From a8541811e98467478948b57db1e6c23ff72dcc7a Mon Sep 17 00:00:00 2001 From: Tobias Heinicke Date: Wed, 01 Jul 2015 19:03:46 -0400 Subject: Changed cryptomount occurences to exclude SOURCE. The GNU/Linux installation guides call 'cryptomount -a', which ignores any SOURCE parameter given and mounts all encrypted volumes regardless. To avoid confusion I removed the parameter and added a small note regarding mounting only specific partitions. --- (limited to 'docs/gnulinux/encrypted_trisquel.html') diff --git a/docs/gnulinux/encrypted_trisquel.html b/docs/gnulinux/encrypted_trisquel.html index 367dbbf..27864a8 100644 --- a/docs/gnulinux/encrypted_trisquel.html +++ b/docs/gnulinux/encrypted_trisquel.html @@ -229,7 +229,7 @@

Do that:
- grub> cryptomount -a (ahci0,msdos1)
+ grub> cryptomount -a
grub> set root='lvm/grubcrypt-trisquel'
grub> linux /vmlinuz root=/dev/mapper/grubcrypt-trisquel cryptdevice=/dev/mapper/grubcrypt-trisquel:root
grub> initrd /initrd.img
@@ -276,13 +276,19 @@

- cryptomount -a (ahci0,msdos1)
+ cryptomount -a
set root='lvm/grubcrypt-trisquel'
linux /vmlinuz root=/dev/mapper/grubcrypt-trisquel cryptdevice=/dev/mapper/grubcrypt-trisquel:root
initrd /initrd.img

+ Note: cryptomount -a mounts all encrypted devices found. It may be desirable to just mount the needed partition. + To do so you may either specify your partition via layout (e.g.: cryptomount -a (ahci0,msdos1)) + or use the UUID cryptomount -u UUID. +

+ +

Additionally, you should set a GRUB password. This is not your LUKS password, but it's a password that you have to enter to see GRUB. This protects your system from an attacker simply booting a live USB and re-flashing your firmware. This should be different than your LUKS passphrase and user password.

@@ -320,6 +326,7 @@

Copyright © 2014, 2015 Francis Rowe <info@gluglug.org.uk>
+ Copyright © 2015 Tobias Heinicke <theinicke@bss-wf.de>
This document is released under the Creative Commons Attribution-ShareAlike 4.0 International Public License and all future versions. A copy of the license can be found at ../cc-by-sa-4.txt.

-- cgit v0.9.1