diff options
author | Arthur Heymans <arthur@aheymans.xyz> | 2015-06-09 14:06:13 (EDT) |
---|---|---|
committer | Francis Rowe <info@gluglug.org.uk> | 2015-06-10 07:16:11 (EDT) |
commit | 3fb9a15a88b17149c70ed00fdde4e69e3046a1af (patch) | |
tree | ce058a75370fbcebc33eef704993a20312fcf4b6 /docs/gnulinux/encrypted_parabola.html | |
parent | 8630b33bb885becd47078a823a399d45ec2c58be (diff) | |
download | libreboot-3fb9a15a88b17149c70ed00fdde4e69e3046a1af.zip libreboot-3fb9a15a88b17149c70ed00fdde4e69e3046a1af.tar.gz libreboot-3fb9a15a88b17149c70ed00fdde4e69e3046a1af.tar.bz2 |
The patch for encrypt hook in is not needed. Just use cryptkey=rootfs:/path/to/key
Signed-off-by: Arthur Heymans <arthur@aheymans.xyz>
Diffstat (limited to 'docs/gnulinux/encrypted_parabola.html')
-rw-r--r-- | docs/gnulinux/encrypted_parabola.html | 14 |
1 files changed, 3 insertions, 11 deletions
diff --git a/docs/gnulinux/encrypted_parabola.html b/docs/gnulinux/encrypted_parabola.html index 1538b9a..edd7810 100644 --- a/docs/gnulinux/encrypted_parabola.html +++ b/docs/gnulinux/encrypted_parabola.html @@ -589,16 +589,8 @@ <p> Using the above installation method, you will have to unlock the encrypted file system twice (once in GRUB, and again when booting Parabola). - To circumvent this, you can insert a keyfile into the initramfs. This is generally safe, because the /boot/ directory is encrypted. - You will need to apply a patch for this to work, until the patch is merged upstream. - Every time the mkinitcpio package is updated, you will need to re-apply the patch (recommended) - or add mkinitcpio to HoldPkg in /etc/pacman.conf (<b>not</b> recommended). - <br/> - Download the encrypt.patch file from this page: - <a href=https://bugs.archlinux.org/index.php?do=details&action=details.addvote&task_id=31877>FS#31877</a><br/> - Patch the encrypt hook:<br/> - # <b>patch /usr/lib/initcpio/hooks/encrypt /path/to/encrypt.patch</b><br/> - Create a Keyfile:<br/> + To circumvent this, you can insert a keyfile into the initramfs. This is generally safe, because the /boot/ directory is encrypted.<br/> + First create a keyfile:<br/> # <b>dd bs=512 count=4 if=/dev/urandom of=/etc/mykeyfile iflag=fullblock</b><br/> Add the keyfile to the Luks Device:<br/> # <b>cryptsetup luksAddKey /dev/sdX /etc/mykeyfile</b><br/> @@ -607,7 +599,7 @@ Re-create the initramfs image:<br/> # <b>mkinitcpio -p linux-libre</b><br/> Reboot and add the following to the kernel command line in GRUB:<br/> - # <b>cryptkey=initramfs:/etc/mykeyfile</b><br/> + # <b>cryptkey=rootfs:/etc/mykeyfile</b><br/> <br/> If everything works as expected, permanently add the kernel parameter to the GRUB config using the instructions at <a href="grub_cbfs.html">grub_cbfs.html</a>. |