Full disk encryption (including /boot) Luks2+argon2 ( Efi )

Topic: Full disk encryption (including /boot) Luks2+argon2 ( Efi ) (Read 1836 times) previous topic - next topic

0 Members and 3 Guests are viewing this topic.

Re: Full disk encryption (including /boot) Luks2+argon2 ( No Libreboot )

Reply #15 – 08 May 2024, 01:15:45

Hello. Yes, my system was installed using this link. At what stages exactly do problems arise?

Re: Full disk encryption (including /boot) Luks2+argon2 ( No Libreboot )

Reply #16 – 08 May 2024, 11:30:24

thanks for the answer. The installation goes almost fine, but there are two problems that I encounter, I have attached screenshots.
This is a large number of warnings about the absence of various modules when building the kernel, as well as a problem with installing a new Grub.

https://files.catbox.moe/7x1gil.png ( missing module )

https://files.catbox.moe/q74s7n.png ( problem with installing a new Grub)

Re: Full disk encryption (including /boot) Luks2+argon2 ( No Libreboot )

Reply #17 – 08 May 2024, 11:41:02

Sorry, but I can't open this site... Can you upload these screenshots directly here without using file hosting services?

Re: Full disk encryption (including /boot) Luks2+argon2 ( No Libreboot )

Reply #18 – 08 May 2024, 11:43:10

Re: Full disk encryption (including /boot) Luks2+argon2 ( No Libreboot )

Reply #19 – 08 May 2024, 11:52:38

Or here https://imgbb.com/

Re: Full disk encryption (including /boot) Luks2+argon2 ( No Libreboot )

Reply #20 – 08 May 2024, 11:56:31

https://ibb.co/kxxxcH5

https://ibb.co/JxFNCpZ

Re: Full disk encryption (including /boot) Luks2+argon2 ( No Libreboot )

Reply #21 – 08 May 2024, 12:08:17

Thank you very much!

Just ignore these warning messages. Actually everything went well.

You have created the efi directory in capital letters. The note says to create and mount efi, not EFI. Please read carefully[2].

Re: Full disk encryption (including /boot) Luks2+argon2 ( No Libreboot )

Reply #22 – 08 May 2024, 12:12:51

According to the message:

Code: [Select]

EFI variables are not supported on this system.

Did you run the virtual machine in Legacy mode? And you also missed --efi-directory=/boot/efi in the grub installation command and didn't specify the installation drive... Please read carefully [3].

Re: Full disk encryption (including /boot) Luks2+argon2 ( No Libreboot )

Reply #23 – 08 May 2024, 18:38:37

I tried both small and large, it doesn’t work, I also specified

Code: [Select]

--efi-directory=/boot/efi

. Now I’ll try to take a screenshot with small letters and the full command and show the screenshot.

Re: Full disk encryption (including /boot) Luks2+argon2 ( No Libreboot )

Reply #24 – 08 May 2024, 19:45:00

https://ibb.co/MnfzJYF

Re: Full disk encryption (including /boot) Luks2+argon2 ( No Libreboot )

Reply #25 – 08 May 2024, 20:40:53

Hi,

Can you please sent the output of this command?

```
# cat /sys/firmware/efi/fw_platform_size
```

Seeing your last screenshot, I begin to doubt that your VM started in UEFI mode.

if the result of the command is 64 or 32, that means that your VM is indeed in UEFI mode,
if the file is not found, that means that your VM is started in BIOS mode.

If you want to install after testing it on a VM on your physical machine, I advise you to also check on your physical machine if it boot with UEFI or with BIOS, and boot your VM with the same mode.

Re: Full disk encryption (including /boot) Luks2+argon2 ( No Libreboot )

Reply #26 – 08 May 2024, 21:45:37

Hello Statzitz.
Yes, you are right, I checked the

Code: [Select]

 # cd /sys/firmware/

directory and did not find the efi partition.

Do I understand correctly that this installation is only suitable for EFI or can it be installed on the BIOS?

Re: Full disk encryption (including /boot) Luks2+argon2 ( No Libreboot )

Reply #27 – 08 May 2024, 22:07:12

I found an interesting hack)) how to run it from EFI, I’ll try the installation again

Code: [Select]

$ sudo pacman -S edk2-ovmf

$ qemu-system-x86_64 -bios /usr/share/ovmf/OVMF.fd  -cdrom  artix-base-openrc-20230814-x86_64.iso

Re: Full disk encryption (including /boot) Luks2+argon2 ( No Libreboot )

Reply #28 – 09 May 2024, 01:32:42

I said almost from the very beginning that this only works for systems with uefi. Therefore, your virtual machine must be loaded in uefi. When installing on a computer (not a virtual machine), it should also be loaded from uefi.

Grub should now install correctly. You should be warned not to be alarmed, because the decryption password will need to be entered twice. This can be circumvented, but we will think about that later.

Re: Full disk encryption (including /boot) Luks2+argon2 ( No Libreboot )

Reply #29 – 09 May 2024, 09:13:02

Hello. Yes, I was wrong, I admit it))
Once I’ve done everything, I’ll write about the result. As for entering the password twice, I understand how to solve this.

Code: [Select]

login:root
passwd *****

# dd bs=512 count=4 if=/dev/urandom of=/crypto_keyfile.bin

# cryptsetup luksAddKey /dev/sda2 /crypto_keyfile.bin

Even root doesn't need to access this

Code: [Select]

# chmod 000 /crypto_keyfile.bin  

# nano /etc/mkinitcpio.conf

find the inscription "FILE" in the file add   /crypto_keyfile.bin

FILES="/crypto_keyfile.bin" 

# mkinitcpio -p linux-hardened

Tell me please, is it possible to build and install Grub with argon2id support for BIOS?