summaryrefslogtreecommitdiffstats
path: root/docs/gnulinux/encrypted_parabola.html
diff options
context:
space:
mode:
authorArthur Heymans <arthur@aheymans.xyz>2015-06-09 14:06:13 (EDT)
committer Francis Rowe <info@gluglug.org.uk>2015-06-10 07:16:11 (EDT)
commit3fb9a15a88b17149c70ed00fdde4e69e3046a1af (patch)
treece058a75370fbcebc33eef704993a20312fcf4b6 /docs/gnulinux/encrypted_parabola.html
parent8630b33bb885becd47078a823a399d45ec2c58be (diff)
downloadlibreboot-3fb9a15a88b17149c70ed00fdde4e69e3046a1af.zip
libreboot-3fb9a15a88b17149c70ed00fdde4e69e3046a1af.tar.gz
libreboot-3fb9a15a88b17149c70ed00fdde4e69e3046a1af.tar.bz2
The patch for encrypt hook in is not needed. Just use cryptkey=rootfs:/path/to/key
Signed-off-by: Arthur Heymans <arthur@aheymans.xyz>
Diffstat (limited to 'docs/gnulinux/encrypted_parabola.html')
-rw-r--r--docs/gnulinux/encrypted_parabola.html14
1 files changed, 3 insertions, 11 deletions
diff --git a/docs/gnulinux/encrypted_parabola.html b/docs/gnulinux/encrypted_parabola.html
index 1538b9a..edd7810 100644
--- a/docs/gnulinux/encrypted_parabola.html
+++ b/docs/gnulinux/encrypted_parabola.html
@@ -589,16 +589,8 @@
<p>
Using the above installation method, you will have to unlock the encrypted file system twice
(once in GRUB, and again when booting Parabola).
- To circumvent this, you can insert a keyfile into the initramfs. This is generally safe, because the /boot/ directory is encrypted.
- You will need to apply a patch for this to work, until the patch is merged upstream.
- Every time the mkinitcpio package is updated, you will need to re-apply the patch (recommended)
- or add mkinitcpio to HoldPkg in /etc/pacman.conf (<b>not</b> recommended).
- <br/>
- Download the encrypt.patch file from this page:
- <a href=https://bugs.archlinux.org/index.php?do=details&action=details.addvote&task_id=31877>FS#31877</a><br/>
- Patch the encrypt hook:<br/>
- # <b>patch /usr/lib/initcpio/hooks/encrypt /path/to/encrypt.patch</b><br/>
- Create a Keyfile:<br/>
+ To circumvent this, you can insert a keyfile into the initramfs. This is generally safe, because the /boot/ directory is encrypted.<br/>
+ First create a keyfile:<br/>
# <b>dd bs=512 count=4 if=/dev/urandom of=/etc/mykeyfile iflag=fullblock</b><br/>
Add the keyfile to the Luks Device:<br/>
# <b>cryptsetup luksAddKey /dev/sdX /etc/mykeyfile</b><br/>
@@ -607,7 +599,7 @@
Re-create the initramfs image:<br/>
# <b>mkinitcpio -p linux-libre</b><br/>
Reboot and add the following to the kernel command line in GRUB:<br/>
- # <b>cryptkey=initramfs:/etc/mykeyfile</b><br/>
+ # <b>cryptkey=rootfs:/etc/mykeyfile</b><br/>
<br/>
If everything works as expected, permanently add the kernel parameter to the GRUB config using
the instructions at <a href="grub_cbfs.html">grub_cbfs.html</a>.