From a8541811e98467478948b57db1e6c23ff72dcc7a Mon Sep 17 00:00:00 2001 From: Tobias Heinicke Date: Wed, 01 Jul 2015 19:03:46 -0400 Subject: Changed cryptomount occurences to exclude SOURCE. The GNU/Linux installation guides call 'cryptomount -a', which ignores any SOURCE parameter given and mounts all encrypted volumes regardless. To avoid confusion I removed the parameter and added a small note regarding mounting only specific partitions. --- (limited to 'docs') diff --git a/docs/gnulinux/encrypted_parabola.html b/docs/gnulinux/encrypted_parabola.html index 7a74f93..7db3e7d 100644 --- a/docs/gnulinux/encrypted_parabola.html +++ b/docs/gnulinux/encrypted_parabola.html @@ -474,7 +474,7 @@ (using those 2 underlines will boot lts kernel instead of normal).

- grub> cryptomount -a (ahci0,msdos1)
+ grub> cryptomount -a
grub> set root='lvm/matrix-rootvol'
grub> linux /boot/vmlinuz-linux-libre-lts root=/dev/matrix/rootvol cryptdevice=/dev/sda1:root
grub> initrd /boot/initramfs-linux-libre-lts.img
@@ -497,7 +497,7 @@

Inside the 'Load Operating System' menu entry, change the contents to:
- cryptomount -a (ahci0,msdos1)
+ cryptomount -a
set root='lvm/matrix-rootvol'
linux /boot/vmlinuz-linux-libre-lts root=/dev/matrix/rootvol cryptdevice=/dev/sda1:root
initrd /boot/initramfs-linux-libre-lts.img @@ -511,6 +511,12 @@

+ Note: cryptomount -a mounts all encrypted devices found. It may be desirable to just mount the needed partition. + To do so you may either specify your partition via layout (e.g.: cryptomount -a (ahci0,msdos1)) + or use the UUID cryptomount -u UUID. +

+ +

Personally, I opted to have the entry for linux-libre-grsec at the top, so that it would load by default.

@@ -635,6 +641,7 @@ Copyright © 2014, 2015 Francis Rowe <info@gluglug.org.uk>
Copyright © 2015 Thomas Zelch <tze@xenlab.de>
Copyright © 2015 Arthur Heymans <arthur@aheymans.xyz>
+ Copyright © 2015 Tobias Heinicke <theinicke@bss-wf.de>
This document is released under the Creative Commons Attribution-ShareAlike 4.0 International Public License and all future versions. A copy of the license can be found at ../cc-by-sa-4.txt.

diff --git a/docs/gnulinux/encrypted_trisquel.html b/docs/gnulinux/encrypted_trisquel.html index 367dbbf..27864a8 100644 --- a/docs/gnulinux/encrypted_trisquel.html +++ b/docs/gnulinux/encrypted_trisquel.html @@ -229,7 +229,7 @@

Do that:
- grub> cryptomount -a (ahci0,msdos1)
+ grub> cryptomount -a
grub> set root='lvm/grubcrypt-trisquel'
grub> linux /vmlinuz root=/dev/mapper/grubcrypt-trisquel cryptdevice=/dev/mapper/grubcrypt-trisquel:root
grub> initrd /initrd.img
@@ -276,13 +276,19 @@

- cryptomount -a (ahci0,msdos1)
+ cryptomount -a
set root='lvm/grubcrypt-trisquel'
linux /vmlinuz root=/dev/mapper/grubcrypt-trisquel cryptdevice=/dev/mapper/grubcrypt-trisquel:root
initrd /initrd.img

+ Note: cryptomount -a mounts all encrypted devices found. It may be desirable to just mount the needed partition. + To do so you may either specify your partition via layout (e.g.: cryptomount -a (ahci0,msdos1)) + or use the UUID cryptomount -u UUID. +

+ +

Additionally, you should set a GRUB password. This is not your LUKS password, but it's a password that you have to enter to see GRUB. This protects your system from an attacker simply booting a live USB and re-flashing your firmware. This should be different than your LUKS passphrase and user password.

@@ -320,6 +326,7 @@

Copyright © 2014, 2015 Francis Rowe <info@gluglug.org.uk>
+ Copyright © 2015 Tobias Heinicke <theinicke@bss-wf.de>
This document is released under the Creative Commons Attribution-ShareAlike 4.0 International Public License and all future versions. A copy of the license can be found at ../cc-by-sa-4.txt.

-- cgit v0.9.1