Tomas Lipensky - vedomostni koutek

Trace: lin-workstation

Differences

This shows you the differences between two versions of the page.

Link to this comparison view

Both sides previous revision Previous revision
Next revision 		Previous revision
os:lin-workstation [2023/02/08 13:50]
tomas [Install Ubuntu on encrypted physical volume] 		os:lin-workstation [2023/02/08 15:19] (current)
tomas [Nástroje]
Line 21: Line 21:
 %%while [ ! -d /target/etc/default/grub.d ]; do sleep 1; done; echo "GRUB_ENABLE_CRYPTODISK=y" > /target/etc/default/grub.d/local.cfg%%\\ %%while [ ! -d /target/etc/default/grub.d ]; do sleep 1; done; echo "GRUB_ENABLE_CRYPTODISK=y" > /target/etc/default/grub.d/local.cfg%%\\
 INSTALL\\ INSTALL\\
-mount /dev/mapper/ubuntu--vg-root /target\\+%%mount /dev/mapper/ubuntu--vg-root /target%%\\
 %%for n in proc sys dev etc/resolv.conf; do mount --rbind /$n /target/$n; done%%\\ %%for n in proc sys dev etc/resolv.conf; do mount --rbind /$n /target/$n; done%%\\
-chroot /target +chroot /target\\ 
-mount -a +mount -a\\ 
-apt install -y cryptsetup-initramfs +apt install -y cryptsetup-initramfs\\ 
-echo "KEYFILE_PATTERN=/etc/luks/*.keyfile" >> /etc/cryptsetup-initramfs/conf-hook\\ +%%echo "KEYFILE_PATTERN=/etc/luks/*.keyfile" >> /etc/cryptsetup-initramfs/conf-hook%%\\ 
-echo "UMASK=0077" >> /etc/initramfs-tools/initramfs.conf\\+%%echo "UMASK=0077" >> /etc/initramfs-tools/initramfs.conf%%\\
 mkdir /etc/luks\\ mkdir /etc/luks\\
 dd if=/dev/urandom of=/etc/luks/boot_os.keyfile bs=512 count=1\\ dd if=/dev/urandom of=/etc/luks/boot_os.keyfile bs=512 count=1\\
-chmod u=rx,go-rwx /etc/luks\\ +chmod 500 /etc/luks\\ 
-chmod u=r,go-rwx /etc/luks/boot_os.keyfile\\ +chmod 400 /etc/luks/boot_os.keyfile\\ 
-cryptsetup luksAddKey ${DEV}/etc/luks/boot_os.keyfile\\ +cryptsetup luksAddKey ${DEV}$BOOTPAR /etc/luks/boot_os.keyfile\\ 
-cryptsetup luksAddKey ${DEV}/etc/luks/boot_os.keyfile\\ +cryptsetup luksAddKey ${DEV}$PVPAR /etc/luks/boot_os.keyfile\\ 
-echo "LUKS_BOOT UUID=$(blkid -s UUID -o value ${DEV}y) /etc/luks/boot_os.keyfile luks,discard" >> /etc/crypttab\\ +%%echo "LUKS_BOOT UUID=$(blkid -s UUID -o value ${DEV}$BOOTPAR) /etc/luks/boot_os.keyfile luks,discard" >> /etc/crypttab%%\\ 
-echo "${DM}5_crypt UUID=$(blkid -s UUID -o value ${DEV}Z) /etc/luks/boot_os.keyfile luks,discard" >> /etc/crypttab\\+%%echo "rootfs_crypt UUID=$(blkid -s UUID -o value ${DEV}$PVPAR) /etc/luks/boot_os.keyfile luks,discard" >> /etc/crypttab%%\\
 update-initramfs -u -k all\\ update-initramfs -u -k all\\
 +
 +====Nástroje====
 +''add-apt-repository ppa:unit193/encryption''\\
 +''apt install veracrypt keepassx''\\
  
 ====Teams for Linux==== ====Teams for Linux====
Last modified: 2023/02/08 13:50
GNU Free Documentation License 1.3 Except where otherwise noted, content on this wiki is licensed under the following license: GNU Free Documentation License 1.3