Jump to content

aarcane

Members
  • Content count

    10
  • Joined

  • Last visited

Community Reputation

2 Neutral

About aarcane

  • Rank
    Member
  1. aarcane

    Please make Bodhi Linux Open Source

    Where is this repo, and does it include the .dsc files for various bodhi packages? I'm looking to rebuild a few packages with minor modification here in the near future.
  2. I'm going to throw in a vote for aterm or urxvt instead.
  3. Intro A common request for any laptop user is to have their entire system stored encrypted to prevent tampering or snooping in the case of theft or seizure. As bodhilinux grows in popularity, more and more people are looking for an encrypted root solution for the popular enlightenment based distro. Below is a quick-fix version of how to get bodhilinux to install on encrypted root. I'll make a few basic assumptions, and go from there. First and foremost, I assume you have enough RAM that you don't need swap. Adding swap is trivial, so if you want to modify the instructions to include swap space, it's simple to do so. secondly, I'll assume you want a fairly modest setup. What we're configuring here is a simple setup with 8GB for root, and 20GB for a home partition on LVM. There's another operating system on sda1. Windows in my case, but it can be anything or nothing. You can adjust these to suit your needs. Finally, with the default settings we use here, Hibernation will not work. Suspend should work just as before. that is: if it works normally, it'll work with encrypted root. if it doesn't, it won't. One last assumption I make is that you don't need to know the details here. I'll post the core steps to follow, and the sources I used to figure them out. If you want to vary from it, or if you want to understand what's going on, please feel free to go to the sources I link here. Everything is explained in great detail in the sources. Enjoy! Sources Ubuntu aes xts plain64 Ubuntu Encrypted Filesystem LVM Howto Instructions Boot Bodhi Linux! it shouldn't matter how you boot. Just get into the live desktop with the "Install Bodhi Linux!" icon at your disposal and have at! Get connected to the internet! You have to be connected to the internet, we need to install a few packages. You may need to open a terminal and run the following command to get connected nm-applet& [*]Open a terminal, we'll be doing command line stuff! [*]The first scary step, partitioning! I'll assume you have space available on your disk to add partitions. I'll assume that they show up as sda2 and sda3. If you need to resize your hard drive, you can find a howto elsewhere sudo parted /dev/sda unit MiB print Number Start End Size Type File system Flags 1 0.03MiB 122880MiB 122880MiB primary Notice the "end" value, we want to add 128 to that. mkpart primary 122880Mib 123008MiB mkpart primary 123008MiB -1MiB print quit Number Start End Size Type File system Flags 1 0.03MiB 122880MiB 122880MiB primary 2 122880MiB 123008MiB 128MiB primary 3 123008MiB 245760MiB 122752MiB primary We have a partition of 128MiB for /boot and a second partition that will become our encrypted root. [*]Check our volume and fill it with random data sudo /sbin/badblocks -c 10240 -s -w -t random -v /dev/sda3 [*]While 5 is running, we can go ahead and install some software we need Open another terminal and run the following commands, then go get yourself something to eat. This takes over an hour on a 120GiB partition. sudo aptitude update sudo aptitude -y install cryptsetup lvm2 sudo modprobe aes-i586 sudo modprobe dm-crypt sudo modprobe dm-mod [*]Encrypt your drive. Once the above badblocks process finishes, you can continue. Run the following commands to create your encrypted volume sudo cryptsetup luksFormat -c aes-xts-plain64 -s 512 -h sha512 /dev/sda3 cryptsetup luksOpen /dev/sda3/ pvname You can change pvname to anything you want. Remember it, you'll need it later. [*]Create your LVM PV, VG, and some LVs sudo pvcreate /dev/mapper/pvname sudo vgcreate vgname /dev/mapper/pvname sudo lvcreate -n root -L 8G vgname sudo lvcreate -n home -L 20G vgname You now have some volumes in /dev/pvname/ that correspond to your lvs above. [*]Lets create some filesystems on the block devices and our /boot filesystem cd /dev/pvname/ for i in $(ls); do sudo mkfs.ext4 -L $i $i; done; sudo mkfs.ext4 -L boot /dev/sda2; [*]Unmount your new filesystems Bodhi linux mounts filesystems sometimes by default. We can unmount them just to be sure cd /media/ for i in $(ls); do umount $i; done; [*]Install bodhi Linux! Start the installer as normal Select each of the filesystems we created. Be sure to chose /dev/sda2 as /boot , /dev/vgname/root as / , and /dev/vgname/home as /home . Don't format the volumes, just select the filesystems we created earlier. Once the installation is done, continue testing bodhilinux. [*]Configure encrypted root We've created our encrypted filesystems, and we've installed bodhilinux, but if we restart now, things will fail miserably. There are a few things to configure first. run sudo blkid; and identify the UUID for /dev/sda3, our encrypted volume. Save that for later. chroot into the new environment sudo mount /dev/vgname/root /mnt sudo mount /dev/vgname/home /mnt/home # Any other filesystems you have mount here. sudo mount /dev/sda2 /mnt/boot sudo mount --bind /dev /mnt/dev sudo mount -t devpts devpts /mnt/dev/pts sudo mount -t sysfs sysfs /mnt/sys sudo mount -t proc proc /mnt/proc sudo chroot /mnt/ /bin/bash We need to place that entry in two different places edit /etc/crypttab and put the following contents in it pvname UUID=[that UUID you found using blkid] none luks,retry=1 now save the file and edit another, /etc/initramfs-tools/conf.d/cryptroot CRYPTOPTS=target=lvname,source=UUID=[that UUID you found using blkid],lvm=vgname-root Finally, we need to update some settings, and everything should work! update-initramfs -c -k all; update-grub2; exit; [*]Reboot! Everything should be configured now, and ready to go. If you follow this guide and have any problems, post them here. I just did this two days ago, so I may have made a mistake. I'll correct it promptly! [*]The password prompt doesn't show up. Bodhi Linux boot pauses at one point, and the logo moves to the upper left corner. If you press F12, you'll see the prompt. You can enter the password without hitting F12. Hitting F12 populates the Password prompt with characters, so clear them before you enter your password. [*]Enjoy! If this is useful, post something here, and hopefully we can get a native encrypted root installer working soon if enough people want it!
  4. aarcane

    Installation on a fully encrypted LVM

    I added a few comments down on the bottom. It's probably an issue with the cryptroot file. It's not generated automatically for some reason on bodhilinux. ubuntu usually generates it by default, so it's a little strange.
  5. aarcane

    Installation on a fully encrypted LVM

    Just follow the guides on this thread: http://forums.bodhilinux.com/index.php?/topic/6297-install-bodhi-linux-201-in-encrypted-lvm
  6. aarcane

    Install Bodhi Linux 2.0.1 in encrypted LVM

    So I just verified that everything works on actual hardware. The following files needed to be modified manually post install: /etc/crypttab pvname UUID=d6c3...48 none luks,retry=1 /etc/initramfs-tools/conf.d/cryptroot CRYPTROOT=target=pvname,source=UUID=d6c3...48 these are the exact versions of the files on my system. Yours will vary of course slightly. The rest is exactly what is in the guides above. be sure to run the following commands after making the changes and immediately before reboot update-initramfs -c -k all; update-grub2;
  7. aarcane

    Bodhi 2.x.y Software Request Thread

    extra: I think it's fairly important to update the default JDK and JRE (and all the associated files) to either provide openjdk-7-* or to be virtual, and the associated JRE/JDK files updated to provide the virtual package.
  8. aarcane

    Install Bodhi Linux 2.0.1 in encrypted LVM

    For the next person to come along, I did get it working. I just followed the two guides, using one for crypt setup, and the other for lvm steps (xts is apparently really good for disk encryption), and everything just works now.
  9. aarcane

    Install Bodhi Linux 2.0.1 in encrypted LVM

    From what I understand, you have to follow directions such as these to migrate a new bodhi install to encrypted lvm root. I came to the forum looking for the exact same thing.. I had to find it on my own. HTH http://blog.markloiseau.com/2012/05/ubuntu-aes-xts-plain64/ https://help.ubuntu.com/community/EncryptedFilesystemLVMHowto
×