Difference between revisions of "User:Indigo"

From ArchWiki
Jump to: navigation, search
(rm backup of encrypting an LVM setup from June)
(12 intermediate revisions by the same user not shown)
Line 1: Line 1:
 +
I am from Germany. I have interests in security-related subjects and follow pages here on a variety of networking and encryption topics. The distro I have used most is Debian, interrupted by stints to Ubuntu. I have been using Arch since Mid 2011. Feel free to leave comments on the talk page here or send me an email via the wiki interface.
  
  
 
+
----
==Luks LVM==
+
The following is current work-in-progress to update the LUKS page section 8.
+
 
+
 
+
 
+
 
+
 
+
 
+
 
+
 
+
 
+
==Testbed==
+
Below you only find snips and edits that I want to save for some reason.
+
 
+
{{AUR|cower}}
+
[http://www.archlinux.org/packages/?sort=&q=vnstat&maintainer=&last_update=&flagged=&limit=50 vnstat]
+
/home crypttab problem https://bbs.archlinux.org/viewtopic.php?id=150850
+
 
+
pid=1175498#p1175498
+
 
+
{{FAQ
+
|question=Why do I get warnings about corrupted log messages at the end of a shutdown?
+
|answer=If you see log-entries like
+
[  36.374606] systemd-journald[168]: Received SIGUSR1
+
[  36.591060] systemd-journald[168]: File /var/log/journal/02903fbaca7aea3444c839ac000006dc/system.journal corrupted or
+
uncleanly shut down, renaming and replacing.
+
this may be overcome by adding the {{ic|shutdown}} hook to [[mkinitcpio]] and regenerating the kernel image. Note this is a recommended hook for a separate {{ic|/usr}}or an encrypted partition.}}
+
 
+
 
+
 
+
=== AIF Instructions ===
+
(saved here or intermediate reference upon rm'ing the section in the LUKS wiki
+
 
+
{{Deletion|}}
+
{{Out of date|AIF (Arch Installation Framework; referenced below also as {{ic|/arch/setup}}) does not exist anymore, GRUB Legacy is not available anymore}}
+
==== Prepare hard drive for AIF ====
+
 
+
Now that {{ic|/dev/mapper/root}} and {{ic|/dev/mapper/home}} are in place, we can enter the regular Arch setup script to install the system into the encrypted volumes.
+
# /arch/setup
+
Skip the Partitioning and Auto-Prepare steps and go straight to manual configuration.
+
Instead of choosing the hardware devices ({{ic|/dev/sdaX}}) directly, you have to select the mapper devices created above.
+
Choose {{ic|/dev/mapper/root}} for your root and {{ic|/dev/mapper/home}} as {{ic|/home}} partition respectively and format them with any filesystem you like.
+
The same is valid for a swap partition which is set up like the {{ic|/home}} partition. Make sure you mount {{ic|/dev/sda1}} as the {{ic|/boot}} partition, or else the installer will not properly set up the bootloader.
+
 
+
==== Select and Install packages ====
+
Select and install the packages as usual: the base package contains all required programs.
+
 
+
==== Exit Install ====
+
Now that the install is finished the only thing left to do is add entries to the {{ic|/etc/crypttab}} file so you do not have to enter the passphrase for all encrypted partitions. This works only for non-root partitions e.g. {{ic|/home}}, swap, etc.
+
# vi /mnt/etc/crypttab
+
 
+
Add one of the following for the {{ic|/home}} partition.
+
{{Note|Using a passphrase to decrypt LUKS partitions automatically from {{ic|/etc/crypttab}} is deprecated: see http://www.mail-archive.com/arch-projects@archlinux.org/msg02115.html}}
+
home    /dev/sda5    /etc/mypassword1
+
 
+
You can also use a keyfile instead of a passphrase. If not already done, create a keyfile and add the key to the corresponding LUKS partition as described [[#Adding_Additional_Passphrases_or_Keyfiles_to_a_LUKS_Encrypted_Partition|above]].
+
Then add the following information to the {{ic|/etc/crypttab}} file for automounting:
+
home    /dev/sda5    /path/of/your/keyfile
+
 
+
If you used a USB device to store your keyfile, you should have something like this:
+
home    /dev/sda5    /dev/sd*1/keyfile
+
 
+
Or if the keyfile was stored in the MBR, it should be like this:
+
home    /dev/sda5    /dev/sd*:2048:2048
+
 
+
{{Box BLUE|Note:|When reading the keyfile from the MBR it should be {{ic|/dev/sdb}} not {{ic|/dev/sdb1}} but if the key is in the filesystem it should still be {{ic|/dev/sdb1}}.}}
+
 
+
After rebooting you should now be presented with the text
+
A password is required to access the root filesystem:
+
followed by a prompt for a LUKS password. Type it in and everything should boot.
+
Once you have logged in, have a look at your mounted partitions by typing {{ic|mount}}. You should have {{ic|/dev/mapper/root}} mounted at {{ic|/}} and, if you set up a separate encrypted home partition, {{ic|/dev/mapper/home}} mounted at {{ic|/home}}. If you set up encrypted swap, {{ic|swapon -s}} should have {{ic|/dev/mapper/swap}} listed as your swap partition.
+
 
+
{{Note|Eventually the text prompting for the password is mixed up with other boot messages. So the boot process may seem frozen at first glance, but it is not, simply enter your password and press {{keypress|Enter}}.}}
+
 
+
==== GRUB Legacy ====
+
{{Out of date|Like AIF in this section, GRUB Legacy and LILO are dropped. }}
+
'''[[GRUB Legacy]]:''' You have to make some small changes to the entries generated by the installer by replacing {{ic|/dev/mapper/root}} with {{ic|/dev/sda3}}. The important point to remember here is to use the same {{ic|cryptdevice}} name you assigned when you initially unlocked your device. In this example, the device name is {{ic|cryptroot}}; customize yours accordingly:
+
 
+
# (0) Arch Linux
+
title Arch Linux
+
root (hd0,0)
+
kernel /vmlinuz-linux cryptdevice=/dev/sda3:cryptroot root=/dev/mapper/cryptroot ro
+
initrd /initramfs-linux.img
+
 
+
For kernels older than 2.6.37, the syntax is:
+
# (0) Arch Linux
+
title Arch Linux
+
root (hd0,0)
+
kernel /vmlinuz26 root=/dev/sda3 ro
+
initrd /kernel26.img
+
 
+
==== LILO ====
+
'''LILO:''' Edit the Arch Linux section in {{ic|/etc/lilo.conf}} and include a line for the {{ic|append}} option, over the initrd, with the {{ic|root<nowiki>=</nowiki>/dev/sda3}} parameter. The {{ic|append}} section makes the same kernel line as in GRUB. Also, you can omit the {{ic|root}} option above the {{ic|image}} option. The section looks like this:
+
# Arch Linux lilo section
+
image = /vmlinuz-linux
+
# root = /dev/sda3
+
  label = Arch
+
  initrd = /initramfs-linux.img
+
  append = "root=/dev/sda3"
+
  read-only
+
 
+
If you want to use a USB flash drive with a keyfile, you have to append the {{ic|cryptkey}} option. See the corresponding section above.
+

Revision as of 18:54, 1 September 2013

I am from Germany. I have interests in security-related subjects and follow pages here on a variety of networking and encryption topics. The distro I have used most is Debian, interrupted by stints to Ubuntu. I have been using Arch since Mid 2011. Feel free to leave comments on the talk page here or send me an email via the wiki interface.