full-disk encryption example: eliminate unnecessary commands

This commit is contained in:
John McQuah 2022-08-07 18:19:42 -04:00
parent 3233b07b73
commit 048e360fce

View File

@ -1,6 +1,7 @@
# crux-3.7.iso needs a kernel with CONFIG_CRYTPO_USER_API_SKCIPHER set for serpent cipher # This outline of a CRUX installation for full-disk encryption is provided
# extra packages lz4 if you choose this compression mode for the kernel # WITHOUT WARRANTY. Use at your own risk.
# dracut and lvm2 needed to access the logical volumes when booting # Extra packages: lz4 if you choose this compression mode for the kernel,
# dracut and lvm2 to access the logical volumes when booting
parted -s -a optimal /dev/sda \ parted -s -a optimal /dev/sda \
mklabel gpt \ mklabel gpt \
@ -24,6 +25,7 @@ swapon /dev/mapper/swap
cryptsetup luksFormat --type luks2 -c serpent-xts-plain64 -s 512 /dev/sda3 cryptsetup luksFormat --type luks2 -c serpent-xts-plain64 -s 512 /dev/sda3
##### The device node is now set up, but it needs a mapping to be usable as disk space ##### The device node is now set up, but it needs a mapping to be usable as disk space
##### Replace 'ENCRYPTED' with whatever name you want
cryptsetup luksOpen /dev/sda3 ENCRYPTED cryptsetup luksOpen /dev/sda3 ENCRYPTED
pvcreate /dev/mapper/ENCRYPTED pvcreate /dev/mapper/ENCRYPTED
@ -73,7 +75,8 @@ cat <<EOF > /etc/fstab
/dev/mapper/ENCRYPTED-home /home f2fs defaults 0 0 /dev/mapper/ENCRYPTED-home /home f2fs defaults 0 0
EOF EOF
##### Now write a custom initscript to handle the encrypted swap partition, ##### Now write a custom initscript to create an encrypted swap partition with
##### randomized cipher on each boot
cat <<EOF > /etc/rc.d/swap cat <<EOF > /etc/rc.d/swap
#!/bin/sh #!/bin/sh
@ -136,8 +139,7 @@ cp arch/x86/boot/bzImage /boot/efi/BOOT/vmlinuz-5.15.55
cp System.map /boot/efi/BOOT/System.map-5.15.55 cp System.map /boot/efi/BOOT/System.map-5.15.55
cp .config /boot/efi/BOOT/config-5.15.55 cp .config /boot/efi/BOOT/config-5.15.55
dracut --kver 5.15.55 dracut --kver 5.15.55 /boot/initramfs-5.15.55.img
mv /boot/initramfs-5.15.55.img /boot/efi/BOOT/
cp /usr/share/syslinux/efi64/syslinux.efi /boot/efi/BOOT/bootx64.efi cp /usr/share/syslinux/efi64/syslinux.efi /boot/efi/BOOT/bootx64.efi
cp /usr/share/syslinux/efi64/ldlinux.e64 /boot/efi/BOOT cp /usr/share/syslinux/efi64/ldlinux.e64 /boot/efi/BOOT
@ -153,7 +155,4 @@ vi /boot/efi/BOOT/syslinux.cfg
APPEND root=/dev/mapper/ENCRYPTED-root rw rd.auto=1 APPEND root=/dev/mapper/ENCRYPTED-root rw rd.auto=1
INITRD initramfs-5.15.55.img INITRD initramfs-5.15.55.img
##### Display the EFI variables to verify that the boot order has an entry for the hard disk
efibootmgr
##### Reboot, and enjoy your new CRUX installation! ##### Reboot, and enjoy your new CRUX installation!