full disk encryption with luks on manjaro xfce
#31
(05-15-2020, 12:28 PM)Der Geist der Maschine Wrote:
(05-15-2020, 12:42 AM)e-minguez Wrote: Plug it into your pbp and profit!

I just wonder if you will continue profiting beyond kernel updates? What if a manjaro kernel update comes with a new version of extlinux.conf overwriting your custom one?
I guess I would need to be extra careful with updates... But in any case, you can always boot with an SD card and fix it (or plugging the SD card into another PC and fix it)

Enviado desde mi ONEPLUS A5010 mediante Tapatalk
  Reply
#32
(05-15-2020, 12:47 PM)e-minguez Wrote:
(05-15-2020, 12:28 PM)Der Geist der Maschine Wrote:
(05-15-2020, 12:42 AM)e-minguez Wrote: Plug it into your pbp and profit!

I just wonder if you will continue profiting beyond kernel updates? What if a manjaro kernel update comes with a new version of extlinux.conf overwriting your custom one?
I guess I would need to be extra careful with updates... But in any case, you can always boot with an SD card and fix it (or plugging the SD card into another PC and fix it)

Enviado desde mi ONEPLUS A5010 mediante Tapatalk

TBH it's been a while since I used arch seriously and I'm used to Fedora/CentOS/RHEL, where rpmnew/rpmsave is the way to do the updates so I searched about the same stuff for Arch and I've found this https://wiki.archlinux.org/index.php/Pac...nd_Pacsave which I guess if any updates to mkinitcpio or extlinux are performed, the changes won't be overwritten.
  Reply
#33
(05-15-2020, 12:28 PM)Der Geist der Maschine Wrote: I just wonder if you will continue profiting beyond kernel updates? What if a manjaro kernel update comes with a new version of extlinux.conf overwriting your custom one?

Don't worry, it will be saved as extlinux.conf.pacnew.
  Reply
#34
(05-18-2020, 05:37 AM)as400 Wrote:
(05-15-2020, 12:28 PM)Der Geist der Maschine Wrote: I just wonder if you will continue profiting beyond kernel updates? What if a manjaro kernel update comes with a new version of extlinux.conf overwriting your custom one?

Don't worry, it will be saved as extlinux.conf.pacnew.

So, you may miss a potentially important update to extlinux.conf if you don't notice that pacnew file and manually merge it into your custom extlinux.conf file?
  Reply
#35
(05-18-2020, 10:27 AM)Der Geist der Maschine Wrote: So, you may miss a potentially important update to extlinux.conf if you don't notice that pacnew file and manually merge it into your custom extlinux.conf file?


Like what exactly ?
The same way you also miss potential important update to uboot since its not automatically updated.
  Reply
#36
(05-15-2020, 12:42 AM)e-minguez Wrote: The howto is very simple, you just need:
* a manjaro x86_64 VM with X (see https://gitlab.manjaro.org/manjaro-arm/a.../issues/10 for the reason behind the X requirement) with an extra disk (in my case, I've used a 8gb qcow2 empty file mapped as sata, so it is /dev/sda in the VM)
* ssh into it
* clone the https://gitlab.manjaro.org/manjaro-arm/a...-installer repo
* install the required packages (dialog and manjaro-arm-qemu-static in my case)
* apply the patch (git apply)
* run export CRYPT=y, then the installer. It will ask you user/pass/software selection/keyboard/etc. then the luks password twice (first one to create the device, the second one to mount it)

Then, power off the manjaro VM, plug a microsd into your computer and convert the qcow2 image into a raw one, then flash it to your microsd (or do it at once as qemu-img convert -f qcow2 -O raw manjaro-usb.qcow2 /dev/mmcblkX)

Plug it into your pbp and profit!

In order to resize the luks partition:

* `parted /dev/mmcblkX`, then `resizepart NUMBER END` (in my case, partition = 2, end = 125GB)
* `cryptsetup resize /dev/mapper/ROOT_MNJRO`
* `resize2fs /dev/mapper/ROOT_MNJRO`

HTH!

Edit: I've tested with the console parameter as suggested and it doesn't work, so I'll keep it that way.

Amazing, Thank you!

sidenote - If you put a bad password in, the script will happily continue. (yes, I know, I was going to change it later)

Enter passphrase for /dev/sda2:
Password quality check failed:
 The password fails the dictionary check - it is based on a dictionary word
Device /dev/sda2 is not a valid LUKS device.
Device /dev/sda2 is not a valid LUKS device.
mount: /var/tmp/manjaro-arm-installer/root: special device /dev/mapper/ROOT_MNJRO does not exist.
  Reply
#37
(05-19-2020, 02:31 PM)FutureBucket Wrote:
(05-15-2020, 12:42 AM)e-minguez Wrote: The howto is very simple, you just need:
* a manjaro x86_64 VM with X (see https://gitlab.manjaro.org/manjaro-arm/a.../issues/10 for the reason behind the X requirement) with an extra disk (in my case, I've used a 8gb qcow2 empty file mapped as sata, so it is /dev/sda in the VM)
* ssh into it
* clone the https://gitlab.manjaro.org/manjaro-arm/a...-installer repo
* install the required packages (dialog and manjaro-arm-qemu-static in my case)
* apply the patch (git apply)
* run export CRYPT=y, then the installer. It will ask you user/pass/software selection/keyboard/etc. then the luks password twice (first one to create the device, the second one to mount it)

Then, power off the manjaro VM, plug a microsd into your computer and convert the qcow2 image into a raw one, then flash it to your microsd (or do it at once as qemu-img convert -f qcow2 -O raw manjaro-usb.qcow2 /dev/mmcblkX)

Plug it into your pbp and profit!

In order to resize the luks partition:

* `parted /dev/mmcblkX`, then `resizepart NUMBER END` (in my case, partition = 2, end = 125GB)
* `cryptsetup resize /dev/mapper/ROOT_MNJRO`
* `resize2fs /dev/mapper/ROOT_MNJRO`

HTH!

Edit: I've tested with the console parameter as suggested and it doesn't work, so I'll keep it that way.

Amazing, Thank you!

sidenote - If you put a bad password in, the script will happily continue. (yes, I know, I was going to change it later)

Enter passphrase for /dev/sda2:
Password quality check failed:
 The password fails the dictionary check - it is based on a dictionary word
Device /dev/sda2 is not a valid LUKS device.
Device /dev/sda2 is not a valid LUKS device.
mount: /var/tmp/manjaro-arm-installer/root: special device /dev/mapper/ROOT_MNJRO does not exist.
Yes, the script is not super robust but I don't wanted to overengineer it without knowing if it is going to be merged or just rejected.

Enviado desde mi ONEPLUS A5010 mediante Tapatalk
  Reply
#38
It's been merged! https://gitlab.manjaro.org/manjaro-arm/a...-installer

Any volunteers to give it a try (besides myself)?

Enviado desde mi ONEPLUS A5010 mediante Tapatalk
  Reply
#39
(05-21-2020, 12:57 AM)e-minguez Wrote: It's been merged! https://gitlab.manjaro.org/manjaro-arm/a...-installer

Any volunteers to give it a try (besides myself)?

Enviado desde mi ONEPLUS A5010 mediante Tapatalk

k, I'll give it a go. Here's what I did.

I used kvm/virsh to install a fresh manjaro-xfce-20.0.1, Added an SD card as the second disk (directly passed /dev/sdb though).

started ssh and sshed into it.

pacman -S git vim

pacman -S dialog manjaro-arm-qemu-static

git clone https://gitlab.manjaro.org/manjaro-arm/a...taller.git

vim ./manjaro-arm-installer/manjaro-arm-installer

Line 491 was changed. my disk is /dev/vdb and the script didn't support it.
Code:
if [[ "$SDTYP" = "vd" ]]; then
        SDDEV=""
elif [[ "$SDTYP" = "mm" ]]; then
        SDDEV="p"
else
        clear
        exit 1
fi


export CRYPT=y ; ./manjaro-arm-installer/manjaro-arm-installer

pbpro, xfce, etc, etc, etc,. It prompts for luks password twice. Downloads aarch64 stuff. etc.

I kind of watched it. it took about an hour or so and got the following errors (that I noticed)


Quote:==> Starting build: 5.6.0-2-MANJARO-ARM
  -> Running build hook: [base]
  -> Running build hook: [udev]
  -> Running build hook: [keyboard]
  -> Running build hook: [autodetect]
  -> Running build hook: [keymap]
  -> Running build hook: [modconf]
  -> Running build hook: [block]
  -> Running build hook: [encrypt]
  -> Running build hook: [lvm2]
  -> Running build hook: [filesystems]
  -> Running build hook: [fsck]
==> ERROR: module not found: `icp'
==> ERROR: module not found: `spl'
==> Generating module dependencies
==> Creating uncompressed initcpio image: /boot/initramfs-linux.img
==> WARNING: errors were encountered during the build. The image may not be complete.
error: command failed to execute correctly
  -> Cleaning install for unwanted files...
==> pbpro xfce install complete
==> Writing bootloader and cleaning up after install...


powered off the VM, put the SD card into my PBP and.... it used the SD boot partition to load the eMMC root partition.Cool but not what I wanted.


so I zeroed the first ~1G of my eMMC, rebooted and très bien!! it worked!

You're the best! thanks!
  Reply
#40
Those errors are harmless, it cannot find some modules but that's ok.

Glad to hear it worked!

Enviado desde mi ONEPLUS A5010 mediante Tapatalk
  Reply


Possibly Related Threads...
Thread Author Replies Views Last Post
  Instructions for Installing VS Code on Manjaro clover 4 682 05-23-2020, 07:54 AM
Last Post: e-minguez
  kernel build script for latest mainline manjaro kernel xmixahlx 20 1,749 05-16-2020, 06:20 PM
Last Post: xmixahlx
  QGroundcontrol on Manjaro chaoskampf 0 92 04-06-2020, 05:12 PM
Last Post: chaoskampf
  How to boot Manjaro from NVME with uboot on eMMC as400 43 2,178 03-28-2020, 10:26 AM
Last Post: stoelpi
  Installing WPS Office on Manjaro brent.thierens 0 213 03-08-2020, 09:47 AM
Last Post: brent.thierens
  How to get kernel boot messages on screen on Manjaro as400 2 254 01-23-2020, 04:35 PM
Last Post: as400
  Manjaro XFCE: Enable Natural Scrolling (Reverse scrolling direction) kiddailey 0 237 01-22-2020, 08:10 PM
Last Post: kiddailey
Music working play/pause media keys in Manjaro KDE clover 0 205 01-14-2020, 06:46 PM
Last Post: clover
  Adjust brightness of backlight i3w-Manjaro Gerhard 0 199 01-05-2020, 04:06 PM
Last Post: Gerhard
  i3blocks Manjaro battery status script Gerhard 0 265 01-05-2020, 02:35 PM
Last Post: Gerhard

Forum Jump:


Users browsing this thread: 1 Guest(s)