You are not logged in.
Pages: 1
I have succesfully made a fully encrypted devuan instalation , with LVM . Basically , /boot is moved from it's own partition into a folder in / . No biggie .
This was done following steps in this article ;
https://dustymabe.com/2015/07/06/encryp … the-party/
The only step that differs from that tutorial is ;
cp -a /boot/.vmlinuz-* /mnt/boot/
(I guess that fedora has a dot infront of vmlinuz , or it was a typo)
anyways , fsmitherd told me to finish this up , so here it goes .
I have installed devuan 1 and 2 with these exact steps .
Firstly , install with standard encrypted LVM .
Then we need to copy the files from /boot partition to the /boot directory in the root filesystem ;
(I am guessing it's needles to say, but I'll point out that everything is done as root)
mount --bind / /mnt/
cp -a /boot/* /mnt/boot/
cp -a /boot/vmlinuz-* /mnt/boot/
cp -a /boot/.vmlinuz-* /mnt/boot/
diff -ur /boot/ /mnt/boot/
This copied the files over and verified the contents matched. Next , we unmount the partition and remove the mount from /etc/fstab ;
umount /mnt
umount /boot
sed -i -e '/\/boot/d' /etc/fstab
After that , we need to write new grub.cfg that loads the appropriate modules for loading from the encrypted disk ;
cp /boot/grub2/grub.cfg /boot/grub2/grub.cfg.backup
cp /boot/grub/grub.cfg /boot/grub/grub.cfg.backup
grub-mkconfig > /boot/grub/grub.cfg
And finally we need to reinstall the GRUB bootloader with GRUB_ENABLE_CRYPTODISK=y set in /etc/default/grub:
echo GRUB_ENABLE_CRYPTODISK=y >> /etc/default/grub
grub-install /dev/sda
and , of course ;
reboot
If everything went well , you should now have your devuan booting from / , wich is to say that /boot partition is needles at this point . Just to make sure a malicious party can't figura anything from the files left in /boot partition , I'd recomend formating it .
At the moment I am planing to put quemu in that 256 mb space , so that I can run my installation in a vm on windows . but that's another topic .
cheers
Pages: 1