trent/trents_blog
1
0
Fork 0
Code Issues Pull Requests Projects Releases Wiki Activity

add lmde4-custom-partitions-disk-encryption

Browse Source
This commit is contained in:
Trent Palmer 2020-12-15 16:28:41 -08:00
parent c8799ea263
commit 30ee991649
23 changed files with 1349 additions and 22 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

10
docs/index.md
View File

@ -1,7 +1,11 @@
---
title: "Home"
authors: ["trent"]
---
# Trent's Blog # Trent's Blog
## **Posts By Date** ## **Posts By Date**
* [2020-12-15: LMDE4 Custom Partitions Disk Encryption](posts/linux-move-cursor-with-keyboard){target=_blank}
* [2020-06-21: Linux Move Cursor With Keyboard](posts/linux-move-cursor-with-keyboard){target=_blank} * [2020-06-21: Linux Move Cursor With Keyboard](posts/linux-move-cursor-with-keyboard){target=_blank}
* [2019-05-12: Simplified Raspberry Streaming](posts/simplified-raspberry-streaming){target=_blank} * [2019-05-12: Simplified Raspberry Streaming](posts/simplified-raspberry-streaming){target=_blank}
* [2019-04-13: Clear Linux Encrypted xfs Root](posts/clear-linux-encrypted-xfs-root){target=_blank} * [2019-04-13: Clear Linux Encrypted xfs Root](posts/clear-linux-encrypted-xfs-root){target=_blank}
@ -9,3 +13,7 @@
* [2019-02-11: Faster Partitioning With sgdisk](posts/faster-partitioning-with-sgdisk){target=_blank} * [2019-02-11: Faster Partitioning With sgdisk](posts/faster-partitioning-with-sgdisk){target=_blank}
* [2019-01-25: LMDE3 xfs Full Disk Encryption](posts/lmde3-xfs-full-disk-encryption){target=_blank} * [2019-01-25: LMDE3 xfs Full Disk Encryption](posts/lmde3-xfs-full-disk-encryption){target=_blank}
* [2019-01-25: Rewrite Hugo Themes Report in Python](posts/rewrite-hugo-themes-report-in-python){target=_blank} * [2019-01-25: Rewrite Hugo Themes Report in Python](posts/rewrite-hugo-themes-report-in-python){target=_blank}
## **Links**
* [Links](links.md){target=_blank}

4
docs/links.md
View File

@ -1,3 +1,7 @@
---
title: "Links"
authors: ["trent"]
---
# Trent's Blog # Trent's Blog
## **Links** ## **Links**

BIN
docs/photos/Screenshot31.png Normal file
View File

Binary file not shown.
Side by Side

After

Width:  |  Height:  |  Size: 71 KiB

BIN
docs/photos/Screenshot39.png Normal file
View File

Binary file not shown.
Side by Side

After

Width:  |  Height:  |  Size: 24 KiB

5
docs/posts/lmde3-xfs-full-disk-encryption.md
View File

@ -196,17 +196,18 @@ UUID=72241377-cd65-43a6-8363-1afce5bd93f6 / xfs defaults 0 1
But before the file systems can be mounted, `crypttab` needs to mount `/dev/sda3` at `/dev/mapper/cryptroot`. But before the file systems can be mounted, `crypttab` needs to mount `/dev/sda3` at `/dev/mapper/cryptroot`.
Configure `/etc/crypttab` which is actually currently at `/target/etc/crypttab` Configure `/etc/crypttab` which is actually currently at `/target/etc/crypttab`
1. find the UUID of the partition that will be mounted at `/dev/mapper/crypttab` * find the UUID of the partition that will be mounted at `/dev/mapper/crypttab`
```console ```console
blkid /dev/sda3 -s UUID blkid /dev/sda3 -s UUID
``` ```
And when you find the correct UUID number for `/dev/sda3`, And when you find the correct UUID number for `/dev/sda3`,
use that to configure `/etc/crypttab` which is actually currently at `/target/etc/crypttab`. use that to configure `/etc/crypttab` which is actually currently at `/target/etc/crypttab`.
```conf ```conf
# /etc/crypttab # /etc/crypttab
# run the command `blkid /dev/sda3 -s UUID` which outputs # run the command `blkid /dev/sda3 -s UUID` which outputs
# /dev/sdb3: UUID="da3e0967-711f-4159-85ac-7d5743a75201", from which derive # /dev/sda3: UUID="da3e0967-711f-4159-85ac-7d5743a75201", from which derive
# <target name> <source device> <key file> <options> # <target name> <source device> <key file> <options>
cryptroot UUID=da3e0967-711f-4159-85ac-7d5743a75201 none luks cryptroot UUID=da3e0967-711f-4159-85ac-7d5743a75201 none luks
``` ```

261
docs/posts/lmde4-custom-partitions-disk-encryption.md Normal file
View File

@ -0,0 +1,261 @@
---
title: "LMDE4 Custom Partitions Disk Encryption"
date: 2020-12-15
draft: false
tags: ["linux-mint","disk-encryption"]
authors: ["trent"]
---
date: 2020-12-15
## **Introduction**
Linux Mint Debian Edition is the alternate version of Linux Mint, but built on a Debian base. The result is quite pleasant: the
stability of desktop Debian, but with the rough edges polished smooth, nicely configured fonts and ui, and all the multi-media codecs included.
Previously, I wrote a [guide for installing LMDE3 with disk encryption](lmde3-xfs-full-disk-encryption.md){target=_blank}.
The installer for LMDE 4 is different
in that it includes support for disk encryption, but not if you need custom partitions such as for a **dual-boot
configuration**.
With this in mind, the examples presented below assume that you have Windows 10 installed in 4 partitions, and
thus you would want to make 3 partitions (5,6,7) after that, for LMDE4.
As with before, with separate partitions for `/boot` formatted ext4, `/boot/efi` formatted fat32,
and a regular luks-encrypted partition for `/` formatted xfs.
With a separate efi partition for LMDE4, you can then use the computer's device boot menu to
select which efi boot entry you want to boot. There is also an advantage in having Windows use the
first efi partition, in that if something happens to the Windows efi boot entry, you can fall back to the
default efi executable. Whereas, if the efi boot entry for Linux somehow gets wiped, you could [repair that
easily enough via chroot](https://help.ubuntu.com/community/Grub2/Installing#via_ChRoot){target=_blank}.
## **Prepare The Installation Media**
Visit the [Linux Mint Website](https://www.linuxmint.com/){target=_blank}
and [download](https://www.linuxmint.com/edition.php?id=279){target=_blank} the iso file for LMDE 4 64bit. Download from torrents if possible, to save bandwidth.
* verify the sha256 sum of the iso file
```console
sha256sum lmde-4-cinnamon-64bit.iso
```
Identify the thumb drive you are going to install from.
* type `lsblk`, note the output, and then insert the thumb drive
* then type `lsblk` again and note the *additional output*
```console
# lsblk /dev/sdb
NAME MAJ:MIN RM SIZE RO TYPE MOUNTPOINT
sdb 8:32 1 14.5G 0 disk
├─sdb1 8:33 1 3.4G 0 part /media/trent/Debian 9.6.0 amd64
└─sdb2 8:34 1 416K 0 part
```
In the above example output we see that our thumb drive is identified as `/dev/sdb`, and partition `/dev/sdb1` is automatically mounted.
Take special care that you have accurately identified the thumb drive before proceeding. For the sake of example,
we will proceed on the assumption that our thumb drive is identified as `/dev/sdb`, but you need to compensate accordingly.
* unmount any partition of the thumb drive that are automatically mounted
```console
umount /dev/sdb1
```
* write the disk image to the thumb drive
```console
ddrescue -D --force lmde-4-cinnamon-64bit.iso /dev/sdb
```
## **Boot The Install Disc**
* boot into bios to disable fastboot and secureboot
* invoke your machine's device boot menu and boot the install disc in uefi mode
* confirm that you have booted in uefi mode by listing efivars
```console
ls /sys/firmware/efi/vars
```
## **Partition The Hard Drive**
If you recall we are assuming the target hard drive is `/dev/sda`, as an example. So, make adjustments as necessary.
If you would rather use a different partition tool, make sure the efi partition is an efi partition type, and you definitely need a separate `/boot` partition.
If indeed, you are installing a dual-boot and are installing alongside another operating system,
then **skip steps 1 and 2**, obviously.
1. if needed you can clear the drive with wipefs
```console
wipefs --all /dev/sda
```
1. create a new partition table for `/dev/sda`
```console
sgdisk /dev/sda -o
```
1. create a new efi partition for `/dev/sda`
```console
sgdisk /dev/sda --new=5::+512MiB --typecode=1:ef00
```
1. create a new `/boot` partition for `/dev/sda`
```console
sgdisk /dev/sda --new=6::+1G
```
1. create a new `/` partition for `/dev/sda`
```console
sgdisk /dev/sda --new=7
```
1. verify your partition work
```console
sgdisk /dev/sda -p
```
1. format the efi partition
```console
mkfs.vfat -F32 /dev/sda5
```
1. format the /boot partition
```console
mkfs.ext4 /dev/sda6
```
1. encrypt the `/` partition, you will be prompted for a password
```console
cryptsetup -y -v luksFormat --type luks2 /dev/sda7
```
1. decrypt the `/` partition, you will be prompted for a password
```console
cryptsetup open /dev/sda7 cryptroot
```
1. format the `/` device
```console
mkfs.xfs /dev/mapper/cryptroot
```
## **Mount The Hard Drive**
This takes advantage of *expert mode* in the LMDE installer.
1. create an `/target` directory
```console
mkdir /target
```
1. mount the `/` device at `/target`
```console
mount /dev/mapper/cryptroot /target
```
1. create an `/target/boot` directory
```console
mkdir /target/boot
```
1. mount the `/boot` partition at `/target/boot`
```console
mount /dev/sda6 /target/boot
```
1. create an `/target/boot/efi` directory
```console
mkdir /target/boot/efi
```
1. mount the efi partition at `/target/boot/efi`
```console
mount /dev/sda5 /target/boot/efi
```
## **Run The Installer App From Command Line**
At this point you're ready to run the live installer. But you need to run the
installer from the command line in order to **use expert-mode**:
```console
live-installer --expert-mode
```
The first three pages of the live-installer cover Language,Timezone, and Keymap.
The fourth page of the live-installer covers name, password, and hostname. After this
**select manual partitioning**.
On the seventh page of the live-installer, you come to a partition configuration page.
But there is nothing to do here. The partition-configuration doesn't even recognize
your encrypted partitions. But no matter, because you have already mounted the target
file system relative to `/target/`, so select *expert mode* at the bottom of the page.
<figure>
<img src=../../photos/Screenshot31.png width="100%" />
<figcaption>the installer doesn't even recognize the encrypted partitions ... ignore everything on this screen and click the `Expert mode` button</figcaption>
</figure>
Again select *forward*, and when you come to the page where you configure the location
to install grub, that should be the efi partition, i.e. `/dev/sda5`.
<figure>
<img src=../../photos/Screenshot39.png width="100%" />
<figcaption>select the efi partition as the location to install grub</figcaption>
</figure>
Then continue with the installation. The installation will run for a
few minutes and will then pause. There will be a popup informing you that the installation has paused.
During the pause you need to manually configure `fstab` and `crypttab`.
## **Configure Fstab**
1. find the UUID of the efi partition
```console
blkid /dev/sda5 -s UUID
```
1. find the UUID of the `/boot` partition
```console
blkid /dev/sda6 -s UUID
```
1. find the UUID of the `/` device
```console
blkid /dev/mapper/cryptroot -s UUID
```
And when you find the correct UUID numbers, use them to configure `/etc/fstab` which is actually currently at `/target/etc/fstab`.
```conf
# /etc/fstab
###############
# efi partition
# run the command `blkid /dev/sda1 -s UUID` which outputs
# /dev/sda5: UUID="17C4-215D", from which derive
UUID=17C4-215D /boot/efi vfat defaults 0 2
# /boot partition
# run the command `blkid /dev/sda2 -s UUID` which outputs
# /dev/sda6: UUID="f2509fff-4854-4721-b546-0274c89e6aec", from which derive
UUID=f2509fff-4854-4721-b546-0274c89e6aec /boot ext4 defaults 0 2
# "/" device
# run the command `blkid /dev/mapper/cryptroot -s UUID` which outputs
# /dev/mapper/cryptroot: UUID="72241377-cd65-43a6-8363-1afce5bd93f6", from which derive
UUID=72241377-cd65-43a6-8363-1afce5bd93f6 / xfs defaults 0 1
```
## **Configure Crypttab**
But before the file systems can be mounted, `crypttab` needs to mount `/dev/sda3` at `/dev/mapper/cryptroot`.
Configure `/etc/crypttab` which is actually currently at `/target/etc/crypttab`
Sorry, that's actually an over-simplification. But you need to configure `crypttab` now,
because when the installer continues running again, it installs the bootloader and builds the initramfs,
and `mkinitramfs` parses `crypttab`, and builds and configures the initramfs in such a way that it knows
to decrypt your `/` partition so it can then hand it off to the kernel at boot time (I think).
* find the UUID of the partition that will be mounted at `/dev/mapper/crypttab`
```console
blkid /dev/sda3 -s UUID
```
And when you find the correct UUID number for `/dev/sda3`,
use that to configure `/etc/crypttab` which is actually currently at `/target/etc/crypttab`.
```conf
# /etc/crypttab
# run the command `blkid /dev/sda7 -s UUID` which outputs
# /dev/sda7: UUID="da3e0967-711f-4159-85ac-7d5743a75201", from which derive
# <target name> <source device> <key file> <options>
cryptroot UUID=da3e0967-711f-4159-85ac-7d5743a75201 none luks
```
## **Resume Installer App**
At this point finish running the live installer, and you'll be done.
## **UEFI Fix**
Well, actually there isn't one. In this scenario having two efi partitions,
we rely on the motherboard correctly persisting efi boot entries.
So if you are unlucky enough to have one of the HP laptops that
*forgets* efi boot entries, I guess you are out of luck.
You might try using a single efi partition instead of two, and
maybe that will work. Presumably this would require using VeraCrypt
for Windows, instead of Bitlocker (because Bitlocker won't allow Grub
to load the Windows bootloader?)
## **Optional Swap File**
Visit the [Arch Wiki](https://wiki.archlinux.org/index.php/Swap#Swap_file){target=_blank} and they will hook you up.

1
mkdocs.yml
View File

@ -19,6 +19,7 @@ markdown_extensions:
nav: nav:
- Home: - Home:
- Home: index.md - Home: index.md
- posts/lmde4-custom-partitions-disk-encryption.md
- posts/linux-move-cursor-with-keyboard.md - posts/linux-move-cursor-with-keyboard.md
- posts/simplified-raspberry-streaming.md - posts/simplified-raspberry-streaming.md
- posts/clear-linux-encrypted-xfs-root.md - posts/clear-linux-encrypted-xfs-root.md

12
site/404.html
View File

@ -225,6 +225,18 @@
<li class="md-nav__item">
<a href="/posts/lmde4-custom-partitions-disk-encryption/" class="md-nav__link">
LMDE4 Custom Partitions Disk Encryption
</a>
</li>
<li class="md-nav__item"> <li class="md-nav__item">
<a href="/posts/linux-move-cursor-with-keyboard/" class="md-nav__link"> <a href="/posts/linux-move-cursor-with-keyboard/" class="md-nav__link">
Linux Move Cursor With Keyboard Linux Move Cursor With Keyboard

37
site/index.html
View File

@ -260,6 +260,13 @@
Posts By Date Posts By Date
</a> </a>
</li>
<li class="md-nav__item">
<a href="#links" class="md-nav__link">
Links
</a>
</li> </li>
</ul> </ul>
@ -274,6 +281,18 @@
<li class="md-nav__item">
<a href="posts/lmde4-custom-partitions-disk-encryption/" class="md-nav__link">
LMDE4 Custom Partitions Disk Encryption
</a>
</li>
<li class="md-nav__item"> <li class="md-nav__item">
<a href="posts/linux-move-cursor-with-keyboard/" class="md-nav__link"> <a href="posts/linux-move-cursor-with-keyboard/" class="md-nav__link">
Linux Move Cursor With Keyboard Linux Move Cursor With Keyboard
@ -423,6 +442,13 @@
Posts By Date Posts By Date
</a> </a>
</li>
<li class="md-nav__item">
<a href="#links" class="md-nav__link">
Links
</a>
</li> </li>
</ul> </ul>
@ -441,6 +467,7 @@
<h1 id="trents-blog">Trent's Blog</h1> <h1 id="trents-blog">Trent's Blog</h1>
<h2 id="posts-by-date"><strong>Posts By Date</strong></h2> <h2 id="posts-by-date"><strong>Posts By Date</strong></h2>
<ul> <ul>
<li><a href="posts/linux-move-cursor-with-keyboard" target="_blank">2020-12-15: LMDE4 Custom Partitions Disk Encryption</a></li>
<li><a href="posts/linux-move-cursor-with-keyboard" target="_blank">2020-06-21: Linux Move Cursor With Keyboard</a></li> <li><a href="posts/linux-move-cursor-with-keyboard" target="_blank">2020-06-21: Linux Move Cursor With Keyboard</a></li>
<li><a href="posts/simplified-raspberry-streaming" target="_blank">2019-05-12: Simplified Raspberry Streaming</a></li> <li><a href="posts/simplified-raspberry-streaming" target="_blank">2019-05-12: Simplified Raspberry Streaming</a></li>
<li><a href="posts/clear-linux-encrypted-xfs-root" target="_blank">2019-04-13: Clear Linux Encrypted xfs Root</a></li> <li><a href="posts/clear-linux-encrypted-xfs-root" target="_blank">2019-04-13: Clear Linux Encrypted xfs Root</a></li>
@ -449,6 +476,12 @@
<li><a href="posts/lmde3-xfs-full-disk-encryption" target="_blank">2019-01-25: LMDE3 xfs Full Disk Encryption</a></li> <li><a href="posts/lmde3-xfs-full-disk-encryption" target="_blank">2019-01-25: LMDE3 xfs Full Disk Encryption</a></li>
<li><a href="posts/rewrite-hugo-themes-report-in-python" target="_blank">2019-01-25: Rewrite Hugo Themes Report in Python</a></li> <li><a href="posts/rewrite-hugo-themes-report-in-python" target="_blank">2019-01-25: Rewrite Hugo Themes Report in Python</a></li>
</ul> </ul>
<h2 id="links"><strong>Links</strong></h2>
<ul>
<li><a href="links/" target="_blank">Links</a></li>
</ul>
@ -468,13 +501,13 @@
<nav class="md-footer-nav__inner md-grid" aria-label="Footer"> <nav class="md-footer-nav__inner md-grid" aria-label="Footer">
<a href="posts/linux-move-cursor-with-keyboard/" class="md-footer-nav__link md-footer-nav__link--next" rel="next"> <a href="posts/lmde4-custom-partitions-disk-encryption/" class="md-footer-nav__link md-footer-nav__link--next" rel="next">
<div class="md-footer-nav__title"> <div class="md-footer-nav__title">
<div class="md-ellipsis"> <div class="md-ellipsis">
<span class="md-footer-nav__direction"> <span class="md-footer-nav__direction">
Next Next
</span> </span>
Linux Move Cursor With Keyboard LMDE4 Custom Partitions Disk Encryption
</div> </div>
</div> </div>
<div class="md-footer-nav__button md-icon"> <div class="md-footer-nav__button md-icon">

14
site/links/index.html
View File

@ -234,6 +234,18 @@
<li class="md-nav__item">
<a href="../posts/lmde4-custom-partitions-disk-encryption/" class="md-nav__link">
LMDE4 Custom Partitions Disk Encryption
</a>
</li>
<li class="md-nav__item"> <li class="md-nav__item">
<a href="../posts/linux-move-cursor-with-keyboard/" class="md-nav__link"> <a href="../posts/linux-move-cursor-with-keyboard/" class="md-nav__link">
Linux Move Cursor With Keyboard Linux Move Cursor With Keyboard
@ -454,6 +466,8 @@
<li><a href="https://www.oregonhikers.org/field_guide/" target="_blank">Oregon Hikers' Field Guide</a></li> <li><a href="https://www.oregonhikers.org/field_guide/" target="_blank">Oregon Hikers' Field Guide</a></li>
</ul> </ul>

BIN
site/photos/Screenshot31.png Normal file
View File

Binary file not shown.
Side by Side

After

Width:  |  Height:  |  Size: 71 KiB

BIN
site/photos/Screenshot39.png Normal file
View File

Binary file not shown.
Side by Side

After

Width:  |  Height:  |  Size: 24 KiB

12
site/posts/clear-linux-encrypted-xfs-root/index.html
View File

@ -236,6 +236,18 @@
<li class="md-nav__item">
<a href="../lmde4-custom-partitions-disk-encryption/" class="md-nav__link">
LMDE4 Custom Partitions Disk Encryption
</a>
</li>
<li class="md-nav__item"> <li class="md-nav__item">
<a href="../linux-move-cursor-with-keyboard/" class="md-nav__link"> <a href="../linux-move-cursor-with-keyboard/" class="md-nav__link">
Linux Move Cursor With Keyboard Linux Move Cursor With Keyboard

12
site/posts/clear-linux-guest-virt-manager/index.html
View File

@ -236,6 +236,18 @@
<li class="md-nav__item">
<a href="../lmde4-custom-partitions-disk-encryption/" class="md-nav__link">
LMDE4 Custom Partitions Disk Encryption
</a>
</li>
<li class="md-nav__item"> <li class="md-nav__item">
<a href="../linux-move-cursor-with-keyboard/" class="md-nav__link"> <a href="../linux-move-cursor-with-keyboard/" class="md-nav__link">
Linux Move Cursor With Keyboard Linux Move Cursor With Keyboard

12
site/posts/faster-partitioning-with-sgdisk/index.html
View File

@ -236,6 +236,18 @@
<li class="md-nav__item">
<a href="../lmde4-custom-partitions-disk-encryption/" class="md-nav__link">
LMDE4 Custom Partitions Disk Encryption
</a>
</li>
<li class="md-nav__item"> <li class="md-nav__item">
<a href="../linux-move-cursor-with-keyboard/" class="md-nav__link"> <a href="../linux-move-cursor-with-keyboard/" class="md-nav__link">
Linux Move Cursor With Keyboard Linux Move Cursor With Keyboard

16
site/posts/linux-move-cursor-with-keyboard/index.html
View File

@ -235,6 +235,18 @@
<li class="md-nav__item">
<a href="../lmde4-custom-partitions-disk-encryption/" class="md-nav__link">
LMDE4 Custom Partitions Disk Encryption
</a>
</li>
@ -511,7 +523,7 @@ For instance, I find the</p>
<div class="md-footer-nav"> <div class="md-footer-nav">
<nav class="md-footer-nav__inner md-grid" aria-label="Footer"> <nav class="md-footer-nav__inner md-grid" aria-label="Footer">
<a href="../.." class="md-footer-nav__link md-footer-nav__link--prev" rel="prev"> <a href="../lmde4-custom-partitions-disk-encryption/" class="md-footer-nav__link md-footer-nav__link--prev" rel="prev">
<div class="md-footer-nav__button md-icon"> <div class="md-footer-nav__button md-icon">
<svg xmlns="http://www.w3.org/2000/svg" viewBox="0 0 24 24"><path d="M20 11v2H8l5.5 5.5-1.42 1.42L4.16 12l7.92-7.92L13.5 5.5 8 11h12z"/></svg> <svg xmlns="http://www.w3.org/2000/svg" viewBox="0 0 24 24"><path d="M20 11v2H8l5.5 5.5-1.42 1.42L4.16 12l7.92-7.92L13.5 5.5 8 11h12z"/></svg>
</div> </div>
@ -520,7 +532,7 @@ For instance, I find the</p>
<span class="md-footer-nav__direction"> <span class="md-footer-nav__direction">
Previous Previous
</span> </span>
Home LMDE4 Custom Partitions Disk Encryption
</div> </div>
</div> </div>
</a> </a>

22
site/posts/lmde3-xfs-full-disk-encryption/index.html
View File

@ -236,6 +236,18 @@
<li class="md-nav__item">
<a href="../lmde4-custom-partitions-disk-encryption/" class="md-nav__link">
LMDE4 Custom Partitions Disk Encryption
</a>
</li>
<li class="md-nav__item"> <li class="md-nav__item">
<a href="../linux-move-cursor-with-keyboard/" class="md-nav__link"> <a href="../linux-move-cursor-with-keyboard/" class="md-nav__link">
Linux Move Cursor With Keyboard Linux Move Cursor With Keyboard
@ -730,19 +742,19 @@ UUID=72241377-cd65-43a6-8363-1afce5bd93f6 / xfs defaults 0 1
<h2 id="configure-crypttab"><strong>Configure Crypttab</strong></h2> <h2 id="configure-crypttab"><strong>Configure Crypttab</strong></h2>
<p>But before the file systems can be mounted, <code>crypttab</code> needs to mount <code>/dev/sda3</code> at <code>/dev/mapper/cryptroot</code>. <p>But before the file systems can be mounted, <code>crypttab</code> needs to mount <code>/dev/sda3</code> at <code>/dev/mapper/cryptroot</code>.
Configure <code>/etc/crypttab</code> which is actually currently at <code>/target/etc/crypttab</code></p> Configure <code>/etc/crypttab</code> which is actually currently at <code>/target/etc/crypttab</code></p>
<ol> <ul>
<li>find the UUID of the partition that will be mounted at <code>/dev/mapper/crypttab</code> <li>find the UUID of the partition that will be mounted at <code>/dev/mapper/crypttab</code>
<div class="highlight"><pre><span></span><code><span class="go">blkid /dev/sda3 -s UUID</span> <div class="highlight"><pre><span></span><code><span class="go">blkid /dev/sda3 -s UUID</span>
</code></pre></div></li> </code></pre></div></li>
</ol> </ul>
<p>And when you find the correct UUID number for <code>/dev/sda3</code>, <p>And when you find the correct UUID number for <code>/dev/sda3</code>,
use that to configure <code>/etc/crypttab</code> which is actually currently at <code>/target/etc/crypttab</code>. use that to configure <code>/etc/crypttab</code> which is actually currently at <code>/target/etc/crypttab</code>.</p>
<div class="highlight"><pre><span></span><code># /etc/crypttab <div class="highlight"><pre><span></span><code># /etc/crypttab
# run the command `blkid /dev/sda3 -s UUID` which outputs # run the command `blkid /dev/sda3 -s UUID` which outputs
# /dev/sdb3: UUID=&quot;da3e0967-711f-4159-85ac-7d5743a75201&quot;, from which derive # /dev/sda3: UUID=&quot;da3e0967-711f-4159-85ac-7d5743a75201&quot;, from which derive
# &lt;target name&gt; &lt;source device&gt; &lt;key file&gt; &lt;options&gt; # &lt;target name&gt; &lt;source device&gt; &lt;key file&gt; &lt;options&gt;
cryptroot UUID=da3e0967-711f-4159-85ac-7d5743a75201 none luks cryptroot UUID=da3e0967-711f-4159-85ac-7d5743a75201 none luks
</code></pre></div></p> </code></pre></div>
<h2 id="resume-installer-app"><strong>Resume Installer App</strong></h2> <h2 id="resume-installer-app"><strong>Resume Installer App</strong></h2>
<p>At this point finish running the live installer, and you'll be done.</p> <p>At this point finish running the live installer, and you'll be done.</p>
<h2 id="uefi-fix"><strong>UEFI Fix</strong></h2> <h2 id="uefi-fix"><strong>UEFI Fix</strong></h2>

905
site/posts/lmde4-custom-partitions-disk-encryption/index.html Normal file
View File

@ -0,0 +1,905 @@
<!doctype html>
<html lang="en" class="no-js">
<head>
<meta charset="utf-8">
<meta name="viewport" content="width=device-width,initial-scale=1">
<link rel="shortcut icon" href="../../assets/images/favicon.png">
<meta name="generator" content="mkdocs-1.1.2, mkdocs-material-6.1.7">
<title>LMDE4 Custom Partitions Disk Encryption - Trent's Blog</title>
<link rel="stylesheet" href="../../assets/stylesheets/main.19753c6b.min.css">
<link rel="stylesheet" href="../../assets/stylesheets/palette.196e0c26.min.css">
<link href="https://fonts.gstatic.com" rel="preconnect" crossorigin>
<link rel="stylesheet" href="https://fonts.googleapis.com/css?family=Roboto:300,400,400i,700%7CRoboto+Mono&display=fallback">
<style>body,input{font-family:"Roboto",-apple-system,BlinkMacSystemFont,Helvetica,Arial,sans-serif}code,kbd,pre{font-family:"Roboto Mono",SFMono-Regular,Consolas,Menlo,monospace}</style>
<link rel="stylesheet" href="../../extra.css">
</head>
<body dir="ltr" data-md-color-scheme="default" data-md-color-primary="" data-md-color-accent="">
<input class="md-toggle" data-md-toggle="drawer" type="checkbox" id="__drawer" autocomplete="off">
<input class="md-toggle" data-md-toggle="search" type="checkbox" id="__search" autocomplete="off">
<label class="md-overlay" for="__drawer"></label>
<div data-md-component="skip">
<a href="#introduction" class="md-skip">
Skip to content
</a>
</div>
<div data-md-component="announce">
</div>
<header class="md-header" data-md-component="header">
<nav class="md-header-nav md-grid" aria-label="Header">
<a href="../.." title="Trent&#39;s Blog" class="md-header-nav__button md-logo" aria-label="Trent's Blog">
<svg xmlns="http://www.w3.org/2000/svg" viewBox="0 0 24 24"><path d="M12 8a3 3 0 003-3 3 3 0 00-3-3 3 3 0 00-3 3 3 3 0 003 3m0 3.54C9.64 9.35 6.5 8 3 8v11c3.5 0 6.64 1.35 9 3.54 2.36-2.19 5.5-3.54 9-3.54V8c-3.5 0-6.64 1.35-9 3.54z"/></svg>
</a>
<label class="md-header-nav__button md-icon" for="__drawer">
<svg xmlns="http://www.w3.org/2000/svg" viewBox="0 0 24 24"><path d="M3 6h18v2H3V6m0 5h18v2H3v-2m0 5h18v2H3v-2z"/></svg>
</label>
<div class="md-header-nav__title" data-md-component="header-title">
<div class="md-header-nav__ellipsis">
<span class="md-header-nav__topic md-ellipsis">
Trent's Blog
</span>
<span class="md-header-nav__topic md-ellipsis">
LMDE4 Custom Partitions Disk Encryption
</span>
</div>
</div>
<label class="md-header-nav__button md-icon" for="__search">
<svg xmlns="http://www.w3.org/2000/svg" viewBox="0 0 24 24"><path d="M9.5 3A6.5 6.5 0 0116 9.5c0 1.61-.59 3.09-1.56 4.23l.27.27h.79l5 5-1.5 1.5-5-5v-.79l-.27-.27A6.516 6.516 0 019.5 16 6.5 6.5 0 013 9.5 6.5 6.5 0 019.5 3m0 2C7 5 5 7 5 9.5S7 14 9.5 14 14 12 14 9.5 12 5 9.5 5z"/></svg>
</label>
<div class="md-search" data-md-component="search" role="dialog">
<label class="md-search__overlay" for="__search"></label>
<div class="md-search__inner" role="search">
<form class="md-search__form" name="search">
<input type="text" class="md-search__input" name="query" aria-label="Search" placeholder="Search" autocapitalize="off" autocorrect="off" autocomplete="off" spellcheck="false" data-md-component="search-query" data-md-state="active" required>
<label class="md-search__icon md-icon" for="__search">
<svg xmlns="http://www.w3.org/2000/svg" viewBox="0 0 24 24"><path d="M9.5 3A6.5 6.5 0 0116 9.5c0 1.61-.59 3.09-1.56 4.23l.27.27h.79l5 5-1.5 1.5-5-5v-.79l-.27-.27A6.516 6.516 0 019.5 16 6.5 6.5 0 013 9.5 6.5 6.5 0 019.5 3m0 2C7 5 5 7 5 9.5S7 14 9.5 14 14 12 14 9.5 12 5 9.5 5z"/></svg>
<svg xmlns="http://www.w3.org/2000/svg" viewBox="0 0 24 24"><path d="M20 11v2H8l5.5 5.5-1.42 1.42L4.16 12l7.92-7.92L13.5 5.5 8 11h12z"/></svg>
</label>
<button type="reset" class="md-search__icon md-icon" aria-label="Clear" data-md-component="search-reset" tabindex="-1">
<svg xmlns="http://www.w3.org/2000/svg" viewBox="0 0 24 24"><path d="M19 6.41L17.59 5 12 10.59 6.41 5 5 6.41 10.59 12 5 17.59 6.41 19 12 13.41 17.59 19 19 17.59 13.41 12 19 6.41z"/></svg>
</button>
</form>
<div class="md-search__output">
<div class="md-search__scrollwrap" data-md-scrollfix>
<div class="md-search-result" data-md-component="search-result">
<div class="md-search-result__meta">
Initializing search
</div>
<ol class="md-search-result__list"></ol>
</div>
</div>
</div>
</div>
</div>
</nav>
</header>
<div class="md-container" data-md-component="container">
<nav class="md-tabs md-tabs--active" aria-label="Tabs" data-md-component="tabs">
<div class="md-tabs__inner md-grid">
<ul class="md-tabs__list">
<li class="md-tabs__item">
<a href="../.." class="md-tabs__link md-tabs__link--active">
Home
</a>
</li>
<li class="md-tabs__item">
<a href="../../links/" class="md-tabs__link">
Links
</a>
</li>
</ul>
</div>
</nav>
<main class="md-main" data-md-component="main">
<div class="md-main__inner md-grid">
<div class="md-sidebar md-sidebar--primary" data-md-component="navigation">
<div class="md-sidebar__scrollwrap">
<div class="md-sidebar__inner">
<nav class="md-nav md-nav--primary" aria-label="Navigation" data-md-level="0">
<label class="md-nav__title" for="__drawer">
<a href="../.." title="Trent&#39;s Blog" class="md-nav__button md-logo" aria-label="Trent's Blog">
<svg xmlns="http://www.w3.org/2000/svg" viewBox="0 0 24 24"><path d="M12 8a3 3 0 003-3 3 3 0 00-3-3 3 3 0 00-3 3 3 3 0 003 3m0 3.54C9.64 9.35 6.5 8 3 8v11c3.5 0 6.64 1.35 9 3.54 2.36-2.19 5.5-3.54 9-3.54V8c-3.5 0-6.64 1.35-9 3.54z"/></svg>
</a>
Trent's Blog
</label>
<ul class="md-nav__list" data-md-scrollfix>
<li class="md-nav__item md-nav__item--active md-nav__item--nested">
<input class="md-nav__toggle md-toggle" data-md-toggle="nav-1" type="checkbox" id="nav-1" checked>
<label class="md-nav__link" for="nav-1">
Home
<span class="md-nav__icon md-icon"></span>
</label>
<nav class="md-nav" aria-label="Home" data-md-level="1">
<label class="md-nav__title" for="nav-1">
<span class="md-nav__icon md-icon"></span>
Home
</label>
<ul class="md-nav__list" data-md-scrollfix>
<li class="md-nav__item">
<a href="../.." class="md-nav__link">
Home
</a>
</li>
<li class="md-nav__item md-nav__item--active">
<input class="md-nav__toggle md-toggle" data-md-toggle="toc" type="checkbox" id="__toc">
<label class="md-nav__link md-nav__link--active" for="__toc">
LMDE4 Custom Partitions Disk Encryption
<span class="md-nav__icon md-icon"></span>
</label>
<a href="./" class="md-nav__link md-nav__link--active">
LMDE4 Custom Partitions Disk Encryption
</a>
<nav class="md-nav md-nav--secondary" aria-label="Table of contents">
<label class="md-nav__title" for="__toc">
<span class="md-nav__icon md-icon"></span>
Table of contents
</label>
<ul class="md-nav__list" data-md-scrollfix>
<li class="md-nav__item">
<a href="#introduction" class="md-nav__link">
Introduction
</a>
</li>
<li class="md-nav__item">
<a href="#prepare-the-installation-media" class="md-nav__link">
Prepare The Installation Media
</a>
</li>
<li class="md-nav__item">
<a href="#boot-the-install-disc" class="md-nav__link">
Boot The Install Disc
</a>
</li>
<li class="md-nav__item">
<a href="#partition-the-hard-drive" class="md-nav__link">
Partition The Hard Drive
</a>
</li>
<li class="md-nav__item">
<a href="#mount-the-hard-drive" class="md-nav__link">
Mount The Hard Drive
</a>
</li>
<li class="md-nav__item">
<a href="#run-the-installer-app-from-command-line" class="md-nav__link">
Run The Installer App From Command Line
</a>
</li>
<li class="md-nav__item">
<a href="#configure-fstab" class="md-nav__link">
Configure Fstab
</a>
</li>
<li class="md-nav__item">
<a href="#configure-crypttab" class="md-nav__link">
Configure Crypttab
</a>
</li>
<li class="md-nav__item">
<a href="#resume-installer-app" class="md-nav__link">
Resume Installer App
</a>
</li>
<li class="md-nav__item">
<a href="#uefi-fix" class="md-nav__link">
UEFI Fix
</a>
</li>
<li class="md-nav__item">
<a href="#optional-swap-file" class="md-nav__link">
Optional Swap File
</a>
</li>
</ul>
</nav>
</li>
<li class="md-nav__item">
<a href="../linux-move-cursor-with-keyboard/" class="md-nav__link">
Linux Move Cursor With Keyboard
</a>
</li>
<li class="md-nav__item">
<a href="../simplified-raspberry-streaming/" class="md-nav__link">
Simplified Raspberry Streaming
</a>
</li>
<li class="md-nav__item">
<a href="../clear-linux-encrypted-xfs-root/" class="md-nav__link">
Clear Linux Encrypted xfs Root
</a>
</li>
<li class="md-nav__item">
<a href="../clear-linux-guest-virt-manager/" class="md-nav__link">
Clear Linux Guest Virt Manager
</a>
</li>
<li class="md-nav__item">
<a href="../faster-partitioning-with-sgdisk/" class="md-nav__link">
Faster Partitioning With sgdisk
</a>
</li>
<li class="md-nav__item">
<a href="../lmde3-xfs-full-disk-encryption/" class="md-nav__link">
LMDE3 xfs Full Disk Encryption
</a>
</li>
<li class="md-nav__item">
<a href="../rewrite-hugo-themes-report-in-python/" class="md-nav__link">
Rewrite Hugo Themes Report in Python
</a>
</li>
</ul>
</nav>
</li>
<li class="md-nav__item md-nav__item--nested">
<input class="md-nav__toggle md-toggle" data-md-toggle="nav-2" type="checkbox" id="nav-2" >
<label class="md-nav__link" for="nav-2">
Links
<span class="md-nav__icon md-icon"></span>
</label>
<nav class="md-nav" aria-label="Links" data-md-level="1">
<label class="md-nav__title" for="nav-2">
<span class="md-nav__icon md-icon"></span>
Links
</label>
<ul class="md-nav__list" data-md-scrollfix>
<li class="md-nav__item">
<a href="../../links/" class="md-nav__link">
Links
</a>
</li>
</ul>
</nav>
</li>
</ul>
</nav>
</div>
</div>
</div>
<div class="md-sidebar md-sidebar--secondary" data-md-component="toc">
<div class="md-sidebar__scrollwrap">
<div class="md-sidebar__inner">
<nav class="md-nav md-nav--secondary" aria-label="Table of contents">
<label class="md-nav__title" for="__toc">
<span class="md-nav__icon md-icon"></span>
Table of contents
</label>
<ul class="md-nav__list" data-md-scrollfix>
<li class="md-nav__item">
<a href="#introduction" class="md-nav__link">
Introduction
</a>
</li>
<li class="md-nav__item">
<a href="#prepare-the-installation-media" class="md-nav__link">
Prepare The Installation Media
</a>
</li>
<li class="md-nav__item">
<a href="#boot-the-install-disc" class="md-nav__link">
Boot The Install Disc
</a>
</li>
<li class="md-nav__item">
<a href="#partition-the-hard-drive" class="md-nav__link">
Partition The Hard Drive
</a>
</li>
<li class="md-nav__item">
<a href="#mount-the-hard-drive" class="md-nav__link">
Mount The Hard Drive
</a>
</li>
<li class="md-nav__item">
<a href="#run-the-installer-app-from-command-line" class="md-nav__link">
Run The Installer App From Command Line
</a>
</li>
<li class="md-nav__item">
<a href="#configure-fstab" class="md-nav__link">
Configure Fstab
</a>
</li>
<li class="md-nav__item">
<a href="#configure-crypttab" class="md-nav__link">
Configure Crypttab
</a>
</li>
<li class="md-nav__item">
<a href="#resume-installer-app" class="md-nav__link">
Resume Installer App
</a>
</li>
<li class="md-nav__item">
<a href="#uefi-fix" class="md-nav__link">
UEFI Fix
</a>
</li>
<li class="md-nav__item">
<a href="#optional-swap-file" class="md-nav__link">
Optional Swap File
</a>
</li>
</ul>
</nav>
</div>
</div>
</div>
<div class="md-content">
<article class="md-content__inner md-typeset">
<h1>LMDE4 Custom Partitions Disk Encryption</h1>
<p>date: 2020-12-15</p>
<h2 id="introduction"><strong>Introduction</strong></h2>
<p>Linux Mint Debian Edition is the alternate version of Linux Mint, but built on a Debian base. The result is quite pleasant: the
stability of desktop Debian, but with the rough edges polished smooth, nicely configured fonts and ui, and all the multi-media codecs included.</p>
<p>Previously, I wrote a <a href="../lmde3-xfs-full-disk-encryption/" target="_blank">guide for installing LMDE3 with disk encryption</a>.
The installer for LMDE 4 is different
in that it includes support for disk encryption, but not if you need custom partitions such as for a <strong>dual-boot
configuration</strong>.</p>
<p>With this in mind, the examples presented below assume that you have Windows 10 installed in 4 partitions, and
thus you would want to make 3 partitions (5,6,7) after that, for LMDE4.
As with before, with separate partitions for <code>/boot</code> formatted ext4, <code>/boot/efi</code> formatted fat32,
and a regular luks-encrypted partition for <code>/</code> formatted xfs.</p>
<p>With a separate efi partition for LMDE4, you can then use the computer's device boot menu to
select which efi boot entry you want to boot. There is also an advantage in having Windows use the
first efi partition, in that if something happens to the Windows efi boot entry, you can fall back to the
default efi executable. Whereas, if the efi boot entry for Linux somehow gets wiped, you could <a href="https://help.ubuntu.com/community/Grub2/Installing#via_ChRoot" target="_blank">repair that
easily enough via chroot</a>.</p>
<h2 id="prepare-the-installation-media"><strong>Prepare The Installation Media</strong></h2>
<p>Visit the <a href="https://www.linuxmint.com/" target="_blank">Linux Mint Website</a>
and <a href="https://www.linuxmint.com/edition.php?id=279" target="_blank">download</a> the iso file for LMDE 4 64bit. Download from torrents if possible, to save bandwidth.</p>
<ul>
<li>verify the sha256 sum of the iso file
<div class="highlight"><pre><span></span><code><span class="go">sha256sum lmde-4-cinnamon-64bit.iso</span>
</code></pre></div></li>
</ul>
<p>Identify the thumb drive you are going to install from.</p>
<ul>
<li>type <code>lsblk</code>, note the output, and then insert the thumb drive</li>
<li>then type <code>lsblk</code> again and note the <em>additional output</em></li>
</ul>
<p><div class="highlight"><pre><span></span><code><span class="gp">#</span> lsblk /dev/sdb
<span class="go">NAME MAJ:MIN RM SIZE RO TYPE MOUNTPOINT</span>
<span class="go">sdb 8:32 1 14.5G 0 disk</span>
<span class="go">├─sdb1 8:33 1 3.4G 0 part /media/trent/Debian 9.6.0 amd64</span>
<span class="go">└─sdb2 8:34 1 416K 0 part</span>
</code></pre></div>
In the above example output we see that our thumb drive is identified as <code>/dev/sdb</code>, and partition <code>/dev/sdb1</code> is automatically mounted.</p>
<p>Take special care that you have accurately identified the thumb drive before proceeding. For the sake of example,
we will proceed on the assumption that our thumb drive is identified as <code>/dev/sdb</code>, but you need to compensate accordingly.</p>
<ul>
<li>
<p>unmount any partition of the thumb drive that are automatically mounted
<div class="highlight"><pre><span></span><code><span class="go">umount /dev/sdb1</span>
</code></pre></div></p>
</li>
<li>
<p>write the disk image to the thumb drive
<div class="highlight"><pre><span></span><code><span class="go">ddrescue -D --force lmde-4-cinnamon-64bit.iso /dev/sdb</span>
</code></pre></div></p>
</li>
</ul>
<h2 id="boot-the-install-disc"><strong>Boot The Install Disc</strong></h2>
<ul>
<li>boot into bios to disable fastboot and secureboot</li>
<li>invoke your machine's device boot menu and boot the install disc in uefi mode</li>
<li>confirm that you have booted in uefi mode by listing efivars
<div class="highlight"><pre><span></span><code><span class="go">ls /sys/firmware/efi/vars</span>
</code></pre></div></li>
</ul>
<h2 id="partition-the-hard-drive"><strong>Partition The Hard Drive</strong></h2>
<p>If you recall we are assuming the target hard drive is <code>/dev/sda</code>, as an example. So, make adjustments as necessary.</p>
<p>If you would rather use a different partition tool, make sure the efi partition is an efi partition type, and you definitely need a separate <code>/boot</code> partition.</p>
<p>If indeed, you are installing a dual-boot and are installing alongside another operating system,
then <strong>skip steps 1 and 2</strong>, obviously.</p>
<ol>
<li>if needed you can clear the drive with wipefs
<div class="highlight"><pre><span></span><code><span class="go">wipefs --all /dev/sda</span>
</code></pre></div></li>
<li>create a new partition table for <code>/dev/sda</code>
<div class="highlight"><pre><span></span><code><span class="go">sgdisk /dev/sda -o</span>
</code></pre></div></li>
<li>create a new efi partition for <code>/dev/sda</code>
<div class="highlight"><pre><span></span><code><span class="go">sgdisk /dev/sda --new=5::+512MiB --typecode=1:ef00</span>
</code></pre></div></li>
<li>create a new <code>/boot</code> partition for <code>/dev/sda</code>
<div class="highlight"><pre><span></span><code><span class="go">sgdisk /dev/sda --new=6::+1G</span>
</code></pre></div></li>
<li>create a new <code>/</code> partition for <code>/dev/sda</code>
<div class="highlight"><pre><span></span><code><span class="go">sgdisk /dev/sda --new=7</span>
</code></pre></div></li>
<li>verify your partition work
<div class="highlight"><pre><span></span><code><span class="go">sgdisk /dev/sda -p</span>
</code></pre></div></li>
<li>format the efi partition
<div class="highlight"><pre><span></span><code><span class="go">mkfs.vfat -F32 /dev/sda5</span>
</code></pre></div></li>
<li>format the /boot partition
<div class="highlight"><pre><span></span><code><span class="go">mkfs.ext4 /dev/sda6</span>
</code></pre></div></li>
<li>encrypt the <code>/</code> partition, you will be prompted for a password
<div class="highlight"><pre><span></span><code><span class="go">cryptsetup -y -v luksFormat --type luks2 /dev/sda7</span>
</code></pre></div></li>
<li>decrypt the <code>/</code> partition, you will be prompted for a password
<div class="highlight"><pre><span></span><code><span class="go">cryptsetup open /dev/sda7 cryptroot</span>
</code></pre></div></li>
<li>format the <code>/</code> device
<div class="highlight"><pre><span></span><code><span class="go">mkfs.xfs /dev/mapper/cryptroot</span>
</code></pre></div></li>
</ol>
<h2 id="mount-the-hard-drive"><strong>Mount The Hard Drive</strong></h2>
<p>This takes advantage of <em>expert mode</em> in the LMDE installer.</p>
<ol>
<li>create an <code>/target</code> directory
<div class="highlight"><pre><span></span><code><span class="go">mkdir /target</span>
</code></pre></div></li>
<li>mount the <code>/</code> device at <code>/target</code>
<div class="highlight"><pre><span></span><code><span class="go">mount /dev/mapper/cryptroot /target</span>
</code></pre></div></li>
<li>create an <code>/target/boot</code> directory
<div class="highlight"><pre><span></span><code><span class="go">mkdir /target/boot</span>
</code></pre></div></li>
<li>mount the <code>/boot</code> partition at <code>/target/boot</code>
<div class="highlight"><pre><span></span><code><span class="go">mount /dev/sda6 /target/boot</span>
</code></pre></div></li>
<li>create an <code>/target/boot/efi</code> directory
<div class="highlight"><pre><span></span><code><span class="go">mkdir /target/boot/efi</span>
</code></pre></div></li>
<li>mount the efi partition at <code>/target/boot/efi</code>
<div class="highlight"><pre><span></span><code><span class="go">mount /dev/sda5 /target/boot/efi</span>
</code></pre></div></li>
</ol>
<h2 id="run-the-installer-app-from-command-line"><strong>Run The Installer App From Command Line</strong></h2>
<p>At this point you're ready to run the live installer. But you need to run the
installer from the command line in order to <strong>use expert-mode</strong>:
<div class="highlight"><pre><span></span><code><span class="go">live-installer --expert-mode</span>
</code></pre></div></p>
<p>The first three pages of the live-installer cover Language,Timezone, and Keymap.
The fourth page of the live-installer covers name, password, and hostname. After this
<strong>select manual partitioning</strong>.</p>
<p>On the seventh page of the live-installer, you come to a partition configuration page.
But there is nothing to do here. The partition-configuration doesn't even recognize
your encrypted partitions. But no matter, because you have already mounted the target
file system relative to <code>/target/</code>, so select <em>expert mode</em> at the bottom of the page.</p>
<figure>
<img src=../../photos/Screenshot31.png width="100%" />
<figcaption>the installer doesn't even recognize the encrypted partitions ... ignore everything on this screen and click the `Expert mode` button</figcaption>
</figure>
<p>Again select <em>forward</em>, and when you come to the page where you configure the location
to install grub, that should be the efi partition, i.e. <code>/dev/sda5</code>.</p>
<figure>
<img src=../../photos/Screenshot39.png width="100%" />
<figcaption>select the efi partition as the location to install grub</figcaption>
</figure>
<p>Then continue with the installation. The installation will run for a
few minutes and will then pause. There will be a popup informing you that the installation has paused.
During the pause you need to manually configure <code>fstab</code> and <code>crypttab</code>.</p>
<h2 id="configure-fstab"><strong>Configure Fstab</strong></h2>
<ol>
<li>find the UUID of the efi partition
<div class="highlight"><pre><span></span><code><span class="go">blkid /dev/sda5 -s UUID</span>
</code></pre></div></li>
<li>find the UUID of the <code>/boot</code> partition
<div class="highlight"><pre><span></span><code><span class="go">blkid /dev/sda6 -s UUID</span>
</code></pre></div></li>
<li>find the UUID of the <code>/</code> device
<div class="highlight"><pre><span></span><code><span class="go">blkid /dev/mapper/cryptroot -s UUID</span>
</code></pre></div></li>
</ol>
<p>And when you find the correct UUID numbers, use them to configure <code>/etc/fstab</code> which is actually currently at <code>/target/etc/fstab</code>.
<div class="highlight"><pre><span></span><code># /etc/fstab
###############
# efi partition
# run the command `blkid /dev/sda1 -s UUID` which outputs
# /dev/sda5: UUID=&quot;17C4-215D&quot;, from which derive
UUID=17C4-215D /boot/efi vfat defaults 0 2
# /boot partition
# run the command `blkid /dev/sda2 -s UUID` which outputs
# /dev/sda6: UUID=&quot;f2509fff-4854-4721-b546-0274c89e6aec&quot;, from which derive
UUID=f2509fff-4854-4721-b546-0274c89e6aec /boot ext4 defaults 0 2
# &quot;/&quot; device
# run the command `blkid /dev/mapper/cryptroot -s UUID` which outputs
# /dev/mapper/cryptroot: UUID=&quot;72241377-cd65-43a6-8363-1afce5bd93f6&quot;, from which derive
UUID=72241377-cd65-43a6-8363-1afce5bd93f6 / xfs defaults 0 1
</code></pre></div></p>
<h2 id="configure-crypttab"><strong>Configure Crypttab</strong></h2>
<p>But before the file systems can be mounted, <code>crypttab</code> needs to mount <code>/dev/sda3</code> at <code>/dev/mapper/cryptroot</code>.
Configure <code>/etc/crypttab</code> which is actually currently at <code>/target/etc/crypttab</code></p>
<p>Sorry, that's actually an over-simplification. But you need to configure <code>crypttab</code> now,
because when the installer continues running again, it installs the bootloader and builds the initramfs,
and <code>mkinitramfs</code> parses <code>crypttab</code>, and builds and configures the initramfs in such a way that it knows
to decrypt your <code>/</code> partition so it can then hand it off to the kernel at boot time (I think).</p>
<ul>
<li>find the UUID of the partition that will be mounted at <code>/dev/mapper/crypttab</code>
<div class="highlight"><pre><span></span><code><span class="go">blkid /dev/sda3 -s UUID</span>
</code></pre></div></li>
</ul>
<p>And when you find the correct UUID number for <code>/dev/sda3</code>,
use that to configure <code>/etc/crypttab</code> which is actually currently at <code>/target/etc/crypttab</code>.
<div class="highlight"><pre><span></span><code># /etc/crypttab
# run the command `blkid /dev/sda7 -s UUID` which outputs
# /dev/sda7: UUID=&quot;da3e0967-711f-4159-85ac-7d5743a75201&quot;, from which derive
# &lt;target name&gt; &lt;source device&gt; &lt;key file&gt; &lt;options&gt;
cryptroot UUID=da3e0967-711f-4159-85ac-7d5743a75201 none luks
</code></pre></div></p>
<h2 id="resume-installer-app"><strong>Resume Installer App</strong></h2>
<p>At this point finish running the live installer, and you'll be done.</p>
<h2 id="uefi-fix"><strong>UEFI Fix</strong></h2>
<p>Well, actually there isn't one. In this scenario having two efi partitions,
we rely on the motherboard correctly persisting efi boot entries.</p>
<p>So if you are unlucky enough to have one of the HP laptops that
<em>forgets</em> efi boot entries, I guess you are out of luck.</p>
<p>You might try using a single efi partition instead of two, and
maybe that will work. Presumably this would require using VeraCrypt
for Windows, instead of Bitlocker (because Bitlocker won't allow Grub
to load the Windows bootloader?)</p>
<h2 id="optional-swap-file"><strong>Optional Swap File</strong></h2>
<p>Visit the <a href="https://wiki.archlinux.org/index.php/Swap#Swap_file" target="_blank">Arch Wiki</a> and they will hook you up.</p>
</article>
</div>
</div>
</main>
<footer class="md-footer">
<div class="md-footer-nav">
<nav class="md-footer-nav__inner md-grid" aria-label="Footer">
<a href="../.." class="md-footer-nav__link md-footer-nav__link--prev" rel="prev">
<div class="md-footer-nav__button md-icon">
<svg xmlns="http://www.w3.org/2000/svg" viewBox="0 0 24 24"><path d="M20 11v2H8l5.5 5.5-1.42 1.42L4.16 12l7.92-7.92L13.5 5.5 8 11h12z"/></svg>
</div>
<div class="md-footer-nav__title">
<div class="md-ellipsis">
<span class="md-footer-nav__direction">
Previous
</span>
Home
</div>
</div>
</a>
<a href="../linux-move-cursor-with-keyboard/" class="md-footer-nav__link md-footer-nav__link--next" rel="next">
<div class="md-footer-nav__title">
<div class="md-ellipsis">
<span class="md-footer-nav__direction">
Next
</span>
Linux Move Cursor With Keyboard
</div>
</div>
<div class="md-footer-nav__button md-icon">
<svg xmlns="http://www.w3.org/2000/svg" viewBox="0 0 24 24"><path d="M4 11v2h12l-5.5 5.5 1.42 1.42L19.84 12l-7.92-7.92L10.5 5.5 16 11H4z"/></svg>
</div>
</a>
</nav>
</div>
<div class="md-footer-meta md-typeset">
<div class="md-footer-meta__inner md-grid">
<div class="md-footer-copyright">
Made with
<a href="https://squidfunk.github.io/mkdocs-material/" target="_blank" rel="noopener">
Material for MkDocs
</a>
</div>
<div class="md-footer-social">
<a href="https://twitter.com/boringtrent" target="_blank" rel="noopener" title="trent on twitter" class="md-footer-social__link">
<svg xmlns="http://www.w3.org/2000/svg" viewBox="0 0 512 512"><path d="M459.37 151.716c.325 4.548.325 9.097.325 13.645 0 138.72-105.583 298.558-298.558 298.558-59.452 0-114.68-17.219-161.137-47.106 8.447.974 16.568 1.299 25.34 1.299 49.055 0 94.213-16.568 130.274-44.832-46.132-.975-84.792-31.188-98.112-72.772 6.498.974 12.995 1.624 19.818 1.624 9.421 0 18.843-1.3 27.614-3.573-48.081-9.747-84.143-51.98-84.143-102.985v-1.299c13.969 7.797 30.214 12.67 47.431 13.319-28.264-18.843-46.781-51.005-46.781-87.391 0-19.492 5.197-37.36 14.294-52.954 51.655 63.675 129.3 105.258 216.365 109.807-1.624-7.797-2.599-15.918-2.599-24.04 0-57.828 46.782-104.934 104.934-104.934 30.213 0 57.502 12.67 76.67 33.137 23.715-4.548 46.456-13.32 66.599-25.34-7.798 24.366-24.366 44.833-46.132 57.827 21.117-2.273 41.584-8.122 60.426-16.243-14.292 20.791-32.161 39.308-52.628 54.253z"/></svg>
</a>
<a href="https://www.facebook.com/trentspalmer" target="_blank" rel="noopener" title="trent on facebook" class="md-footer-social__link">
<svg xmlns="http://www.w3.org/2000/svg" viewBox="0 0 512 512"><path d="M504 256C504 119 393 8 256 8S8 119 8 256c0 123.78 90.69 226.38 209.25 245V327.69h-63V256h63v-54.64c0-62.15 37-96.48 93.67-96.48 27.14 0 55.52 4.84 55.52 4.84v61h-31.28c-30.8 0-40.41 19.12-40.41 38.73V256h68.78l-11 71.69h-57.78V501C413.31 482.38 504 379.78 504 256z"/></svg>
</a>
<a href="https://github.com/TrentSPalmer" target="_blank" rel="noopener" title="trent on github" class="md-footer-social__link">
<svg xmlns="http://www.w3.org/2000/svg" viewBox="0 0 496 512"><path d="M165.9 397.4c0 2-2.3 3.6-5.2 3.6-3.3.3-5.6-1.3-5.6-3.6 0-2 2.3-3.6 5.2-3.6 3-.3 5.6 1.3 5.6 3.6zm-31.1-4.5c-.7 2 1.3 4.3 4.3 4.9 2.6 1 5.6 0 6.2-2s-1.3-4.3-4.3-5.2c-2.6-.7-5.5.3-6.2 2.3zm44.2-1.7c-2.9.7-4.9 2.6-4.6 4.9.3 2 2.9 3.3 5.9 2.6 2.9-.7 4.9-2.6 4.6-4.6-.3-1.9-3-3.2-5.9-2.9zM244.8 8C106.1 8 0 113.3 0 252c0 110.9 69.8 205.8 169.5 239.2 12.8 2.3 17.3-5.6 17.3-12.1 0-6.2-.3-40.4-.3-61.4 0 0-70 15-84.7-29.8 0 0-11.4-29.1-27.8-36.6 0 0-22.9-15.7 1.6-15.4 0 0 24.9 2 38.6 25.8 21.9 38.6 58.6 27.5 72.9 20.9 2.3-16 8.8-27.1 16-33.7-55.9-6.2-112.3-14.3-112.3-110.5 0-27.5 7.6-41.3 23.6-58.9-2.6-6.5-11.1-33.3 2.6-67.9 20.9-6.5 69 27 69 27 20-5.6 41.5-8.5 62.8-8.5s42.8 2.9 62.8 8.5c0 0 48.1-33.6 69-27 13.7 34.7 5.2 61.4 2.6 67.9 16 17.7 25.8 31.5 25.8 58.9 0 96.5-58.9 104.2-114.8 110.5 9.2 7.9 17 22.9 17 46.4 0 33.7-.3 75.4-.3 83.6 0 6.5 4.6 14.4 17.3 12.1C428.2 457.8 496 362.9 496 252 496 113.3 383.5 8 244.8 8zM97.2 352.9c-1.3 1-1 3.3.7 5.2 1.6 1.6 3.9 2.3 5.2 1 1.3-1 1-3.3-.7-5.2-1.6-1.6-3.9-2.3-5.2-1zm-10.8-8.1c-.7 1.3.3 2.9 2.3 3.9 1.6 1 3.6.7 4.3-.7.7-1.3-.3-2.9-2.3-3.9-2-.6-3.6-.3-4.3.7zm32.4 35.6c-1.6 1.3-1 4.3 1.3 6.2 2.3 2.3 5.2 2.6 6.5 1 1.3-1.3.7-4.3-1.3-6.2-2.2-2.3-5.2-2.6-6.5-1zm-11.4-14.7c-1.6 1-1.6 3.6 0 5.9 1.6 2.3 4.3 3.3 5.6 2.3 1.6-1.3 1.6-3.9 0-6.2-1.4-2.3-4-3.3-5.6-2z"/></svg>
</a>
</div>
</div>
</div>
</footer>
</div>
<script src="../../assets/javascripts/vendor.0ac82a11.min.js"></script>
<script src="../../assets/javascripts/bundle.f81dfb4d.min.js"></script><script id="__lang" type="application/json">{"clipboard.copy": "Copy to clipboard", "clipboard.copied": "Copied to clipboard", "search.config.lang": "en", "search.config.pipeline": "trimmer, stopWordFilter", "search.config.separator": "[\\s\\-]+", "search.placeholder": "Search", "search.result.placeholder": "Type to start searching", "search.result.none": "No matching documents", "search.result.one": "1 matching document", "search.result.other": "# matching documents", "search.result.more.one": "1 more on this page", "search.result.more.other": "# more on this page", "search.result.term.missing": "Missing"}</script>
<script>
app = initialize({
base: "../..",
features: ['navigation.tabs'],
search: Object.assign({
worker: "../../assets/javascripts/worker/search.4ac00218.min.js"
}, typeof search !== "undefined" && search)
})
</script>
</body>
</html>

12
site/posts/rewrite-hugo-themes-report-in-python/index.html
View File

@ -236,6 +236,18 @@
<li class="md-nav__item">
<a href="../lmde4-custom-partitions-disk-encryption/" class="md-nav__link">
LMDE4 Custom Partitions Disk Encryption
</a>
</li>
<li class="md-nav__item"> <li class="md-nav__item">
<a href="../linux-move-cursor-with-keyboard/" class="md-nav__link"> <a href="../linux-move-cursor-with-keyboard/" class="md-nav__link">
Linux Move Cursor With Keyboard Linux Move Cursor With Keyboard

12
site/posts/simplified-raspberry-streaming/index.html
View File

@ -236,6 +236,18 @@
<li class="md-nav__item">
<a href="../lmde4-custom-partitions-disk-encryption/" class="md-nav__link">
LMDE4 Custom Partitions Disk Encryption
</a>
</li>
<li class="md-nav__item"> <li class="md-nav__item">
<a href="../linux-move-cursor-with-keyboard/" class="md-nav__link"> <a href="../linux-move-cursor-with-keyboard/" class="md-nav__link">
Linux Move Cursor With Keyboard Linux Move Cursor With Keyboard

2
site/search/search_index.json
View File

File diff suppressed because one or more lines are too long

22
site/sitemap.xml
View File

@ -1,39 +1,43 @@
<?xml version="1.0" encoding="UTF-8"?> <?xml version="1.0" encoding="UTF-8"?>
<urlset xmlns="http://www.sitemaps.org/schemas/sitemap/0.9"><url> <urlset xmlns="http://www.sitemaps.org/schemas/sitemap/0.9"><url>
<loc>None</loc> <loc>None</loc>
<lastmod>2020-12-15</lastmod> <lastmod>2020-12-16</lastmod>
<changefreq>daily</changefreq> <changefreq>daily</changefreq>
</url><url> </url><url>
<loc>None</loc> <loc>None</loc>
<lastmod>2020-12-15</lastmod> <lastmod>2020-12-16</lastmod>
<changefreq>daily</changefreq> <changefreq>daily</changefreq>
</url><url> </url><url>
<loc>None</loc> <loc>None</loc>
<lastmod>2020-12-15</lastmod> <lastmod>2020-12-16</lastmod>
<changefreq>daily</changefreq> <changefreq>daily</changefreq>
</url><url> </url><url>
<loc>None</loc> <loc>None</loc>
<lastmod>2020-12-15</lastmod> <lastmod>2020-12-16</lastmod>
<changefreq>daily</changefreq> <changefreq>daily</changefreq>
</url><url> </url><url>
<loc>None</loc> <loc>None</loc>
<lastmod>2020-12-15</lastmod> <lastmod>2020-12-16</lastmod>
<changefreq>daily</changefreq> <changefreq>daily</changefreq>
</url><url> </url><url>
<loc>None</loc> <loc>None</loc>
<lastmod>2020-12-15</lastmod> <lastmod>2020-12-16</lastmod>
<changefreq>daily</changefreq> <changefreq>daily</changefreq>
</url><url> </url><url>
<loc>None</loc> <loc>None</loc>
<lastmod>2020-12-15</lastmod> <lastmod>2020-12-16</lastmod>
<changefreq>daily</changefreq> <changefreq>daily</changefreq>
</url><url> </url><url>
<loc>None</loc> <loc>None</loc>
<lastmod>2020-12-15</lastmod> <lastmod>2020-12-16</lastmod>
<changefreq>daily</changefreq> <changefreq>daily</changefreq>
</url><url> </url><url>
<loc>None</loc> <loc>None</loc>
<lastmod>2020-12-15</lastmod> <lastmod>2020-12-16</lastmod>
<changefreq>daily</changefreq>
</url><url>
<loc>None</loc>
<lastmod>2020-12-16</lastmod>
<changefreq>daily</changefreq> <changefreq>daily</changefreq>
</url> </url>
</urlset> </urlset>

BIN
site/sitemap.xml.gz
View File

Binary file not shown.