /boot mounted? | Is /boot mounted? | ||
| | ||
- | Reinstall syslinux package. | + | Reinstall syslinux package. |
==== Write-Protected ==== | ==== Write-Protected ==== | ||
Line 164: | Line 175: | ||
~$ syslinux-install_update -iam | ~$ syslinux-install_update -iam | ||
~$ nano / | ~$ nano / | ||
+ | ~$ pacman -S linux | ||
~$ exit | ~$ exit | ||
~$ umount -R /mnt | ~$ umount -R /mnt |