Skip to main content
Topic: Full disk encryption (including /boot) Luks2+argon2 ( Efi ) (Read 1836 times) previous topic - next topic
0 Members and 3 Guests are viewing this topic.

Re: Full disk encryption (including /boot) Luks2+argon2 ( No Libreboot )

Reply #15
Hello. Yes, my system was installed using this link. At what stages exactly do problems arise?

Re: Full disk encryption (including /boot) Luks2+argon2 ( No Libreboot )

Reply #16
thanks for the answer. The installation goes almost fine, but there are two problems that I encounter, I have attached screenshots.
This is a large number of warnings about the absence of various modules when building the kernel, as well as a problem with installing a new Grub.

https://files.catbox.moe/7x1gil.png  ( missing module )

https://files.catbox.moe/q74s7n.png  ( problem with installing a new Grub)

Re: Full disk encryption (including /boot) Luks2+argon2 ( No Libreboot )

Reply #17
Sorry, but I can't open this site... Can you upload these screenshots directly here without using file hosting services?

Re: Full disk encryption (including /boot) Luks2+argon2 ( No Libreboot )

Reply #18



Re: Full disk encryption (including /boot) Luks2+argon2 ( No Libreboot )

Reply #19
Or here https://imgbb.com/


Re: Full disk encryption (including /boot) Luks2+argon2 ( No Libreboot )

Reply #21
Thank you very much!

Just ignore these warning messages. Actually everything went well.

You have created the efi directory in capital letters. The note says to create and mount efi, not EFI. Please read carefully[2].

Re: Full disk encryption (including /boot) Luks2+argon2 ( No Libreboot )

Reply #22
According to the message:

Code: [Select]
EFI variables are not supported on this system.

Did you run the virtual machine in Legacy mode? And you also missed --efi-directory=/boot/efi in the grub installation command and didn't specify the installation drive... Please read carefully [3].

Re: Full disk encryption (including /boot) Luks2+argon2 ( No Libreboot )

Reply #23
I tried both small and large, it doesn’t work, I also specified
Code: [Select]
--efi-directory=/boot/efi
. Now I’ll try to take a screenshot with small letters and the full command and show the screenshot.


Re: Full disk encryption (including /boot) Luks2+argon2 ( No Libreboot )

Reply #25
Hi,

Can you please sent the output of this command?

```
# cat /sys/firmware/efi/fw_platform_size
```

Seeing your last screenshot, I begin to doubt that your VM started in UEFI mode.

if the result of the command is 64 or 32, that means that your VM is indeed in UEFI mode,
if the file is not found, that means that your VM is started in BIOS mode.

If you want to install after testing it on a VM on your physical machine, I advise you to also check on your physical machine if it boot with UEFI or with BIOS, and boot your VM with the same mode.

Re: Full disk encryption (including /boot) Luks2+argon2 ( No Libreboot )

Reply #26
Hello Statzitz.
Yes, you are right, I checked the
Code: [Select]
 # cd /sys/firmware/ 
directory and did not find the efi partition.

Do I understand correctly that this installation is only suitable for EFI or can it be installed on the BIOS?

Re: Full disk encryption (including /boot) Luks2+argon2 ( No Libreboot )

Reply #27
I found an interesting hack)) how to run it from EFI, I’ll try the installation again

Code: [Select]
$ sudo pacman -S edk2-ovmf

$ qemu-system-x86_64 -bios /usr/share/ovmf/OVMF.fd  -cdrom  artix-base-openrc-20230814-x86_64.iso
 

Re: Full disk encryption (including /boot) Luks2+argon2 ( No Libreboot )

Reply #28
I said almost from the very beginning that this only works for systems with uefi. Therefore, your virtual machine must be loaded in uefi. When installing on a computer (not a virtual machine), it should also be loaded from uefi.

Grub should now install correctly. You should be warned not to be alarmed, because the decryption password will need to be entered twice. This can be circumvented, but we will think about that later.

Re: Full disk encryption (including /boot) Luks2+argon2 ( No Libreboot )

Reply #29
Hello. Yes, I was wrong, I admit it))
Once I’ve done everything, I’ll write about the result. As for entering the password twice, I understand how to solve this.

Code: [Select]
login:root
passwd *****

# dd bs=512 count=4 if=/dev/urandom of=/crypto_keyfile.bin

# cryptsetup luksAddKey /dev/sda2 /crypto_keyfile.bin

Even root doesn't need to access this

Code: [Select]
# chmod 000 /crypto_keyfile.bin  

# nano /etc/mkinitcpio.conf

find the inscription "FILE" in the file add   /crypto_keyfile.bin

FILES="/crypto_keyfile.bin"

# mkinitcpio -p linux-hardened



Tell me please, is it possible to build and install Grub with argon2id support for BIOS?