💾 Archived View for mkl-wlod.srht.site › notes › encrypted-arch.gmi captured on 2023-05-24 at 17:41:54. Gemini links have been rewritten to link to archived content
⬅️ Previous capture (2022-03-01)
-=-=-=-=-=-=-
-` .o+` `ooo/ `+oooo: `+oooooo: -+oooooo+: `/:-:++oooo+: `/++++/+++++++: `/++++++++++++++: `/+++ooooooooooooo/` ./ooosssso++osssssso+` .oossssso-````/ossssss+` -osssssso. :ssssssso. :osssssss/ osssso+++. /ossssssss/ +ssssooo/- `/ossssso+/:- -:/+osssso+- `+sso+:-` `.-/+oso: `++:. `-/+/ .` `
Encrypted Arch Linux root partition install`
Setup Luks
Create encryption to root partition
$ cryptsetup -y -v luksFormat /dev/sdxY
Dont't forget about confirm by CAPITAL LETTERS
Open encrypted partition
$ cryptsetup open /dev/sdxY cryptroot
Create file system to root partition
$ mkfs.ext4 /dev/mapper/cryptroot
Mount root partition
$ mount /dev/mapper/cryptroot /mnt
Mount boot partition into /mnt/boot or /mnt/efi i recommand first one
$ mount /dev/sdxZ /mnt/boot
$ pacstrap /mnt base base-devel linux-lts linux-firmware vis
Edit
and add encrypt, can be placed between after udev.
$ vim /etc/mkinitcpio.conf
mkinitcpio lts
$ mkinitcpio -p linux-lts
Generate fstab
$ genfstab -U /mnt >> /mnt/etc/fstab
$ efibootmgr --disk /dev/sda --part 1 --create --label "Arch" --loader /vmlinuz-linux-lts --unicode 'cryptdevice=/dev/sda3:cryptroot root=/dev/mapper/cryptroot resume=/dev/sda2 rw initrd=\initramfs-linux-lts.img'
Add etry to boot loader (systemd)
Install boot loader bootctl install
Configure boot loader
Edit /boot/loader/loader.conf and add value
timeout 3 default arch
Create boot entry in /boot/loader/entries/entry
title Arch linux /vmlinuz-linux-lts initrd /initramfs-linux-lts.img options rw cryptdevice=UUID-XXXXXX-xxxx:cryptroot root=/dev/mapper/cryptroot
Edit kernel parameters and add resume to hooks and place after udev and encrypt