wigums wiki

User Tools

Site Tools

Trace:
lvm_luks

Differences

This shows you the differences between two versions of the page.

Link to this comparison view

Both sides previous revisionPrevious revision
Next revision		Previous revision
lvm_luks [2023/07/25 12:35] wigumslvm_luks [2024/07/23 16:19] (current) – external edit 127.0.0.1
Line 18: Line 18:
 Boot the installer. Login as '''''root''''' and run  Boot the installer. Login as '''''root''''' and run 
  
- cfdisk+<code>cfdisk</code>
  
 What you’re doing here is setting up the partitions. Essentially, we’re dividing up the hard drive into a few logical partitions so that certain things can run in certain places, and not be affected by others. In order to create a bootable encrypted drive there needs to be a small partition that is not encrypted, it’s unencrypted and readable, so the computer can use it to figure out how to start the operating system. What you’re doing here is setting up the partitions. Essentially, we’re dividing up the hard drive into a few logical partitions so that certain things can run in certain places, and not be affected by others. In order to create a bootable encrypted drive there needs to be a small partition that is not encrypted, it’s unencrypted and readable, so the computer can use it to figure out how to start the operating system.
Line 28: Line 28:
 It's a good idea for you to rewrite the entire large partition with random data. This is so computer forensics folks cannot determine where encryption starts and stops, making it harder to find out a way to circumvent the encryption and stuff. To do this, run It's a good idea for you to rewrite the entire large partition with random data. This is so computer forensics folks cannot determine where encryption starts and stops, making it harder to find out a way to circumvent the encryption and stuff. To do this, run
  
- dd if=/dev/urandom of=/dev/sdx2+<code>dd if=/dev/urandom of=/dev/sdx2</code>
  
-'''NOTE***'''  this can take quite some time.+__NOTE  this can take quite some time.__
  
 =====LVM / Luks Config===== =====LVM / Luks Config=====
Line 36: Line 36:
 LVM or Logical Volume Manager is used here to configure volumes inside of the large partition set up earlier (sdx2). LVM makes it easy to separate things internally and keep it all encrypted as one partition.  LVM or Logical Volume Manager is used here to configure volumes inside of the large partition set up earlier (sdx2). LVM makes it easy to separate things internally and keep it all encrypted as one partition. 
  
- cryptsetup -s 512 -y luksFormat /dev/sdx2+<code>cryptsetup -s 512 -y luksFormat /dev/sdx2</code>
  
 Type '''''YES''''', then decide on a password and type it. Be careful, later on if you put stuff on the drive and you forget your password, it’s gone forever. Such is the nature of encryption.  Type '''''YES''''', then decide on a password and type it. Be careful, later on if you put stuff on the drive and you forget your password, it’s gone forever. Such is the nature of encryption. 
Line 42: Line 42:
 Basically this is setting up luks encryption on /dev/sdx2. Basically this is setting up luks encryption on /dev/sdx2.
  
- cryptsetup luksOpen /dev/sdx2 slackcrypt+<code>cryptsetup luksOpen /dev/sdx2 slackcrypt</code>
  
 pvcreate is a linux command used to initialize physical volumes for use by logical volume management (lvm) later. pvcreate is a linux command used to initialize physical volumes for use by logical volume management (lvm) later.
  
- pvcreate /dev/mapper/slackcrypt +<code>pvcreate /dev/mapper/slackcrypt</code> 
  
 This creates the volume group “cryptvg”. This creates the volume group “cryptvg”.
  
- vgcreate cryptvg /dev/mapper/slackcrypt+<code>vgcreate cryptvg /dev/mapper/slackcrypt</code>
  
 Create three internal logical volumes, '''''root''''', '''''home''''', and '''''swap'''''. If you have a unique setup and prefer it a different way, just follow the same steps and size them how you want. the sizes used are example only Create three internal logical volumes, '''''root''''', '''''home''''', and '''''swap'''''. If you have a unique setup and prefer it a different way, just follow the same steps and size them how you want. the sizes used are example only
  
- lvcreate -L 20G -n root cryptvg+<code>lvcreate -L 20G -n root cryptvg</code>
  
- lvcreate -L 2G -n swap cryptvg+<code>lvcreate -L 2G -n swap cryptvg</code>
  
- lvcreate -l 100%FREE -n home cryptvg+<code>lvcreate -l 100%FREE -n home cryptvg</code>
  
  
Line 65: Line 65:
 Next thing we’ve got to do is make sure some nodes get set so everything knows where things are and what not Next thing we’ve got to do is make sure some nodes get set so everything knows where things are and what not
  
- vgscan --mknodes+<code>vgscan --mknodes</code>
  
- vgchange -ay+<code>vgchange -ay</code>
  
 make sure the slackware installer can detect the swap partition make sure the slackware installer can detect the swap partition
  
- mkswap /dev/cryptvg/swap+<code>mkswap /dev/cryptvg/swap</code>
  
-'''Slack Setup and Installation'''+=====Slack Setup and Installation=====
  
 Run the slackware installer Run the slackware installer
  
- setup +<code>setup</code> 
  
 the installer will walk you through it from here. it should auto-detect the swap partition we designated the installer will walk you through it from here. it should auto-detect the swap partition we designated
Line 90: Line 90:
 Now simply install slackware as you normally would until you get to  Now simply install slackware as you normally would until you get to 
  
-'''Install LILO'''+=====Install LILO=====
  
 To install the bootloader Lilo select '''''expert''''', then begin. Ignore the optional LILO Append, you probably don’t need to do anything with that. To install the bootloader Lilo select '''''expert''''', then begin. Ignore the optional LILO Append, you probably don’t need to do anything with that.
Line 101: Line 101:
 Eit the installer and select '''''No''''' to get dropped to a command prompt. Eit the installer and select '''''No''''' to get dropped to a command prompt.
  
-'''Creating an initrd'''+=====Creating an initrd=====
  
 Now we have to fix lilo because of our encryption scheme. Now we have to fix lilo because of our encryption scheme.
  
-chroot /mnt +<code>chroot /mnt</code>
  
 The simple explanation for this command is that you basically just entered the installed system, which is mounted at /mnt. Now you can work on things that are installed on the system.  The simple explanation for this command is that you basically just entered the installed system, which is mounted at /mnt. Now you can work on things that are installed on the system. 
Line 111: Line 111:
 The initial RAM disk (initrd) is an initial root file system that is mounted prior to when the real root file system is available. The initrd is bound to the kernel and loaded as part of the kernel boot procedure. to create an initrd run The initial RAM disk (initrd) is an initial root file system that is mounted prior to when the real root file system is available. The initrd is bound to the kernel and loaded as part of the kernel boot procedure. to create an initrd run
  
- /usr/share/mkinitrd/mkinitrd_command_generator.sh+<code>/usr/share/mkinitrd/mkinitrd_command_generator.sh</code>
  
 it will look similar to this it will look similar to this
Line 123: Line 123:
 If you need to know what kernel you just installed try If you need to know what kernel you just installed try
  
- uname -a+<code>uname -a</code>
  
-'''Fixing LILO'''+=====Fixing LILO=====
  
 Next, you have to edit lilo’s configuration file and point it to the correct places so it knows what to boot with. Don’t forget the initrd line here. Next, you have to edit lilo’s configuration file and point it to the correct places so it knows what to boot with. Don’t forget the initrd line here.
 (use your preferred editor) (use your preferred editor)
  
- vim /etc/lilo.conf+<code>nano /etc/lilo.conf</code>
  
 Edit the pertinent parts to look like this: Edit the pertinent parts to look like this:
  
- image = /boot/vmlinuz-generic-4.19.0+<code>image = /boot/vmlinuz-generic-4.19.0
  initrd = /boot/initrd.gz  initrd = /boot/initrd.gz
  root = /dev/cryptvg/root  root = /dev/cryptvg/root
  label = Slackware  label = Slackware
- read-only  # Partitions should be mounted read-only for checking+ read-only  # Partitions should be mounted read-only for checking</code>
  
 Above that, there’s an “append” line. Edit it to look something like this: Above that, there’s an “append” line. Edit it to look something like this:
Line 148: Line 148:
 Run Run
  
- lilo -v+<code>lilo -v</code>
  
 You may get an error or two from lilo, but you can usually ignore these. You may get an error or two from lilo, but you can usually ignore these.
 type  type 
- exit+<code>exit</code>
 to leave the chroot and then to leave the chroot and then
- reboot+<code>reboot</code>
  
  
Line 160: Line 160:
  
  
- cryptsetup luksOpen /dev/sdx2 slackcrypt+<code> cryptsetup luksOpen /dev/sdx2 slackcrypt
  vgscan --mknodes  vgscan --mknodes
  vgchange -ay  vgchange -ay
Line 170: Line 170:
  mount -o bind /sys /mnt/sys  mount -o bind /sys /mnt/sys
  mount -o bind /dev /mnt/dev  mount -o bind /dev /mnt/dev
- chroot /mnt+ chroot /mnt</code>
  
  
lvm_luks.1690288523.txt.gz · Last modified: 2024/07/23 16:19 (external edit)

Page Tools