From 34e4e80c48481e5c83c86f4a060b4d48a28479aa Mon Sep 17 00:00:00 2001
From: Deven Blake <trinity@trinity.moe>
Date: Sun, 1 May 2022 00:09:29 -0400
Subject: [PATCH] update LUKS

---
 homepage/knowledge/linux.html | 44 +++++++++++++++++------------------
 1 file changed, 22 insertions(+), 22 deletions(-)

diff --git a/homepage/knowledge/linux.html b/homepage/knowledge/linux.html
index d6ffe36..86cd322 100644
--- a/homepage/knowledge/linux.html
+++ b/homepage/knowledge/linux.html
@@ -16,7 +16,7 @@
 <SCRIPT SRC="/js/sheets.js"  TYPE="application/javascript"></SCRIPT>
 <SCRIPT TYPE="application/javascript">window.onload = window.initializesheets;</SCRIPT>
 <H1>linux</H1>
-<H3>updated 2022-04-24</H3>
+<H3>updated 2022-04-30</H3>
 <HR ALIGN="left" SIZE="1" WIDTH="25%" />
 <H2>ACPI client</H2>
 <P>
@@ -109,9 +109,9 @@ Alpine by default uses <CODE>mandoc</CODE>.
 
 <H2 ID="partitioning">Partitions and filesystems</H2>
 <UL>
-	<LI><A HREF="https://wiki.archlinux.org/title/EFI_system_partition">EFI system partition (Arch Wiki)</A></LI>
-	<LI><A HREF="https://wiki.artixlinux.org/Main/Installation#Partition_your_disk_.28BIOS.29">Installation#Partition your disk - Artix wiki</A></LI>
-	<LI><A HREF="https://wiki.archlinux.org/title/Installation_guide#Partition_the_disks">Installation guide#Partition the disks - Arch wiki</A></LI>
+<LI><A HREF="https://wiki.archlinux.org/title/EFI_system_partition">EFI system partition (Arch Wiki)</A></LI>
+<LI><A HREF="https://wiki.artixlinux.org/Main/Installation#Partition_your_disk_.28BIOS.29">Installation#Partition your disk - Artix wiki</A></LI>
+<LI><A HREF="https://wiki.archlinux.org/title/Installation_guide#Partition_the_disks">Installation guide#Partition the disks - Arch wiki</A></LI>
 </UL>
 <P>
 Don't use partitioners included with OS media where the same job can be done by <A HREF="https://gparted.org/">GParted</A> (which has live media available) or another good general-purpose partitioner.
@@ -131,14 +131,20 @@ Check out the linked pages in the "See also" section.
 <P>
 Use <CODE>mkfs(8)</CODE> for creating filesystems and <CODE>mount(8)</CODE> for mounting partitions' filesystems.
 </P>
-<H3 ID="luks_partitioning">LUKS partitioning</H3>
+<H3 ID="luks">LUKS</H3>
 <UL>
-	<LI><A HREF="https://www.cyberciti.biz/security/how-to-backup-and-restore-luks-header-on-linux/">How to backup and restore LUKS header on Linux</A></LI>
-	<LI><A HREF="https://devconnected.com/how-to-encrypt-partition-on-linux/">How To Encrypt Partition on Linux</A></LI>
-	<LI><A HREF="https://unixfuntime.wordpress.com/2012/08/20/luks-passphrases-changing-adding-removing/">LUKS passphrases: Changing, adding, removing</A></LI>
+<LI><A HREF="https://www.howtoforge.com/automatically-unlock-luks-encrypted-drives-with-a-keyfile/">Automatically Unlock LUKS Encrypted Drives With A Keyfile</A></LI>
+<LI><A HREF="https://wiki.gentoo.org/wiki/Dm-crypt">Dm-crypt</A> (Gentoo Wiki)</LI>
+<LI><A HREF="https://www.cyberciti.biz/security/how-to-backup-and-restore-luks-header-on-linux/">How to backup and restore LUKS header on Linux</A></LI>
+<LI><A HREF="https://devconnected.com/how-to-encrypt-partition-on-linux/">How To Encrypt Partition on Linux</A></LI>
+<LI><A HREF="https://unixfuntime.wordpress.com/2012/08/20/luks-passphrases-changing-adding-removing/">LUKS passphrases: Changing, adding, removing</A></LI>
+<LI><A HREF="https://wiki.alpinelinux.org/wiki/LVM_on_LUKS">LVM on LUKS</A> (Alpine Wiki)</LI>
 </UL>
 <P>
-To format a partition for LUKS, use <CODE>lsblk</CODE> to determine the physical block device location for that partition and run <CODE>cryptsetup luksFormat [<I>partition</I>]</CODE>.
+<CODE>e2fsprogs</CODE> is needed for the <CODE>dm_mod</CODE> kernel module used for LUKS partition decryption.
+</P>
+<P>
+To format a partition for LUKS, determine the physical block device location for that partition and run <CODE>cryptsetup luksFormat [<I>partition</I>]</CODE>.
 The passphrase used can be changed or removed after creation.
 </P>
 <P>
@@ -156,23 +162,17 @@ To close an open LUKS partition, <CODE>umount(8)</CODE> it if it's open and <COD
 To make the LUKS partition openable via keyfile, first make a keyfile (<CODE>dd if=/dev/urandom of=/root/keyfile bs=1024 count=4</CODE> seems to work), and optionally make it readable by root only (<CODE>chmod 0400 [<I>keyfile</I>]</CODE>).
 Then add the keyfile to the partition's LUKS header with <CODE>cryptsetup luksAddKey [<I>physical partition block device</I>] [<I>keyfile</I>]</CODE>.
 </P>
-<H3>Mount LUKS encrypted partitions at boot</H3>
-<UL>
-	<LI><A HREF="https://www.howtoforge.com/automatically-unlock-luks-encrypted-drives-with-a-keyfile/">Automatically Unlock LUKS Encrypted Drives With A Keyfile</A></LI>
-	<LI><A HREF="https://wiki.gentoo.org/wiki/Dm-crypt">Dm-crypt</A> (Gentoo Wiki)</LI>
-	<LI><A HREF="https://wiki.alpinelinux.org/wiki/LVM_on_LUKS">LVM on LUKS</A> (Alpine Wiki)</LI>
-</UL>
-<P>See <A HREF="/knowledge/cryptography#luks_partitioning">cryptography#LUKS partitioning</A> for how to make a LUKS partition.</P>
+<H4>dm-crypt</H4>
 <P>
-<CODE>e2fsprogs</CODE> is needed for the <CODE>dm_mod</CODE> kernel module used for LUKS partition decryption.
+<CODE>dm-crypt</CODE> is a service that automatically mounts LUKS volumes at boot.
 </P>
 <P>
-On most OpenRC-initialized distributions, the <CODE>cryptsetup-openrc</CODE> package provides a <CODE>dmcrypt</CODE> service for OpenRC.
+On most OpenRC-initialized distributions, the <CODE>cryptsetup-openrc</CODE> package provides <CODE>dmcrypt</CODE>.
 Make sure that service is added to runlevel boot.
 </P>
 <P>
-Configure <CODE>/etc/conf.d/dmcrypt</CODE>, and accordingly fstab.
-<CODE>dmcrypt</CODE> will need the UUID of the <I>physical</I> block device while fstab (if being configured with UUIDs will need the UUID of the decrypted block device in the device mapper.
+Configuration is in <CODE>/etc/conf.d/dmcrypt</CODE> and further configuration should be done in <CODE><A HREF="#fstab">fstab</A></CODE>.
+<CODE>dm-crypt</CODE> will need the UUID of the <I>physical</I> block device while fstab (if being configured with UUIDs will need the UUID of the decrypted block device in the device mapper.
 </P>
 
 
@@ -187,10 +187,10 @@ By default, postmarketOS will generate a random software MAC address when connec
 You can disable this by adding a NetworkManager rule.
 In <CODE>/etc/NetworkManager/conf.d/</CODE> you can make a file with any name that has the following:
 </P>
-<P><CODE><PRE>
+<PRE><CODE>
 [device]
 wifi.scan-rand-mac-address=no
-</PRE></CODE></P>
+</CODE></PRE>
 <P>
 On a live system you can then <CODE>rc-service networkmanager restart</CODE> to restart NetworkManager and have it load the new configuration.
 </P>