diff options
Diffstat (limited to 'docs/gnulinux/encrypted_debian.md')
| -rw-r--r-- | docs/gnulinux/encrypted_debian.md | 91 |
1 files changed, 44 insertions, 47 deletions
diff --git a/docs/gnulinux/encrypted_debian.md b/docs/gnulinux/encrypted_debian.md index 27e5be35..71129950 100644 --- a/docs/gnulinux/encrypted_debian.md +++ b/docs/gnulinux/encrypted_debian.md @@ -22,42 +22,43 @@ tampering by someone with physical access to the system. This guide is written for Debian net installer. You can download the ISO from the homepage on [debian.org](https://www.debian.org/). Use this on -the GRUB terminal to boot it from USB (for 64-bit Intel or AMD):\ -**set root='usb0'\ -linux /install.amd/vmlinuz\ -initrd /install.amd/initrd.gz\ -boot\ -** If you are on a 32-bit system (e.g. X60):\ -**set root='usb0'\ -linux /install.386/vmlinuz\ -initrd /install.386/initrd.gz\ -boot** - +the GRUB terminal to boot it from USB (for 64-bit Intel or AMD): + + set root='usb0' + linux /install.amd/vmlinuz + initrd /install.amd/initrd.gz + boot + +If you are on a 32-bit system (e.g. X60): + + set root='usb0' + linux /install.386/vmlinuz + initrd /install.386/initrd.gz + boot + [This guide](grub_boot_installer.md) shows how to create a boot USB drive with the Debian ISO image. -**This guide is \*only\* for the GRUB payload. If you use the -depthcharge payload, ignore this section entirely.** +*This guide is only for the GRUB payload. If you use the depthcharge payload, +ignore this section entirely.* -Note: on some thinkpads, a faulty DVD drive can cause the cryptomount -a -step during boot to fail. If this happens to you, try removing the -drive. +Note: on some thinkpads, a faulty DVD drive can cause the cryptomount -a step +during boot to fail. If this happens to you, try removing the drive. -Set a strong user password (lots of lowercase/uppercase, numbers and -symbols). +Set a strong user password (lots of lowercase/uppercase, numbers and symbols). -Use of the *diceware method* is recommended, for generating secure -passphrases (instead of passwords). +Use of the *diceware method* is recommended, for generating secure passphrases +(instead of passwords). -when the installer asks you to set up encryption (ecryptfs) for your -home directory, select 'Yes' if you want to: **LUKS is already secure -and performs well. Having ecryptfs on top of it will add noticeable -performance penalty, for little security gain in most use cases. This is -therefore optional, and not recommended. Choose 'no'.** +When the installer asks you to set up encryption (ecryptfs) for your home +directory, select 'Yes' if you want to: *LUKS is already secure and performs +well. Having ecryptfs on top of it will add noticeable performance penalty, for +little security gain in most use cases. This is therefore optional, and not +recommended. Choose 'no'.* -**Your user password should be different from the LUKS password which +*Your user password should be different from the LUKS password which you will set later on. Your LUKS password should, like the user -password, be secure.** +password, be secure.* Partitioning ============ @@ -88,15 +89,15 @@ Choose 'Manual' partitioning: - Configure the logical volume manager: - Keep settings: Yes - Create volume group: - - Name: **matrix** (use this exact name) + - Name: `matrix` (use this exact name) - Select crypto partition - Create logical volume - - select **matrix** (use this exact name) - - name: **rootvol** (use this exact name) + - select `matrix` (use this exact name) + - name: `rootvol` (use this exact name) - size: default, minus 2048 MB - Create logical volume - - select **matrix** (use this exact name) - - name: **swap** (user this exact name) + - select `matrix` (use this exact name) + - name: `swap` (user this exact name) - size: press enter Further partitioning @@ -129,8 +130,8 @@ something else. If you want debian-testing, then you should only select barebones options here and change the entries in /etc/apt/sources.list after -install to point to the new distro, and then run **apt-get update** and -**apt-get dist-upgrade** as root, then reboot and run **tasksel** as +install to point to the new distro, and then run `apt-get update` and +`apt-get dist-upgrade` as root, then reboot and run `tasksel` as root. This is to avoid downloading large packages twice. NOTE: If you want the latest up to date version of the Linux kernel, @@ -165,13 +166,11 @@ Booting your system =================== At this point, you will have finished the installation. At your GRUB -payload, press C to get to the command line. +payload, press C to get to the command line, and enter: -Do that:\ grub> cryptomount -a - grub> set root='lvm/matrix-rootvol'\ -grub> **linux /vmlinuz root=/dev/mapper/matrix-rootvol -cryptdevice=/dev/mapper/matrix-rootvol:root**\ + grub> set root='lvm/matrix-rootvol' + grub> linux /vmlinuz root=/dev/mapper/matrix-rootvolcryptdevice=/dev/mapper/matrix-rootvol:root grub> initrd /initrd.img grub> boot @@ -182,6 +181,7 @@ If you didn't encrypt your home directory, then you can safely ignore this section. Immediately after logging in, do that: + $ sudo ecryptfs-unwrap-passphrase This will be needed in the future if you ever need to recover your home @@ -199,12 +199,11 @@ Modify your grub.cfg (in the firmware) [using this tutorial](grub_cbfs.md); just change the default menu entry 'Load Operating System' to say this inside: -**cryptomount -a**\ -**set root='lvm/matrix-rootvol'**\ -**linux /vmlinuz root=/dev/mapper/matrix-rootvol -cryptdevice=/dev/mapper/matrix-rootvol:root**\ -**initrd /initrd.img** - + cryptomount -a + set root='lvm/matrix-rootvol' + linux /vmlinuz root=/dev/mapper/matrix-rootvolcryptdevice=/dev/mapper/matrix-rootvol:root + initrd /initrd.img + Without specifying a device, the *-a* parameter tries to unlock all detected LUKS volumes. You can also specify -u UUID or -a (device). @@ -302,8 +301,6 @@ problems. Removing that worked around the issue. Copyright © 2014, 2015, 2016 Leah Rowe <info@minifree.org>\ - - Permission is granted to copy, distribute and/or modify this document under the terms of the GNU Free Documentation License Version 1.3 or any later version published by the Free Software Foundation |