From a8541811e98467478948b57db1e6c23ff72dcc7a Mon Sep 17 00:00:00 2001
From: Tobias Heinicke
- grub> cryptomount -a (ahci0,msdos1)
+ grub> cryptomount -a
grub> set root='lvm/matrix-rootvol'
grub> linux /boot/vmlinuz-linux-libre-lts root=/dev/matrix/rootvol cryptdevice=/dev/sda1:root
grub> initrd /boot/initramfs-linux-libre-lts.img
@@ -497,7 +497,7 @@
Inside the 'Load Operating System' menu entry, change the contents to:
- cryptomount -a (ahci0,msdos1)
+ cryptomount -a
set root='lvm/matrix-rootvol'
linux /boot/vmlinuz-linux-libre-lts root=/dev/matrix/rootvol cryptdevice=/dev/sda1:root
initrd /boot/initramfs-linux-libre-lts.img
@@ -511,6 +511,12 @@
+ Note: cryptomount -a mounts all encrypted devices found. It may be desirable to just mount the needed partition. + To do so you may either specify your partition via layout (e.g.: cryptomount -a (ahci0,msdos1)) + or use the UUID cryptomount -u UUID. +
+ +Personally, I opted to have the entry for linux-libre-grsec at the top, so that it would load by default.
@@ -635,6 +641,7 @@ Copyright © 2014, 2015 Francis Rowe <info@gluglug.org.uk>
Do that:
- grub> cryptomount -a (ahci0,msdos1)
+ grub> cryptomount -a
grub> set root='lvm/grubcrypt-trisquel'
grub> linux /vmlinuz root=/dev/mapper/grubcrypt-trisquel cryptdevice=/dev/mapper/grubcrypt-trisquel:root
grub> initrd /initrd.img
@@ -276,13 +276,19 @@
- cryptomount -a (ahci0,msdos1)
+ cryptomount -a
set root='lvm/grubcrypt-trisquel'
linux /vmlinuz root=/dev/mapper/grubcrypt-trisquel cryptdevice=/dev/mapper/grubcrypt-trisquel:root
initrd /initrd.img
+ Note: cryptomount -a mounts all encrypted devices found. It may be desirable to just mount the needed partition. + To do so you may either specify your partition via layout (e.g.: cryptomount -a (ahci0,msdos1)) + or use the UUID cryptomount -u UUID. +
+ +Additionally, you should set a GRUB password. This is not your LUKS password, but it's a password that you have to enter to see GRUB. This protects your system from an attacker simply booting a live USB and re-flashing your firmware. This should be different than your LUKS passphrase and user password.
@@ -320,6 +326,7 @@
Copyright © 2014, 2015 Francis Rowe <info@gluglug.org.uk>
+ Copyright © 2015 Tobias Heinicke <theinicke@bss-wf.de>
This document is released under the Creative Commons Attribution-ShareAlike 4.0 International Public License and all future versions.
A copy of the license can be found at ../cc-by-sa-4.txt.