update LUKS
This commit is contained in:
parent
aad8f5208d
commit
34e4e80c48
@ -16,7 +16,7 @@
|
|||||||
<SCRIPT SRC="/js/sheets.js" TYPE="application/javascript"></SCRIPT>
|
<SCRIPT SRC="/js/sheets.js" TYPE="application/javascript"></SCRIPT>
|
||||||
<SCRIPT TYPE="application/javascript">window.onload = window.initializesheets;</SCRIPT>
|
<SCRIPT TYPE="application/javascript">window.onload = window.initializesheets;</SCRIPT>
|
||||||
<H1>linux</H1>
|
<H1>linux</H1>
|
||||||
<H3>updated 2022-04-24</H3>
|
<H3>updated 2022-04-30</H3>
|
||||||
<HR ALIGN="left" SIZE="1" WIDTH="25%" />
|
<HR ALIGN="left" SIZE="1" WIDTH="25%" />
|
||||||
<H2>ACPI client</H2>
|
<H2>ACPI client</H2>
|
||||||
<P>
|
<P>
|
||||||
@ -131,14 +131,20 @@ Check out the linked pages in the "See also" section.
|
|||||||
<P>
|
<P>
|
||||||
Use <CODE>mkfs(8)</CODE> for creating filesystems and <CODE>mount(8)</CODE> for mounting partitions' filesystems.
|
Use <CODE>mkfs(8)</CODE> for creating filesystems and <CODE>mount(8)</CODE> for mounting partitions' filesystems.
|
||||||
</P>
|
</P>
|
||||||
<H3 ID="luks_partitioning">LUKS partitioning</H3>
|
<H3 ID="luks">LUKS</H3>
|
||||||
<UL>
|
<UL>
|
||||||
|
<LI><A HREF="https://www.howtoforge.com/automatically-unlock-luks-encrypted-drives-with-a-keyfile/">Automatically Unlock LUKS Encrypted Drives With A Keyfile</A></LI>
|
||||||
|
<LI><A HREF="https://wiki.gentoo.org/wiki/Dm-crypt">Dm-crypt</A> (Gentoo Wiki)</LI>
|
||||||
<LI><A HREF="https://www.cyberciti.biz/security/how-to-backup-and-restore-luks-header-on-linux/">How to backup and restore LUKS header on Linux</A></LI>
|
<LI><A HREF="https://www.cyberciti.biz/security/how-to-backup-and-restore-luks-header-on-linux/">How to backup and restore LUKS header on Linux</A></LI>
|
||||||
<LI><A HREF="https://devconnected.com/how-to-encrypt-partition-on-linux/">How To Encrypt Partition on Linux</A></LI>
|
<LI><A HREF="https://devconnected.com/how-to-encrypt-partition-on-linux/">How To Encrypt Partition on Linux</A></LI>
|
||||||
<LI><A HREF="https://unixfuntime.wordpress.com/2012/08/20/luks-passphrases-changing-adding-removing/">LUKS passphrases: Changing, adding, removing</A></LI>
|
<LI><A HREF="https://unixfuntime.wordpress.com/2012/08/20/luks-passphrases-changing-adding-removing/">LUKS passphrases: Changing, adding, removing</A></LI>
|
||||||
|
<LI><A HREF="https://wiki.alpinelinux.org/wiki/LVM_on_LUKS">LVM on LUKS</A> (Alpine Wiki)</LI>
|
||||||
</UL>
|
</UL>
|
||||||
<P>
|
<P>
|
||||||
To format a partition for LUKS, use <CODE>lsblk</CODE> to determine the physical block device location for that partition and run <CODE>cryptsetup luksFormat [<I>partition</I>]</CODE>.
|
<CODE>e2fsprogs</CODE> is needed for the <CODE>dm_mod</CODE> kernel module used for LUKS partition decryption.
|
||||||
|
</P>
|
||||||
|
<P>
|
||||||
|
To format a partition for LUKS, determine the physical block device location for that partition and run <CODE>cryptsetup luksFormat [<I>partition</I>]</CODE>.
|
||||||
The passphrase used can be changed or removed after creation.
|
The passphrase used can be changed or removed after creation.
|
||||||
</P>
|
</P>
|
||||||
<P>
|
<P>
|
||||||
@ -156,23 +162,17 @@ To close an open LUKS partition, <CODE>umount(8)</CODE> it if it's open and <COD
|
|||||||
To make the LUKS partition openable via keyfile, first make a keyfile (<CODE>dd if=/dev/urandom of=/root/keyfile bs=1024 count=4</CODE> seems to work), and optionally make it readable by root only (<CODE>chmod 0400 [<I>keyfile</I>]</CODE>).
|
To make the LUKS partition openable via keyfile, first make a keyfile (<CODE>dd if=/dev/urandom of=/root/keyfile bs=1024 count=4</CODE> seems to work), and optionally make it readable by root only (<CODE>chmod 0400 [<I>keyfile</I>]</CODE>).
|
||||||
Then add the keyfile to the partition's LUKS header with <CODE>cryptsetup luksAddKey [<I>physical partition block device</I>] [<I>keyfile</I>]</CODE>.
|
Then add the keyfile to the partition's LUKS header with <CODE>cryptsetup luksAddKey [<I>physical partition block device</I>] [<I>keyfile</I>]</CODE>.
|
||||||
</P>
|
</P>
|
||||||
<H3>Mount LUKS encrypted partitions at boot</H3>
|
<H4>dm-crypt</H4>
|
||||||
<UL>
|
|
||||||
<LI><A HREF="https://www.howtoforge.com/automatically-unlock-luks-encrypted-drives-with-a-keyfile/">Automatically Unlock LUKS Encrypted Drives With A Keyfile</A></LI>
|
|
||||||
<LI><A HREF="https://wiki.gentoo.org/wiki/Dm-crypt">Dm-crypt</A> (Gentoo Wiki)</LI>
|
|
||||||
<LI><A HREF="https://wiki.alpinelinux.org/wiki/LVM_on_LUKS">LVM on LUKS</A> (Alpine Wiki)</LI>
|
|
||||||
</UL>
|
|
||||||
<P>See <A HREF="/knowledge/cryptography#luks_partitioning">cryptography#LUKS partitioning</A> for how to make a LUKS partition.</P>
|
|
||||||
<P>
|
<P>
|
||||||
<CODE>e2fsprogs</CODE> is needed for the <CODE>dm_mod</CODE> kernel module used for LUKS partition decryption.
|
<CODE>dm-crypt</CODE> is a service that automatically mounts LUKS volumes at boot.
|
||||||
</P>
|
</P>
|
||||||
<P>
|
<P>
|
||||||
On most OpenRC-initialized distributions, the <CODE>cryptsetup-openrc</CODE> package provides a <CODE>dmcrypt</CODE> service for OpenRC.
|
On most OpenRC-initialized distributions, the <CODE>cryptsetup-openrc</CODE> package provides <CODE>dmcrypt</CODE>.
|
||||||
Make sure that service is added to runlevel boot.
|
Make sure that service is added to runlevel boot.
|
||||||
</P>
|
</P>
|
||||||
<P>
|
<P>
|
||||||
Configure <CODE>/etc/conf.d/dmcrypt</CODE>, and accordingly fstab.
|
Configuration is in <CODE>/etc/conf.d/dmcrypt</CODE> and further configuration should be done in <CODE><A HREF="#fstab">fstab</A></CODE>.
|
||||||
<CODE>dmcrypt</CODE> will need the UUID of the <I>physical</I> block device while fstab (if being configured with UUIDs will need the UUID of the decrypted block device in the device mapper.
|
<CODE>dm-crypt</CODE> will need the UUID of the <I>physical</I> block device while fstab (if being configured with UUIDs will need the UUID of the decrypted block device in the device mapper.
|
||||||
</P>
|
</P>
|
||||||
|
|
||||||
|
|
||||||
@ -187,10 +187,10 @@ By default, postmarketOS will generate a random software MAC address when connec
|
|||||||
You can disable this by adding a NetworkManager rule.
|
You can disable this by adding a NetworkManager rule.
|
||||||
In <CODE>/etc/NetworkManager/conf.d/</CODE> you can make a file with any name that has the following:
|
In <CODE>/etc/NetworkManager/conf.d/</CODE> you can make a file with any name that has the following:
|
||||||
</P>
|
</P>
|
||||||
<P><CODE><PRE>
|
<PRE><CODE>
|
||||||
[device]
|
[device]
|
||||||
wifi.scan-rand-mac-address=no
|
wifi.scan-rand-mac-address=no
|
||||||
</PRE></CODE></P>
|
</CODE></PRE>
|
||||||
<P>
|
<P>
|
||||||
On a live system you can then <CODE>rc-service networkmanager restart</CODE> to restart NetworkManager and have it load the new configuration.
|
On a live system you can then <CODE>rc-service networkmanager restart</CODE> to restart NetworkManager and have it load the new configuration.
|
||||||
</P>
|
</P>
|
||||||
|
Loading…
Reference in New Issue
Block a user