Differences

This shows you the differences between two versions of the page.

--- computing:slackware [2019/06/17 06:54] – oemb1905
+++ computing:slackware [2021/10/27 23:16] (current) – oemb1905
@@ Line 7: / Line 7: @@
 -------------------------------------------
-First, let's install Slackware using full disk encryption using Luks, along with LVM.  This is based on the Grey Seeker tutorial, and is the officially supported full disk encryption as documented here [[http://slackware.cs.utah.edu/pub/slackware/slackware64-14.1/README_CRYPT.TXT|Slackware Encryption]].  First, lets create our partitions using gdisk:
+First, let's install Slackware using full disk encryption using Luks, along with LVM.  This is my attempt to document and write out Grey Seeker's tutorial, and is the officially supported full disk encryption as documented here [[http://slackware.cs.utah.edu/pub/slackware/slackware64-14.1/README_CRYPT.TXT|Slackware Encryption]].  First, lets create our partitions using gdisk:
   gdisk /dev/sda
@@ Line 22: / Line 22: @@
   <w, Y, enter>
 Now, it is time to create your crypt using ''cryptsetup'':
@@ Line 64: / Line 64: @@
 If you did not run this correctly, you will get quick output that obviously looks wrong.  If you did it correctly, you will get this output:
-{{ :computing:mkinitrd.png?200 |}}
+{{ :computing:mkinitrd.png?600 |}}
 Now, let's maually verify that the command you just ran in fact created the initrd.gz as follows:
@@ Line 77: / Line 77: @@
 You may optionally uncomment ''#compact ...'' to speed up the boot time by bypassing the bios check, but the main parts you need to change are the boot configuration at the bottom of the file.  Here is how the configuration originally looks:
-{{ :computing:liloog.png?200 |}}
+{{ :computing:liloog.png?175 |}}
 Here is how it should look after you have adjusted the configuration to reflect the changes you made with mkinitrd.  Slackware's luks and lvm requires the generic kernel (not the so-called huge ones), and you also need to introduce the initrd.  Now, change the label, as long as it is unique and different from the previous one, giving us something like:
@@ Line 126: / Line 126: @@
 To get your psk key, run:
-  wpa_passphrase ssid 'passphrase'
+  wpa_passphrase <ssidname> 'passphrase'
 Then, edit the /etc/rc.d/rc.inet1.conf as follows:
-  IFNAME[1]="ath0"
+  IFNAME[1]="wlan0"
   IPADDR[1]=""
   NETMASK[1]=""
@@ Line 173: / Line 173: @@
   slackpkg clean-system
-Set up a crypt for sensitive data:
+Set up a crypt for sensitive d200ata:
   cryptsetup luksFormat /dev/sdaX
@@ Line 187: / Line 187: @@
   mount /dev/mapper/vault /mnt/vault
+Or, install pam mount and let it handle mounting like so:
+  sudo nano /etc/security/pam_mount.conf.xml
+Under volume definitions, enter the same volume, but use the block ID instead of the device lettering (which can change):
- --- //[[netcmnd@jonathanhaack.com|oemb1905]] 2019/06/16 23:48//
+  <volume user="user" fstype="crypt" path="/dev/disk/by-uuid/97627555-91xd-4293-a5vg-6xc211gd9945" mountpoint="/mnt/vault" options="noatime,exec,fsck,nodev,nosuid"/>
+ --- //[[jonathan@haacksnetworking.com|oemb1905]] 2021/10/27 17:13//

Haack's Wiki

User Tools

Site Tools

Differences

Page Tools