full-disk encryption example: eliminate unnecessary commands
This commit is contained in:
parent
3233b07b73
commit
048e360fce
@ -1,6 +1,7 @@
|
|||||||
# crux-3.7.iso needs a kernel with CONFIG_CRYTPO_USER_API_SKCIPHER set for serpent cipher
|
# This outline of a CRUX installation for full-disk encryption is provided
|
||||||
# extra packages lz4 if you choose this compression mode for the kernel
|
# WITHOUT WARRANTY. Use at your own risk.
|
||||||
# dracut and lvm2 needed to access the logical volumes when booting
|
# Extra packages: lz4 if you choose this compression mode for the kernel,
|
||||||
|
# dracut and lvm2 to access the logical volumes when booting
|
||||||
|
|
||||||
parted -s -a optimal /dev/sda \
|
parted -s -a optimal /dev/sda \
|
||||||
mklabel gpt \
|
mklabel gpt \
|
||||||
@ -24,6 +25,7 @@ swapon /dev/mapper/swap
|
|||||||
cryptsetup luksFormat --type luks2 -c serpent-xts-plain64 -s 512 /dev/sda3
|
cryptsetup luksFormat --type luks2 -c serpent-xts-plain64 -s 512 /dev/sda3
|
||||||
|
|
||||||
##### The device node is now set up, but it needs a mapping to be usable as disk space
|
##### The device node is now set up, but it needs a mapping to be usable as disk space
|
||||||
|
##### Replace 'ENCRYPTED' with whatever name you want
|
||||||
cryptsetup luksOpen /dev/sda3 ENCRYPTED
|
cryptsetup luksOpen /dev/sda3 ENCRYPTED
|
||||||
pvcreate /dev/mapper/ENCRYPTED
|
pvcreate /dev/mapper/ENCRYPTED
|
||||||
|
|
||||||
@ -73,7 +75,8 @@ cat <<EOF > /etc/fstab
|
|||||||
/dev/mapper/ENCRYPTED-home /home f2fs defaults 0 0
|
/dev/mapper/ENCRYPTED-home /home f2fs defaults 0 0
|
||||||
EOF
|
EOF
|
||||||
|
|
||||||
##### Now write a custom initscript to handle the encrypted swap partition,
|
##### Now write a custom initscript to create an encrypted swap partition with
|
||||||
|
##### randomized cipher on each boot
|
||||||
cat <<EOF > /etc/rc.d/swap
|
cat <<EOF > /etc/rc.d/swap
|
||||||
#!/bin/sh
|
#!/bin/sh
|
||||||
|
|
||||||
@ -136,8 +139,7 @@ cp arch/x86/boot/bzImage /boot/efi/BOOT/vmlinuz-5.15.55
|
|||||||
cp System.map /boot/efi/BOOT/System.map-5.15.55
|
cp System.map /boot/efi/BOOT/System.map-5.15.55
|
||||||
cp .config /boot/efi/BOOT/config-5.15.55
|
cp .config /boot/efi/BOOT/config-5.15.55
|
||||||
|
|
||||||
dracut --kver 5.15.55
|
dracut --kver 5.15.55 /boot/initramfs-5.15.55.img
|
||||||
mv /boot/initramfs-5.15.55.img /boot/efi/BOOT/
|
|
||||||
|
|
||||||
cp /usr/share/syslinux/efi64/syslinux.efi /boot/efi/BOOT/bootx64.efi
|
cp /usr/share/syslinux/efi64/syslinux.efi /boot/efi/BOOT/bootx64.efi
|
||||||
cp /usr/share/syslinux/efi64/ldlinux.e64 /boot/efi/BOOT
|
cp /usr/share/syslinux/efi64/ldlinux.e64 /boot/efi/BOOT
|
||||||
@ -153,7 +155,4 @@ vi /boot/efi/BOOT/syslinux.cfg
|
|||||||
APPEND root=/dev/mapper/ENCRYPTED-root rw rd.auto=1
|
APPEND root=/dev/mapper/ENCRYPTED-root rw rd.auto=1
|
||||||
INITRD initramfs-5.15.55.img
|
INITRD initramfs-5.15.55.img
|
||||||
|
|
||||||
##### Display the EFI variables to verify that the boot order has an entry for the hard disk
|
|
||||||
efibootmgr
|
|
||||||
|
|
||||||
##### Reboot, and enjoy your new CRUX installation!
|
##### Reboot, and enjoy your new CRUX installation!
|
||||||
|
|||||||
Loading…
Reference in New Issue
Block a user