logo

drewdevault.com

[mirror] blog and personal website of Drew DeVault git clone https://hacktivis.me/git/mirror/drewdevault.com.git

Arch-Linux-with-full-disk-encryption-in-15-minutes.md (3180B)

    

  1. ---
  2. date: 2016-08-18
  3. # vim: tw=80
  4. title: '[VIDEO] Arch Linux with full disk encryption in (about) 15 minutes'
  5. layout: post
  6. tags: [video, linux, encryption]
  7. ---
  9. <link rel="stylesheet" href="/css/video-js.css">
  10. <script>
  11. window.HELP_IMPROVE_VIDEOJS = false;
  12. </script>
  13. <script src="/js/video.js"></script>
  15. After my [blog post](/2016/06/29/Privacy-as-a-hobby.html) emphasizing the
  16. importance of taking control of your privacy, I've decided to make a few more
  17. posts going over detailed instructions on how to actually do so. Today we have a
  18. video that goes over the process of installing Arch Linux with full disk
  19. encryption.
  21. This is my first go at publishing videos on my blog, so please provide some
  22. feedback in the comments of this article. I'd prefer to use my blog instead of
  23. YouTube for publishing technical videos, since it's all open source, ad-free,
  24. and DRM-free. Let me know if you'd like to see more content like this on my
  25. blog and which topics you'd like covered - I intend to at least release another
  26. video going over this process for Ubuntu as well.
  28. <video class="video-js vjs-16-9" data-setup="{}" controls>
  29.   <source src="https://sr.ht/archlinux.webm" type="video/webm">
  30.   <p>Your browser does not support HTML5 video.</p>
  31. </video>
  33. <a class="pull-right" href="https://sr.ht/archlinux.webm">Download video (WEBM)</a>
  35. <div class="clearfix"></div>
  37. The video goes into detail on each of these steps, but here's the high level
  38. overview of how to do this. Always check the latest version of the [Install
  39. Guide](https://wiki.archlinux.org/index.php/Installation_guide) and the
  40. [dm-crypt](https://wiki.archlinux.org/index.php/Dm-crypt) page on the Arch Wiki
  41. for the latest procedure.
  43. 1. Partition your disks with gdisk and be sure to set aside a partition for
  44.    /boot
  45. 1. Create a filesystem on /boot
  46. 1. (optional) Securely erase all of the existing data on your disks with `dd
  47.    if=/dev/zero of=/dev/sdXY bs=4096` - *note: this is a correction from the
  48.    command mentioned in the video*
  49. 1. Set up encryption for your encrypted partitions with `cryptsetup luksFormat
  50.    /dev/sdXX`
  51. 1. Open the encrypted volumes with `cryptsetup open /dev/sdXX [name]`
  52. 1. Create filesystems on /dev/mapper/[names]
  53. 1. Mount all of the filesystems on /mnt
  54. 1. Perform the base install with `pacstrap /mnt base [extra packages...]`
  55. 1. `genfstab -p /mnt >> /mnt/etc/fstab`
  56. 1. `arch-chroot /mnt /usr/bin/bash`
  57. 1. `ln -s /usr/share/zoneinfo/[region]/[zone] /etc/localtime`
  58. 1. `hwclock --systohc --utc`
  59. 1. Edit /etc/locale.gen to your liking and run `locale-gen`
  60. 1. `locale > /etc/locale.conf` - note this only works for en_US users, adjust if
  61.    necessary
  62. 1. Edit /etc/hostname to your liking
  63. 1. Reconfigure the network
  64. 1. Edit /etc/mkinitcpio.conf and ensure that the `keyboard` and `encrypt` hooks
  65.    run before the `filesystems` hook
  66. 1. `mkinitcpio -p linux`
  67. 1. Set the root password with `passwd`
  68. 1. Configure /etc/crypttab with any non-root encrypted disks you need. You can
  69.    get partition UUIDs with `ls -l /dev/disk/by-partuuid`
  70. 1. Configure your kernel command line to include
  71.    `cryptdevice=PARTUUID=[...]:[name] root=/dev/mapper/[name] rw`
  72. 1. Install your bootloader and reboot!