murderu.us/src
4
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity
cab8833a3d
src/wiki/unix/volumes.m4
dtb cab8833a3d murderuus wiki
2022-11-14 13:44:48 -05:00

85 lines
4.8 KiB
Plaintext
Raw Blame History

<H2 ID="partitioning">Partitions and filesystems</H2>
<UL>
<LI><A HREF="https://wiki.archlinux.org/title/EFI_system_partition">EFI system partition (Arch Wiki)</A></LI>
<LI><A HREF="https://wiki.artixlinux.org/Main/Installation#Partition_your_disk_.28BIOS.29">Installation#Partition your disk - Artix wiki</A></LI>
<LI><A HREF="https://wiki.archlinux.org/title/Installation_guide#Partition_the_disks">Installation guide#Partition the disks - Arch wiki</A></LI>
</UL>
<P>
Don't use partitioners included with OS media where the same job can be done by <A HREF="https://gparted.org/">GParted</A> (which has live media available) or another good general-purpose partitioner.
BSDs and Plan 9 are exceptions to this rule due to their exotic partitioning systems.
Using utilities from a shell or TUIs does not make you "cooler" than someone who needs a GUI for partitioning; in some cases, messing up partitioning can have serious consequences, so it's always nice to have some idiot-proofing.
I always partition my disks with the GParted live media.
</P>
<P>
You should do your own research on how you should partition your disks.
I personally use separate partitions for /boot, /home, /, and swap.
Your needs will vary.
</P>
<P>
<B>Please note that a separate boot partition is mandatory if you intend to boot via (U)EFI.</B>
Check out the linked pages in the "See also" section.
</P>
<P>
Use <CODE>mkfs(8)</CODE> for creating filesystems and <CODE>mount(8)</CODE> for mounting partitions' filesystems.
</P>
<H3>gpart</H3>
<UL>
<LI><A HREF="https://en.wikipedia.org/wiki/Gpart">Gpart</A> (Wikipedia)</LI>
</UL>
<P>
Available as <CODE>sysutils/gpart</CODE> in pkgsrc.
</P>
<P>
<CODE>gpart(8)</CODE> is a tool that scans a file (or block device presented as a file) for drive partitions regardless of any table present on the medium.
</P>
<H3 ID="luks">LUKS</H3>
<UL>
<LI><A HREF="https://www.howtoforge.com/automatically-unlock-luks-encrypted-drives-with-a-keyfile/">Automatically Unlock LUKS Encrypted Drives With A Keyfile</A></LI>
<LI><A HREF="https://man.dragonflybsd.org/?command=cryptsetup&section=8">cryptsetup(8)</A> (DragonFly Man Pages)</LI>
<LI><A HREF="https://wiki.gentoo.org/wiki/Dm-crypt">Dm-crypt</A> (Gentoo Wiki)</LI>
<LI><A HREF="https://www.cyberciti.biz/security/how-to-backup-and-restore-luks-header-on-linux/">How to backup and restore LUKS header on Linux</A></LI>
<LI><A HREF="https://devconnected.com/how-to-encrypt-partition-on-linux/">How To Encrypt Partition on Linux</A></LI>
<LI><A HREF="https://unixfuntime.wordpress.com/2012/08/20/luks-passphrases-changing-adding-removing/">LUKS passphrases: Changing, adding, removing</A></LI>
<LI><A HREF="https://wiki.alpinelinux.org/wiki/LVM_on_LUKS">LVM on LUKS</A> (Alpine Wiki)</LI>
</UL>
<P>
<CODE>e2fsprogs</CODE> is needed for the <CODE>dm_mod</CODE> kernel module used for LUKS partition decryption.
</P>
<P>
To format a partition to a LUKS volume, determine the physical block device location for that partition and run <CODE>cryptsetup luksFormat [<I>partition</I>]</CODE>.
The passphrase used can be changed or removed after creation.
</P>
<P>
To open a LUKS volume, use <CODE>cryptsetup luksOpen [<I>partition</I>] [<I>name</I>]</CODE>.
This <I>name</I> is the name the <I>decrypted block device</I> location will take in <CODE>/dev/mapper/</CODE>.
</P>
<P>
Before the decrypted block device has a filesystem it'll just be cleared space - format as normal but use the decrypted block device location.
</P>
<P>
To mount a partition in an opened LUKS volume, use <CODE>mount(8)</CODE> as normal, just with the decrypted block device location.
</P>
<P>
To close an open LUKS volume, <CODE>umount(8)</CODE> any mapped and mounted partitions from the volume and <CODE>cryptsetup luksClose [<I>name</I>]</CODE>.
</P>
<P>
To make the LUKS partition openable via keyfile, first make a keyfile (<CODE>dd if=/dev/urandom of=/root/keyfile bs=1024 count=4</CODE> seems to work), and optionally make it readable by root only (<CODE>chmod 0400 [<I>keyfile</I>]</CODE>).
Then add the keyfile to the partition's LUKS header with <CODE>cryptsetup luksAddKey [<I>physical partition block device</I>] [<I>keyfile</I>]</CODE>.
</P>
<H4>dm-crypt</H4>
<P>
<CODE>dm-crypt</CODE> is a service that automatically mounts LUKS volumes at boot.
</P>
<P>
On most OpenRC-initialized distributions, the <CODE>cryptsetup-openrc</CODE> package provides <CODE>dmcrypt</CODE>.
Make sure that service is added to runlevel boot.
</P>
<P>
Configuration is in <CODE>/etc/conf.d/dmcrypt</CODE> and further configuration should be done in <CODE><A HREF="#fstab">fstab</A></CODE>.
<CODE>dm-crypt</CODE> will need the UUID of the <I>physical</I> block device while fstab (if being configured with UUIDs will need the UUID of the decrypted block device in the device mapper).
</P>
<H3>TestDisk</H3>
<UL>
<LI><A HREF="https://en.wikipedia.org/wiki/TestDisk">TestDisk</A> (Wikipedia)</LI>
</UL>
Reference in New Issue View Git Blame Copy Permalink