Both sides previous revision
Previous revision
Next revision
|
Previous revision
|
os:lin-workstation [2023/02/08 13:50] tomas [Install Ubuntu on encrypted physical volume] |
os:lin-workstation [2023/02/08 15:19] (current) tomas [Nástroje] |
%%while [ ! -d /target/etc/default/grub.d ]; do sleep 1; done; echo "GRUB_ENABLE_CRYPTODISK=y" > /target/etc/default/grub.d/local.cfg%%\\ | %%while [ ! -d /target/etc/default/grub.d ]; do sleep 1; done; echo "GRUB_ENABLE_CRYPTODISK=y" > /target/etc/default/grub.d/local.cfg%%\\ |
INSTALL\\ | INSTALL\\ |
mount /dev/mapper/ubuntu--vg-root /target\\ | %%mount /dev/mapper/ubuntu--vg-root /target%%\\ |
%%for n in proc sys dev etc/resolv.conf; do mount --rbind /$n /target/$n; done%%\\ | %%for n in proc sys dev etc/resolv.conf; do mount --rbind /$n /target/$n; done%%\\ |
chroot /target | chroot /target\\ |
mount -a | mount -a\\ |
apt install -y cryptsetup-initramfs | apt install -y cryptsetup-initramfs\\ |
echo "KEYFILE_PATTERN=/etc/luks/*.keyfile" >> /etc/cryptsetup-initramfs/conf-hook\\ | %%echo "KEYFILE_PATTERN=/etc/luks/*.keyfile" >> /etc/cryptsetup-initramfs/conf-hook%%\\ |
echo "UMASK=0077" >> /etc/initramfs-tools/initramfs.conf\\ | %%echo "UMASK=0077" >> /etc/initramfs-tools/initramfs.conf%%\\ |
mkdir /etc/luks\\ | mkdir /etc/luks\\ |
dd if=/dev/urandom of=/etc/luks/boot_os.keyfile bs=512 count=1\\ | dd if=/dev/urandom of=/etc/luks/boot_os.keyfile bs=512 count=1\\ |
chmod u=rx,go-rwx /etc/luks\\ | chmod 500 /etc/luks\\ |
chmod u=r,go-rwx /etc/luks/boot_os.keyfile\\ | chmod 400 /etc/luks/boot_os.keyfile\\ |
cryptsetup luksAddKey ${DEV}y /etc/luks/boot_os.keyfile\\ | cryptsetup luksAddKey ${DEV}$BOOTPAR /etc/luks/boot_os.keyfile\\ |
cryptsetup luksAddKey ${DEV}Z /etc/luks/boot_os.keyfile\\ | cryptsetup luksAddKey ${DEV}$PVPAR /etc/luks/boot_os.keyfile\\ |
echo "LUKS_BOOT UUID=$(blkid -s UUID -o value ${DEV}y) /etc/luks/boot_os.keyfile luks,discard" >> /etc/crypttab\\ | %%echo "LUKS_BOOT UUID=$(blkid -s UUID -o value ${DEV}$BOOTPAR) /etc/luks/boot_os.keyfile luks,discard" >> /etc/crypttab%%\\ |
echo "${DM}5_crypt UUID=$(blkid -s UUID -o value ${DEV}Z) /etc/luks/boot_os.keyfile luks,discard" >> /etc/crypttab\\ | %%echo "rootfs_crypt UUID=$(blkid -s UUID -o value ${DEV}$PVPAR) /etc/luks/boot_os.keyfile luks,discard" >> /etc/crypttab%%\\ |
update-initramfs -u -k all\\ | update-initramfs -u -k all\\ |
| |
| ====Nástroje==== |
| ''add-apt-repository ppa:unit193/encryption''\\ |
| ''apt install veracrypt keepassx''\\ |
| |
====Teams for Linux==== | ====Teams for Linux==== |