From a8541811e98467478948b57db1e6c23ff72dcc7a Mon Sep 17 00:00:00 2001 From: Tobias Heinicke Date: Thu, 2 Jul 2015 01:03:46 +0200 Subject: Changed cryptomount occurences to exclude SOURCE. The GNU/Linux installation guides call 'cryptomount -a', which ignores any SOURCE parameter given and mounts all encrypted volumes regardless. To avoid confusion I removed the parameter and added a small note regarding mounting only specific partitions. --- docs/gnulinux/encrypted_parabola.html | 11 +++++++++-- docs/gnulinux/encrypted_trisquel.html | 11 +++++++++-- 2 files changed, 18 insertions(+), 4 deletions(-) (limited to 'docs/gnulinux') diff --git a/docs/gnulinux/encrypted_parabola.html b/docs/gnulinux/encrypted_parabola.html index 7a74f93d..7db3e7d3 100644 --- a/docs/gnulinux/encrypted_parabola.html +++ b/docs/gnulinux/encrypted_parabola.html @@ -474,7 +474,7 @@ (using those 2 underlines will boot lts kernel instead of normal).

- grub> cryptomount -a (ahci0,msdos1)
+ grub> cryptomount -a
grub> set root='lvm/matrix-rootvol'
grub> linux /boot/vmlinuz-linux-libre-lts root=/dev/matrix/rootvol cryptdevice=/dev/sda1:root
grub> initrd /boot/initramfs-linux-libre-lts.img
@@ -497,7 +497,7 @@

Inside the 'Load Operating System' menu entry, change the contents to:
- cryptomount -a (ahci0,msdos1)
+ cryptomount -a
set root='lvm/matrix-rootvol'
linux /boot/vmlinuz-linux-libre-lts root=/dev/matrix/rootvol cryptdevice=/dev/sda1:root
initrd /boot/initramfs-linux-libre-lts.img @@ -510,6 +510,12 @@ You could also create a menu entry to load /boot/vmlinuz-linux-libre-grsec and /boot/initramfs-linux-libre-grsec.img

+

+ Note: cryptomount -a mounts all encrypted devices found. It may be desirable to just mount the needed partition. + To do so you may either specify your partition via layout (e.g.: cryptomount -a (ahci0,msdos1)) + or use the UUID cryptomount -u UUID. +

+

Personally, I opted to have the entry for linux-libre-grsec at the top, so that it would load by default.

@@ -635,6 +641,7 @@ Copyright © 2014, 2015 Francis Rowe <info@gluglug.org.uk>
Copyright © 2015 Thomas Zelch <tze@xenlab.de>
Copyright © 2015 Arthur Heymans <arthur@aheymans.xyz>
+ Copyright © 2015 Tobias Heinicke <theinicke@bss-wf.de>
This document is released under the Creative Commons Attribution-ShareAlike 4.0 International Public License and all future versions. A copy of the license can be found at ../cc-by-sa-4.txt.

diff --git a/docs/gnulinux/encrypted_trisquel.html b/docs/gnulinux/encrypted_trisquel.html index 367dbbfb..27864a81 100644 --- a/docs/gnulinux/encrypted_trisquel.html +++ b/docs/gnulinux/encrypted_trisquel.html @@ -229,7 +229,7 @@

Do that:
- grub> cryptomount -a (ahci0,msdos1)
+ grub> cryptomount -a
grub> set root='lvm/grubcrypt-trisquel'
grub> linux /vmlinuz root=/dev/mapper/grubcrypt-trisquel cryptdevice=/dev/mapper/grubcrypt-trisquel:root
grub> initrd /initrd.img
@@ -276,12 +276,18 @@

- cryptomount -a (ahci0,msdos1)
+ cryptomount -a
set root='lvm/grubcrypt-trisquel'
linux /vmlinuz root=/dev/mapper/grubcrypt-trisquel cryptdevice=/dev/mapper/grubcrypt-trisquel:root
initrd /initrd.img

+

+ Note: cryptomount -a mounts all encrypted devices found. It may be desirable to just mount the needed partition. + To do so you may either specify your partition via layout (e.g.: cryptomount -a (ahci0,msdos1)) + or use the UUID cryptomount -u UUID. +

+

Additionally, you should set a GRUB password. This is not your LUKS password, but it's a password that you have to enter to see GRUB. This protects your system from an attacker simply booting a live USB and re-flashing your firmware. This should be different than your LUKS passphrase and user password. @@ -320,6 +326,7 @@

Copyright © 2014, 2015 Francis Rowe <info@gluglug.org.uk>
+ Copyright © 2015 Tobias Heinicke <theinicke@bss-wf.de>
This document is released under the Creative Commons Attribution-ShareAlike 4.0 International Public License and all future versions. A copy of the license can be found at ../cc-by-sa-4.txt.

-- cgit v1.2.3-70-g09d2