diff --git a/crux-wiki/CRUX-3.7-Encrypted.txt b/crux-wiki/CRUX-3.7-Encrypted.txt index 4c0151d..ca67b89 100644 --- a/crux-wiki/CRUX-3.7-Encrypted.txt +++ b/crux-wiki/CRUX-3.7-Encrypted.txt @@ -1,6 +1,7 @@ -# crux-3.7.iso needs a kernel with CONFIG_CRYTPO_USER_API_SKCIPHER set for serpent cipher -# extra packages lz4 if you choose this compression mode for the kernel -# dracut and lvm2 needed to access the logical volumes when booting +# This outline of a CRUX installation for full-disk encryption is provided +# WITHOUT WARRANTY. Use at your own risk. +# Extra packages: lz4 if you choose this compression mode for the kernel, +# dracut and lvm2 to access the logical volumes when booting parted -s -a optimal /dev/sda \ mklabel gpt \ @@ -24,6 +25,7 @@ swapon /dev/mapper/swap cryptsetup luksFormat --type luks2 -c serpent-xts-plain64 -s 512 /dev/sda3 ##### The device node is now set up, but it needs a mapping to be usable as disk space +##### Replace 'ENCRYPTED' with whatever name you want cryptsetup luksOpen /dev/sda3 ENCRYPTED pvcreate /dev/mapper/ENCRYPTED @@ -73,7 +75,8 @@ cat < /etc/fstab /dev/mapper/ENCRYPTED-home /home f2fs defaults 0 0 EOF -##### Now write a custom initscript to handle the encrypted swap partition, +##### Now write a custom initscript to create an encrypted swap partition with +##### randomized cipher on each boot cat < /etc/rc.d/swap #!/bin/sh @@ -136,8 +139,7 @@ cp arch/x86/boot/bzImage /boot/efi/BOOT/vmlinuz-5.15.55 cp System.map /boot/efi/BOOT/System.map-5.15.55 cp .config /boot/efi/BOOT/config-5.15.55 -dracut --kver 5.15.55 -mv /boot/initramfs-5.15.55.img /boot/efi/BOOT/ +dracut --kver 5.15.55 /boot/initramfs-5.15.55.img cp /usr/share/syslinux/efi64/syslinux.efi /boot/efi/BOOT/bootx64.efi cp /usr/share/syslinux/efi64/ldlinux.e64 /boot/efi/BOOT @@ -153,7 +155,4 @@ vi /boot/efi/BOOT/syslinux.cfg APPEND root=/dev/mapper/ENCRYPTED-root rw rd.auto=1 INITRD initramfs-5.15.55.img -##### Display the EFI variables to verify that the boot order has an entry for the hard disk -efibootmgr - ##### Reboot, and enjoy your new CRUX installation!