libreboot

Unnamed repository; edit this file 'description' to name the repository.
Log | Files | Refs | README

commit 3fb9a15a88b17149c70ed00fdde4e69e3046a1af
parent 8630b33bb885becd47078a823a399d45ec2c58be
Author: Arthur Heymans <arthur@aheymans.xyz>
Date:   Tue,  9 Jun 2015 20:06:13 +0200

The patch for encrypt hook in is not needed. Just use cryptkey=rootfs:/path/to/key

Signed-off-by: Arthur Heymans <arthur@aheymans.xyz>

Diffstat:
docs/gnulinux/encrypted_parabola.html | 14+++-----------
1 file changed, 3 insertions(+), 11 deletions(-)

diff --git a/docs/gnulinux/encrypted_parabola.html b/docs/gnulinux/encrypted_parabola.html @@ -589,16 +589,8 @@ <p> Using the above installation method, you will have to unlock the encrypted file system twice (once in GRUB, and again when booting Parabola). - To circumvent this, you can insert a keyfile into the initramfs. This is generally safe, because the /boot/ directory is encrypted. - You will need to apply a patch for this to work, until the patch is merged upstream. - Every time the mkinitcpio package is updated, you will need to re-apply the patch (recommended) - or add mkinitcpio to HoldPkg in /etc/pacman.conf (<b>not</b> recommended). - <br/> - Download the encrypt.patch file from this page: - <a href=https://bugs.archlinux.org/index.php?do=details&action=details.addvote&task_id=31877>FS#31877</a><br/> - Patch the encrypt hook:<br/> - # <b>patch /usr/lib/initcpio/hooks/encrypt /path/to/encrypt.patch</b><br/> - Create a Keyfile:<br/> + To circumvent this, you can insert a keyfile into the initramfs. This is generally safe, because the /boot/ directory is encrypted.<br/> + First create a keyfile:<br/> # <b>dd bs=512 count=4 if=/dev/urandom of=/etc/mykeyfile iflag=fullblock</b><br/> Add the keyfile to the Luks Device:<br/> # <b>cryptsetup luksAddKey /dev/sdX /etc/mykeyfile</b><br/> @@ -607,7 +599,7 @@ Re-create the initramfs image:<br/> # <b>mkinitcpio -p linux-libre</b><br/> Reboot and add the following to the kernel command line in GRUB:<br/> - # <b>cryptkey=initramfs:/etc/mykeyfile</b><br/> + # <b>cryptkey=rootfs:/etc/mykeyfile</b><br/> <br/> If everything works as expected, permanently add the kernel parameter to the GRUB config using the instructions at <a href="grub_cbfs.html">grub_cbfs.html</a>.