Monday, November 7, 2016

SIMPLE RECIPE FOR ARCH LINUX FULL ENCRYPTED --LVM

Few days later i just want to give a try to arch Linux, since i like to try different things so i came across with Arch and some people love it some people don't so i give it a try and wanted to see if i can just encrypt it all and then play with it

so my first toughs were that it smells like OpenBSD at the installation process i mean set up the disk and then sync over the Internet

the other thing that i notice its that the wiki it huge and usually i like to get things done as quick as possible but i take me some spare time to get things done so this is my personal recipe to start and then move forward in case i want it to, this are all the minimal configuration to install it i use a virtual machine so things may go different in each case

toor# parted -s /dev/sda mklabel msdos
toor# parted -s /dev/sda mkpart primary 2048s 100%
toor# cryptsetup luksFormat /dev/sda1


at the beggining i used to type yes but it is actually 'YES' damm me :|

toor# cryptsetup luksOpen /dev/sda1 lvm


o by the way this is all in LVM setup sorry forget it to tell about it
creating LVM partitions

toor# pvcreate /dev/mapper/lvm
toor# vgcreate vg /dev/mapper/lvm
toor# lvcreate -L 2G vg -n swap
toor# lvcreate -l 100%FREE vg -n root

Formating and activating swap

toor# mkfs.ext4 /dev/mapper/vg-root
toor# mkswap /dev/mapper/vg-swap
toor# mount /dev/mapper/vg-root /mnt
toor# swapon /dev/mapper/vg-swap

preparing boot

toor# mkfs.ext2 /dev/sda1
toor# mkdir /mnt/boot
toor# mount /dev/sda1 /mnt/boot

Basic Install
toor# pacstrap /mnt base
toor# genfstab -U /mnt >> /mnt/etc/fstab
toor# arch-chroot /mnt
toor# ln -s /usr/share/zoneinfo/Region/City /etc/localtime
toor# hwclock --systohc

modifi according the /etc/locale.gen and i like to use joe so

toor# pacman -S joe 
toor# locale-gen
  
set LANG and KEYMAP
/etc/locale.conf
  LANG=en_US.UTF-8
/etc/vconsole.conf
  KEYMAP=la-latin1
Add hooks
/etc/mkinitcpio.conf
   HOOKS = "... encrypt lvm2 ..."
toor# mkinitcpio -p linux
toor# pacman -S grub

Edit grub
/etc/default/grub
  GRUB_ENABLE_CRYPTODISK=y
  GRUB_CMDLINE_LINUX="cryptdevice=/dev/sda1:lvm"

toor# grup-mkconfig -o /boot/grub/grub.cfg

it will complain with some warning like:
WARNING: failed to connect to lvmetad: No such file or directory. Falling back to internal scanning
no problem at all at least this is what wiki says
https://wiki.archlinux.org/index.php/GRUB#Warning_when_installing_in_chroot

toor# grup-install /dev/sda
toor# passwd
...
toor# ctrl+D
#reboot

here we have installed the system but it needs a little more to have a full system, this is just for the beginnign
references:
https://wiki.archlinux.org/
http://www.pavelkogan.com/2014/05/23/luks-full-disk-encryption/

No comments:

Post a Comment