PINE64
full disk encryption with luks on manjaro xfce - Printable Version

+- PINE64 (https://forum.pine64.org)
+-- Forum: Pinebook Pro (https://forum.pine64.org/forumdisplay.php?fid=111)
+--- Forum: Pinebook Pro Tutorials (https://forum.pine64.org/forumdisplay.php?fid=117)
+--- Thread: full disk encryption with luks on manjaro xfce (/showthread.php?tid=9052)

Pages: 1 2 3 4 5


RE: full disk encryption with luks on manjaro xfce - Proant - 06-23-2020

(05-24-2020, 12:04 AM)e-minguez Wrote: Those errors are harmless, it cannot find some modules but that's ok.

Glad to hear it worked!

Enviado desde mi ONEPLUS A5010 mediante Tapatalk

Ok, so just to make sure I am reading this thread right..

If I want to change the default Manjaro install on my brandnew Pinebook Pro and change it with a version that has full disk encryption what I should do is:

* Boot my PBP via an SD-card that had a pre-installed live OS on it. 
* Make sure my eMMC memory in not mounted (and emptied out? How should I best do that?) 
* On the live OS install the dependencies lister here and follow the instructions for "Installing and using from Manjaro x64 repositories" using the export CRYPT option as described there. 
*  Shutdown my PBP, remove the SD, reboot and.. voila? 

Or am I misinterpreting the entire thing?


RE: full disk encryption with luks on manjaro xfce - e-minguez - 06-23-2020

(06-23-2020, 12:49 PM)Proant Wrote:
(05-24-2020, 12:04 AM)e-minguez Wrote: Those errors are harmless, it cannot find some modules but that's ok.

Glad to hear it worked!

Enviado desde mi ONEPLUS A5010 mediante Tapatalk

Ok, so just to make sure I am reading this thread right..

If I want to change the default Manjaro install on my brandnew Pinebook Pro and change it with a version that has full disk encryption what I should do is:

* Boot my PBP via an SD-card that had a pre-installed live OS on it. 
* Make sure my eMMC memory in not mounted (and emptied out? How should I best do that?) 
* On the live OS install the dependencies lister here and follow the instructions for "[url=#installing-and-using-from-manjaro-x64-repositories][/url]Installing and using from Manjaro x64 repositories" using the export CRYPT option as described there. 
*  Shutdown my PBP, remove the SD, reboot and.. voila? 

Or am I misinterpreting the entire thing?
I'm afraid it is not that easy Smile you should create a new image using the manjaro-arm-installer repo. See the instructions there.

Enviado desde mi ONEPLUS A5010 mediante Tapatalk


RE: full disk encryption with luks on manjaro xfce - JtR - 06-30-2020

Hey dear all, Smile


I happily received my PBP a few days ago. It looks more appealing and sturdy than I had thought beforehand. I really like it!  Heart


Now I'm trying to get a fully encrypted system on my eMMC, so I can start working with the PBP.

Reading a bit about the whole topic gave me the impression, that the manjaro-arm-installer could be the easiest way to get the job done, currently...



But I'd like to avoid having to buy an eMMC-USB-adapter. On the wiki, I found the following:


Quote:The script can also be run from SD to install an image to the eMMC.

What does that mean? Can I just run the script from an OS on a microSD, directly on the PBP, without having to use an x86-machine?!
If so, will an USB-based OS also work?


Also, would you recommend this way, or is there a better way to get this done (for not-so tech-savvy users Big Grin )?


RE: full disk encryption with luks on manjaro xfce - Proant - 07-03-2020

(06-23-2020, 01:12 PM)e-minguez Wrote: I'm afraid it is not that easy Smile you should create a new image using the manjaro-arm-installer repo. See the instructions there.

>> Huh, but then why does the manjaro-arm-installer repo state on its page that it consists of "Scripts for installing Manjaro ARM directly to SD/eMMC cards without the need for images", yet now you state that I do need an image?

In pseudo code steps, what does one need to do in order to get a fully-encrypted eMMC on the PBP? (I don't mind having /boot unencrypted, but the rest would be perfect).

So my guess was:

* Create a live-OS USB & boot from it
* Within the live-OS install the dependencies for the manjaro-arm-installer
* Wipe the eMMC
* On the Live OS run
Code:
sudo pacman -Syu manjaro-arm-installer

* Reboot, again into the live OS
* Run
Code:
export CRYPT="y"

sudo bash manjaro-arm-installer

A voila.. 


---

Now I understand these steps are incomplete and oversimplified, but where do I go wrong? What are the correct steps?


RE: full disk encryption with luks on manjaro xfce - Proant - 07-04-2020

Well, almost got there using the manjaro-arm-installer with the prebuilt encryption option, yet not quite there yet..

Posted an issue there.

Let's see where that leads.


RE: full disk encryption with luks on manjaro xfce - JtR - 07-05-2020

(07-04-2020, 02:31 PM)Proant Wrote: Well, almost got there using the manjaro-arm-installer with the prebuilt encryption option, yet not quite there yet..

Posted an issue there.

Let's see where that leads.

I'm also curiously following your issue, as the procedure you've posted would have been how I'd have imagined it roughly, too.
So you did indeed run the script directly on the PineBook, no more x86-machine needed? Or did you use a VM?

Would be happy if you could post exactly what you did in case you get it working... Good luck! Smile


RE: full disk encryption with luks on manjaro xfce - e-minguez - 07-06-2020

I wrote a quick & dirty howto here https://forum.manjaro.org/t/full-disk-encryption-with-luks-in-manjaro-arm-installer/139863/5?u=eminguez

AFAIK the installer is intended to be executed in a x86_64 manjaro box. The thing with the partitions is that they have the labels hardcoded, so you will have issues if you run this in a manjaro pinebook pro. HTH


RE: full disk encryption with luks on manjaro xfce - Proant - 07-08-2020

(07-06-2020, 02:12 AM)e-minguez Wrote: I wrote a quick & dirty howto here https://forum.manjaro.org/t/full-disk-encryption-with-luks-in-manjaro-arm-installer/139863/5?u=eminguez

AFAIK the installer is intended to be executed in a x86_64 manjaro box. The thing with the partitions is that they have the labels hardcoded, so you will have issues if you run this in a manjaro pinebook pro. HTH

Thnx for the how-to Smile. I have to say though that I got it working as well! A bit differently though:

* Install Manjaro Arm PBP on an SD Card
* Buy an eMMC-microSD adapter (they cost next to nothing)
* Buy a laptop-screwdriver-set if you do not have one.
* Buy a microSD to USB adapter (cost next to nothing as well)
* Remove eMMC from the PBP (sounds complicated, but really simple, just unscrew the lid and use your finger to remove the eMMC).
* Connect the eMMC to the microSD adapter
* Insert the microSD-eMMC-adapter with the eMMC attached into the microSD-USB-adapter
* Plug in the microSD-to-USB adapter in the USB slot of the PBP
* Boot the PBP via the micro-SD-Card created at step 1 (will refer to this as liveOS)
* Install the manjaro-arm-installer and all dependencies on the liveOS
* Install gparted (or any other similar tool) on the liveOS and remove all partiitions from the eMMC
* Then on the liveOS run:

Code:
sudo su
export CRYPT="y"
bash manjaro-arm-installer

(Beware > if you run the export command as a regular user and then use sudo bash to run the installer it won't work (for me at least) as the installer didn't pick up on the encryption flag)

And follow the instructions. Select the emptied eMMC as the install destination.

Ignore any errors, (I had a few but none really bit me in the end).

* Powerof > remove SD card, place eMMC back in the PBP
* Boot the PBP

Voila... the PBP will ask for your encryption password and boot after receiving it.

NB: Biggest error was that my install didn't appear to have the user account installed, only root, but I could correct that easily.


RE: full disk encryption with luks on manjaro xfce - JtR - 07-09-2020

Congrats on getting it done, Proant! Big Grin

So the installer indeed runs on ARM... interesting.
I think I'll still try it on my x86-machine, as e-minguez and others suggested it is supposed to be run from there... maybe this helps avoiding some of the errors you've encountered.

So I'll also get one of these adapters, it seems...
Any reason why, instead of using two adapters, you did not get yourself a direct eMMC-to-USB-adapter?