Advertisement
Not a member of Pastebin yet?
Sign Up,
it unlocks many cool features!
- #!/bin/bash
- root pw = 01101100
- #after partitioning, make format and fs
- cryptsetup -y -v luksFormat $rewtpart
- cryptsetup open $rewtpart cryptroot
- mkfs -t ext4 /dev/mapper/cryptroot
- mount -t ext4 /dev/mapper/cryptroot /mnt
- cryptsetup -y -v luksFormat $homepart
- cryptsetup open $homepart cryphome
- mkfs -t ext4 /dev/mapper/crypthome
- mount -t ext4 /dev/mapper/crypthome /mnt/home
- mkswap -U 13371337-0000-4000-0000-133700133700 $swappart
- cryptsetup -y -v luksFormat $swappart
- cryptsetup open $swappart cryptswap
- swapon $swappart
- ##### add root config and hooks to mkinitcpio - enables booting
- #add 'encrypt' and 'filesystems' (after 'encrypt') to HOOKS= var --- with sed?
- sed -e "52s/keyboard//" /etc/mkinitcpio.conf
- sed -e "52s/filesystems/keyboard encrypt filesystems/" /etc/mkinitcpio.conf
- ##### add root to boot-loader (i.e. GRUB) - parsed on boot by 'encrypt' hook of mkinitcpio to identify which device contains the encrypted system
- echo 'cryptdevice=$rewtpart:cryptroot' >> /boot/grub/grub.cfg
- ##### auto unlock and mount
- echo 'home $homepart none luks' >> /etc/crypttab
- ##### swap setup to encrypt on boot - NO SUPPORT FOR SUSPEND-TO-DISK
- echo 'cryptswap /dev/sda4 /dev/urandom swap,cipher=aes-cbc-essiv:sha256,size=256' >> /etc/crypttab
- # check to see genfstab properly generated swap:
- # echo 'UUID=13371337-0000-4000-0000-133700133700 /swap none swap sw 0 0' >> /etc/fstab
Advertisement
Add Comment
Please, Sign In to add comment
Advertisement
