libreboot-dev
[Top][All Lists]
Advanced
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[Libreboot-dev] [PATCH] No need to patch encrypt hook in parabola gnu/li

From: arthur
Subject: [Libreboot-dev] [PATCH] No need to patch encrypt hook in parabola gnu/linux
Date: Tue, 09 Jun 2015 20:27:58 +0200 
From 8f2530e6fc8f951b7cb8e41ca37fdc0b71bfed4e Mon Sep 17 00:00:00 2001
From: Arthur Heymans <address@hidden>
Date: Tue, 9 Jun 2015 20:06:13 +0200
Subject: [PATCH] The patch for encrypt hook in is not needed. Just use
 cryptkey=rootfs:/path/to/key

Signed-off-by: Arthur Heymans <address@hidden>
---
 docs/gnulinux/encrypted_parabola.html | 14 +++-----------
 1 file changed, 3 insertions(+), 11 deletions(-)

diff --git a/docs/gnulinux/encrypted_parabola.html 
b/docs/gnulinux/encrypted_parabola.html
index 1538b9a..edd7810 100644
--- a/docs/gnulinux/encrypted_parabola.html
+++ b/docs/gnulinux/encrypted_parabola.html
@@ -589,16 +589,8 @@
                <p>
                        Using the above installation method, you will have to 
unlock the encrypted file system twice
                        (once in GRUB, and again when booting Parabola).
-                       To circumvent this, you can insert a keyfile into the 
initramfs. This is generally safe, because the /boot/ directory is encrypted.
-                       You will need to apply a patch for this to work, until 
the patch is merged upstream.
-                       Every time the mkinitcpio package is updated, you will 
need to re-apply the patch (recommended)
-                       or add mkinitcpio to HoldPkg in /etc/pacman.conf 
(<b>not</b> recommended).
-                       <br/>
-                       Download the encrypt.patch file from this page:
-                       <a 
href=https://bugs.archlinux.org/index.php?do=details&action=details.addvote&task_id=31877>FS#31877</a><br/>
-                       Patch the encrypt hook:<br/>
-                       # <b>patch /usr/lib/initcpio/hooks/encrypt 
/path/to/encrypt.patch</b><br/>
-                       Create a Keyfile:<br/>
+                       To circumvent this, you can insert a keyfile into the 
initramfs. This is generally safe, because the /boot/ directory is 
encrypted.<br/>
+                       First create a keyfile:<br/>
                        # <b>dd bs=512 count=4 if=/dev/urandom 
of=/etc/mykeyfile iflag=fullblock</b><br/>
                        Add the keyfile to the Luks Device:<br/>
                        # <b>cryptsetup luksAddKey /dev/sdX 
/etc/mykeyfile</b><br/> 
@@ -607,7 +599,7 @@
                        Re-create the initramfs image:<br/>
                        # <b>mkinitcpio -p linux-libre</b><br/>
                        Reboot and add the following to the kernel command line 
in GRUB:<br/>
-                       # <b>cryptkey=initramfs:/etc/mykeyfile</b><br/>
+                       # <b>cryptkey=rootfs:/etc/mykeyfile</b><br/>
                        <br/>
                        If everything works as expected, permanently add the 
kernel parameter to the GRUB config using
                        the instructions at <a 
href="grub_cbfs.html">grub_cbfs.html</a>.
-- 
2.4.2


Hi

I found out that the patch for the encrypt hook in initcpio for parabola
gnu/linux is not needed to avoid having to type your passphrase twice during 
boot.
Using using cryptkey=rootfs:/path/to/file works just fine.

Arthur Heymans

Attachment: signature.asc
Description: PGP signature

reply via email to
[Prev in Thread] Current Thread [Next in Thread]