full disk encryption with luks on manjaro xfce
#31
(05-15-2020, 12:28 PM)Der Geist der Maschine Wrote:
(05-15-2020, 12:42 AM)e-minguez Wrote: Plug it into your pbp and profit!

I just wonder if you will continue profiting beyond kernel updates? What if a manjaro kernel update comes with a new version of extlinux.conf overwriting your custom one?
I guess I would need to be extra careful with updates... But in any case, you can always boot with an SD card and fix it (or plugging the SD card into another PC and fix it)

Enviado desde mi ONEPLUS A5010 mediante Tapatalk
#32
(05-15-2020, 12:47 PM)e-minguez Wrote:
(05-15-2020, 12:28 PM)Der Geist der Maschine Wrote:
(05-15-2020, 12:42 AM)e-minguez Wrote: Plug it into your pbp and profit!

I just wonder if you will continue profiting beyond kernel updates? What if a manjaro kernel update comes with a new version of extlinux.conf overwriting your custom one?
I guess I would need to be extra careful with updates... But in any case, you can always boot with an SD card and fix it (or plugging the SD card into another PC and fix it)

Enviado desde mi ONEPLUS A5010 mediante Tapatalk

TBH it's been a while since I used arch seriously and I'm used to Fedora/CentOS/RHEL, where rpmnew/rpmsave is the way to do the updates so I searched about the same stuff for Arch and I've found this https://wiki.archlinux.org/index.php/Pac...nd_Pacsave which I guess if any updates to mkinitcpio or extlinux are performed, the changes won't be overwritten.
#33
(05-15-2020, 12:28 PM)Der Geist der Maschine Wrote: I just wonder if you will continue profiting beyond kernel updates? What if a manjaro kernel update comes with a new version of extlinux.conf overwriting your custom one?

Don't worry, it will be saved as extlinux.conf.pacnew.
#34
(05-18-2020, 05:37 AM)as400 Wrote:
(05-15-2020, 12:28 PM)Der Geist der Maschine Wrote: I just wonder if you will continue profiting beyond kernel updates? What if a manjaro kernel update comes with a new version of extlinux.conf overwriting your custom one?

Don't worry, it will be saved as extlinux.conf.pacnew.

So, you may miss a potentially important update to extlinux.conf if you don't notice that pacnew file and manually merge it into your custom extlinux.conf file?
#35
(05-18-2020, 10:27 AM)Der Geist der Maschine Wrote: So, you may miss a potentially important update to extlinux.conf if you don't notice that pacnew file and manually merge it into your custom extlinux.conf file?


Like what exactly ?
The same way you also miss potential important update to uboot since its not automatically updated.
#36
(05-15-2020, 12:42 AM)e-minguez Wrote: The howto is very simple, you just need:
* a manjaro x86_64 VM with X (see https://gitlab.manjaro.org/manjaro-arm/a.../issues/10 for the reason behind the X requirement) with an extra disk (in my case, I've used a 8gb qcow2 empty file mapped as sata, so it is /dev/sda in the VM)
* ssh into it
* clone the https://gitlab.manjaro.org/manjaro-arm/a...-installer repo
* install the required packages (dialog and manjaro-arm-qemu-static in my case)
* apply the patch (git apply)
* run export CRYPT=y, then the installer. It will ask you user/pass/software selection/keyboard/etc. then the luks password twice (first one to create the device, the second one to mount it)

Then, power off the manjaro VM, plug a microsd into your computer and convert the qcow2 image into a raw one, then flash it to your microsd (or do it at once as qemu-img convert -f qcow2 -O raw manjaro-usb.qcow2 /dev/mmcblkX)

Plug it into your pbp and profit!

In order to resize the luks partition:

* `parted /dev/mmcblkX`, then `resizepart NUMBER END` (in my case, partition = 2, end = 125GB)
* `cryptsetup resize /dev/mapper/ROOT_MNJRO`
* `resize2fs /dev/mapper/ROOT_MNJRO`

HTH!

Edit: I've tested with the console parameter as suggested and it doesn't work, so I'll keep it that way.

Amazing, Thank you!

sidenote - If you put a bad password in, the script will happily continue. (yes, I know, I was going to change it later)

Enter passphrase for /dev/sda2:
Password quality check failed:
 The password fails the dictionary check - it is based on a dictionary word
Device /dev/sda2 is not a valid LUKS device.
Device /dev/sda2 is not a valid LUKS device.
mount: /var/tmp/manjaro-arm-installer/root: special device /dev/mapper/ROOT_MNJRO does not exist.
#37
(05-19-2020, 02:31 PM)FutureBucket Wrote:
(05-15-2020, 12:42 AM)e-minguez Wrote: The howto is very simple, you just need:
* a manjaro x86_64 VM with X (see https://gitlab.manjaro.org/manjaro-arm/a.../issues/10 for the reason behind the X requirement) with an extra disk (in my case, I've used a 8gb qcow2 empty file mapped as sata, so it is /dev/sda in the VM)
* ssh into it
* clone the https://gitlab.manjaro.org/manjaro-arm/a...-installer repo
* install the required packages (dialog and manjaro-arm-qemu-static in my case)
* apply the patch (git apply)
* run export CRYPT=y, then the installer. It will ask you user/pass/software selection/keyboard/etc. then the luks password twice (first one to create the device, the second one to mount it)

Then, power off the manjaro VM, plug a microsd into your computer and convert the qcow2 image into a raw one, then flash it to your microsd (or do it at once as qemu-img convert -f qcow2 -O raw manjaro-usb.qcow2 /dev/mmcblkX)

Plug it into your pbp and profit!

In order to resize the luks partition:

* `parted /dev/mmcblkX`, then `resizepart NUMBER END` (in my case, partition = 2, end = 125GB)
* `cryptsetup resize /dev/mapper/ROOT_MNJRO`
* `resize2fs /dev/mapper/ROOT_MNJRO`

HTH!

Edit: I've tested with the console parameter as suggested and it doesn't work, so I'll keep it that way.

Amazing, Thank you!

sidenote - If you put a bad password in, the script will happily continue. (yes, I know, I was going to change it later)

Enter passphrase for /dev/sda2:
Password quality check failed:
 The password fails the dictionary check - it is based on a dictionary word
Device /dev/sda2 is not a valid LUKS device.
Device /dev/sda2 is not a valid LUKS device.
mount: /var/tmp/manjaro-arm-installer/root: special device /dev/mapper/ROOT_MNJRO does not exist.
Yes, the script is not super robust but I don't wanted to overengineer it without knowing if it is going to be merged or just rejected.

Enviado desde mi ONEPLUS A5010 mediante Tapatalk
#38
It's been merged! https://gitlab.manjaro.org/manjaro-arm/a...-installer

Any volunteers to give it a try (besides myself)?

Enviado desde mi ONEPLUS A5010 mediante Tapatalk
#39
(05-21-2020, 12:57 AM)e-minguez Wrote: It's been merged! https://gitlab.manjaro.org/manjaro-arm/a...-installer

Any volunteers to give it a try (besides myself)?

Enviado desde mi ONEPLUS A5010 mediante Tapatalk

k, I'll give it a go. Here's what I did.

I used kvm/virsh to install a fresh manjaro-xfce-20.0.1, Added an SD card as the second disk (directly passed /dev/sdb though).

started ssh and sshed into it.

pacman -S git vim

pacman -S dialog manjaro-arm-qemu-static

git clone https://gitlab.manjaro.org/manjaro-arm/a...taller.git

vim ./manjaro-arm-installer/manjaro-arm-installer

Line 491 was changed. my disk is /dev/vdb and the script didn't support it.
Code:
if [[ "$SDTYP" = "vd" ]]; then
        SDDEV=""
elif [[ "$SDTYP" = "mm" ]]; then
        SDDEV="p"
else
        clear
        exit 1
fi


export CRYPT=y ; ./manjaro-arm-installer/manjaro-arm-installer

pbpro, xfce, etc, etc, etc,. It prompts for luks password twice. Downloads aarch64 stuff. etc.

I kind of watched it. it took about an hour or so and got the following errors (that I noticed)


Quote:==> Starting build: 5.6.0-2-MANJARO-ARM
  -> Running build hook: [base]
  -> Running build hook: [udev]
  -> Running build hook: [keyboard]
  -> Running build hook: [autodetect]
  -> Running build hook: [keymap]
  -> Running build hook: [modconf]
  -> Running build hook: [block]
  -> Running build hook: [encrypt]
  -> Running build hook: [lvm2]
  -> Running build hook: [filesystems]
  -> Running build hook: [fsck]
==> ERROR: module not found: `icp'
==> ERROR: module not found: `spl'
==> Generating module dependencies
==> Creating uncompressed initcpio image: /boot/initramfs-linux.img
==> WARNING: errors were encountered during the build. The image may not be complete.
error: command failed to execute correctly
  -> Cleaning install for unwanted files...
==> pbpro xfce install complete
==> Writing bootloader and cleaning up after install...


powered off the VM, put the SD card into my PBP and.... it used the SD boot partition to load the eMMC root partition.Cool but not what I wanted.


so I zeroed the first ~1G of my eMMC, rebooted and très bien!! it worked!

You're the best! thanks!
#40
Those errors are harmless, it cannot find some modules but that's ok.

Glad to hear it worked!

Enviado desde mi ONEPLUS A5010 mediante Tapatalk


Possibly Related Threads…
Thread Author Replies Views Last Post
  Building PPSSPP with Manjaro AUR LivingLinux 0 1,470 06-11-2022, 05:07 PM
Last Post: LivingLinux
  How to update Manjaro to 20.10 pineitup 8 15,178 07-31-2021, 04:44 AM
Last Post: jiyong
  Make your own Manjaro image flatulent_piney 0 3,581 11-07-2020, 03:30 AM
Last Post: flatulent_piney
  Manjaro ARM, Cryptomator, and MEGA Sync dp1kinobe 3 7,886 10-24-2020, 06:38 AM
Last Post: pineitup
  Downgrading packages on Manjaro ARM (on the example of boinc) wrzomar 0 3,723 10-02-2020, 12:20 PM
Last Post: wrzomar
  Freepascal FPC3.20 and Lazarus IDE on Manjaro KDE dieselnutjob 0 3,152 08-02-2020, 06:57 AM
Last Post: dieselnutjob
  Installing WPS Office on Manjaro brent.thierens 5 10,706 07-13-2020, 03:13 AM
Last Post: brent.thierens
  kernel build script for latest mainline manjaro kernel xmixahlx 42 64,495 07-11-2020, 09:01 PM
Last Post: xmixahlx
  Is there a MMC upgrade instruction from debian-mate to manjaro factory (20.06)? pljanson 4 8,869 06-23-2020, 12:41 AM
Last Post: pljanson
  How to boot Manjaro from NVME with uboot on eMMC as400 47 64,068 06-07-2020, 02:37 AM
Last Post: as400

Forum Jump:


Users browsing this thread: 2 Guest(s)