full disk encryption with luks on manjaro xfce - Printable Version +- PINE64 (https://forum.pine64.org) +-- Forum: Pinebook Pro (https://forum.pine64.org/forumdisplay.php?fid=111) +--- Forum: Pinebook Pro Tutorials (https://forum.pine64.org/forumdisplay.php?fid=117) +--- Thread: full disk encryption with luks on manjaro xfce (/showthread.php?tid=9052) |
RE: full disk encryption with luks on manjaro xfce - FutureBucket - 05-13-2020 (05-13-2020, 09:54 AM)e-minguez Wrote:(05-13-2020, 03:49 AM)as400 Wrote: Here is how I'm generating initcpio with dracut. I have bootfs unencrypted and rootfs encrypted. I use nvme drive. Everything works just fine. I don't have any suggestions because when I tried, I was stuck at the same point you are. I just wanted to say thank you for your work on this! I'm watching your progress and I'm hopeful you get it. I'll give it a try this weekend again and see how far I get. I'll post if I get anywhere. I'm not using my PBP because I cant get FDE working. RE: full disk encryption with luks on manjaro xfce - e-minguez - 05-13-2020 (05-13-2020, 12:20 PM)FutureBucket Wrote:Thanks! To me FDE is a must. I've used the Debian installer approach successfully and I'm starting to think if I should move back to Debian...(05-13-2020, 09:54 AM)e-minguez Wrote:(05-13-2020, 03:49 AM)as400 Wrote: Here is how I'm generating initcpio with dracut. I have bootfs unencrypted and rootfs encrypted. I use nvme drive. Everything works just fine. Enviado desde mi ONEPLUS A5010 mediante Tapatalk RE: full disk encryption with luks on manjaro xfce - as400 - 05-14-2020 (05-13-2020, 09:54 AM)e-minguez Wrote: I've used a slightly modified version (removed the -H and used the same name that mkinitcpio uses for the initrd file) because the manjaro-arm-installer is using a chroot. No luck either same blinking cursor. It's crazy. Do you have console=tty1 in your extlinux.conf ? RE: full disk encryption with luks on manjaro xfce - e-minguez - 05-14-2020 (05-14-2020, 02:01 AM)as400 Wrote:(05-13-2020, 09:54 AM)e-minguez Wrote: I've used a slightly modified version (removed the -H and used the same name that mkinitcpio uses for the initrd file) because the manjaro-arm-installer is using a chroot. No luck either same blinking cursor. The extlinux.conf is generated and it looks like: Code: LABEL Manjaro ARM Dracut is executed (in a chroot with systemd-nspawn) as: Code: dracut --force -a "crypt lvm drm" \ RE: full disk encryption with luks on manjaro xfce - as400 - 05-14-2020 OK, I would try to remove this "bootsplash.bootfile=bootsplash-themes/manjaro/bootsplash" and this "console=ttyS2,1500000" and then try. RE: full disk encryption with luks on manjaro xfce - e-minguez - 05-14-2020 (05-14-2020, 05:33 AM)as400 Wrote: OK, I would try to remove this "bootsplash.bootfile=bootsplash-themes/manjaro/bootsplash" and this "console=ttyS2,1500000" and then try. Done and now I can finally see things! I'm going to go back to mkinitcpio route without the bootsplash stuff. See attached for the dracut status now (stopped at 'Starting dracut initqueue hook...') RE: full disk encryption with luks on manjaro xfce - e-minguez - 05-14-2020 I got it working with mkinitcpio after removing both the bootsplash and the console=ttyS2 stuff \o/ I'm going to try to clean up the code a bit, try to just modify the HOOKS in mkinitcpio.conf (to be able to be 'generic' and to work for other devices) and then I will submit a PR to the manjaro repo. Thanks @as400 for your help! Edit: No luck with just modifying the HOOKS section (black screen), so I guess that for every device, a list of modules needs to be provided. Edit2: The patch is available here https://gist.github.com/e-minguez/5287bc266df29d418d8b2b21248b8405 let's see if they merge it, meanwhile, I'm happy to have it working on my pbp \o/ RE: full disk encryption with luks on manjaro xfce - as400 - 05-15-2020 @e-minguez great news. It would be fantastic if they merge your patch. Even on x86 installer you can't get encryption easily with Manjaro. Now it's time for you to write a proper HOWTO Edit: I would also try to restore "console=ttyS2,1500000" and see if everything still works. It should in my opinion. RE: full disk encryption with luks on manjaro xfce - e-minguez - 05-15-2020 (05-15-2020, 12:05 AM)as400 Wrote: @e-minguez great news. The howto is very simple, you just need: * a manjaro x86_64 VM with X (see https://gitlab.manjaro.org/manjaro-arm/applications/manjaro-arm-installer/-/issues/10 for the reason behind the X requirement) with an extra disk (in my case, I've used a 8gb qcow2 empty file mapped as sata, so it is /dev/sda in the VM) * ssh into it * clone the https://gitlab.manjaro.org/manjaro-arm/applications/manjaro-arm-installer repo * install the required packages (dialog and manjaro-arm-qemu-static in my case) * apply the patch (git apply) * run export CRYPT=y, then the installer. It will ask you user/pass/software selection/keyboard/etc. then the luks password twice (first one to create the device, the second one to mount it) Then, power off the manjaro VM, plug a microsd into your computer and convert the qcow2 image into a raw one, then flash it to your microsd (or do it at once as qemu-img convert -f qcow2 -O raw manjaro-usb.qcow2 /dev/mmcblkX) Plug it into your pbp and profit! In order to resize the luks partition: * `parted /dev/mmcblkX`, then `resizepart NUMBER END` (in my case, partition = 2, end = 125GB) * `cryptsetup resize /dev/mapper/ROOT_MNJRO` * `resize2fs /dev/mapper/ROOT_MNJRO` HTH! Edit: I've tested with the console parameter as suggested and it doesn't work, so I'll keep it that way. RE: full disk encryption with luks on manjaro xfce - Der Geist der Maschine - 05-15-2020 (05-15-2020, 12:42 AM)e-minguez Wrote: Plug it into your pbp and profit! I just wonder if you will continue profiting beyond kernel updates? What if a manjaro kernel update comes with a new version of extlinux.conf overwriting your custom one? |