Differences

This shows you the differences between two versions of the page.

--- os:lin-workstation [2023/02/08 13:10]
tomas [Install Ubuntu on encrypted physical volume]
+++ os:lin-workstation [2023/02/08 15:19] (current)
tomas [Nástroje]
@@ Line 4: / Line 4: @@
 DEV=/dev/xxx ## select a proper disk device\\
 %%sgdisk --print $DEV%% ## list current partitions\\
-%%sgdisk --new=y:0:+512M --typecode=y:8301 --change-name=y:/boot $DEV%% ## partition for /boot\\
+BOOTPAR=x;PVPAR=z;EFIPAR=u;GRUBFS=v\\
-#%%sgdisk --new=2:0:+2M $DEV%%\\
+%%sgdisk --new=$BOOTPAR:0:+512M --typecode=$BOOTPAR:8301 --change-name=$BOOTPAR:/boot $DEV%% ## partition for /boot\\
-#%%sgdisk --new=3:0:+128M $DEV%%\\
+#%%sgdisk -n $GRUBFS:0:+2M -t $GRUBFS:ef02 -c $GRUBFS:GRUB $DEV%%\\
-sgdisk -n Z:0:0 -t Z:8301 -c Z:rootfs  $DEV ## partition for /\\
+#%%sgdisk -n $EFIPAR:0:+128M -t $EFIPAR:ef00 -c $EFIPAR:EFI-SP $DEV%%\\
-%%sgdisk --typecode=1:8301 --typecode=2:ef02 --typecode=3:ef00  $DEV%%
+sgdisk -n $PVPAR:0:0 -t $PVPAR:8301 -c $PVPAR:rootfs  $DEV ## partition for /\\
 sgdisk -p $DEV\\
-%%cryptsetup luksFormat --type=luks1 ${DEV}y%%\\
+%%cryptsetup luksFormat --type=luks1 ${DEV}$BOOTPAR%%\\
-%%cryptsetup luksFormat --type=luks1 ${DEV}Z%%\\
+%%cryptsetup luksFormat --type=luks1 ${DEV}$PVPAR%%\\
-cryptsetup open ${DEV}1 LUKS_BOOT\\
+cryptsetup open ${DEV}$BOOTPAR LUKS_BOOT\\
-cryptsetup open ${DEV}5 rootfs_crypt\\
+cryptsetup open ${DEV}$PVPAR rootfs_crypt\\
 mkfs.ext4 -L boot /dev/mapper/LUKS_BOOT\\
 pvcreate /dev/mapper/rootfs_crypt\\
@@ Line 19: / Line 19: @@
 lvcreate -L 4G -n swap ubuntu-vg\\
 lvcreate -l 80%FREE -n root ubuntu-vg\\
-while [ ! -d /target/etc/default/grub.d ]; do sleep 1; done; echo "GRUB_ENABLE_CRYPTODISK=y" > /target/etc/default/grub.d/local.cfg\\
+%%while [ ! -d /target/etc/default/grub.d ]; do sleep 1; done; echo "GRUB_ENABLE_CRYPTODISK=y" > /target/etc/default/grub.d/local.cfg%%\\
 INSTALL\\
-mount /dev/mapper/ubuntu--vg-root /target\\
+%%mount /dev/mapper/ubuntu--vg-root /target%%\\
-for n in proc sys dev etc/resolv.conf; do mount --rbind /$n /target/$n; done\\
+%%for n in proc sys dev etc/resolv.conf; do mount --rbind /$n /target/$n; done%%\\
-chroot /target
+chroot /target\\
-mount -a
+mount -a\\
-apt install -y cryptsetup-initramfs
+apt install -y cryptsetup-initramfs\\
-echo "KEYFILE_PATTERN=/etc/luks/*.keyfile" >> /etc/cryptsetup-initramfs/conf-hook\\
+%%echo "KEYFILE_PATTERN=/etc/luks/*.keyfile" >> /etc/cryptsetup-initramfs/conf-hook%%\\
-echo "UMASK=0077" >> /etc/initramfs-tools/initramfs.conf\\
+%%echo "UMASK=0077" >> /etc/initramfs-tools/initramfs.conf%%\\
 mkdir /etc/luks\\
 dd if=/dev/urandom of=/etc/luks/boot_os.keyfile bs=512 count=1\\
-chmod u=rx,go-rwx /etc/luks\\
+chmod 500 /etc/luks\\
-chmod u=r,go-rwx /etc/luks/boot_os.keyfile\\
+chmod 400 /etc/luks/boot_os.keyfile\\
-cryptsetup luksAddKey ${DEV}y /etc/luks/boot_os.keyfile\\
+cryptsetup luksAddKey ${DEV}$BOOTPAR /etc/luks/boot_os.keyfile\\
-cryptsetup luksAddKey ${DEV}Z /etc/luks/boot_os.keyfile\\
+cryptsetup luksAddKey ${DEV}$PVPAR /etc/luks/boot_os.keyfile\\
-echo "LUKS_BOOT UUID=$(blkid -s UUID -o value ${DEV}y) /etc/luks/boot_os.keyfile luks,discard" >> /etc/crypttab\\
+%%echo "LUKS_BOOT UUID=$(blkid -s UUID -o value ${DEV}$BOOTPAR) /etc/luks/boot_os.keyfile luks,discard" >> /etc/crypttab%%\\
-echo "${DM}5_crypt UUID=$(blkid -s UUID -o value ${DEV}Z) /etc/luks/boot_os.keyfile luks,discard" >> /etc/crypttab\\
+%%echo "rootfs_crypt UUID=$(blkid -s UUID -o value ${DEV}$PVPAR) /etc/luks/boot_os.keyfile luks,discard" >> /etc/crypttab%%\\
 update-initramfs -u -k all\\
+====Nástroje====
+''add-apt-repository ppa:unit193/encryption''\\
+''apt install veracrypt keepassx''\\
 ====Teams for Linux====

Tomas Lipensky - vedomostni koutek

Page Tools

Site Tools

User Tools

Differences