Text only | Text with Images

Artix Linux Forum

Artix Linux => Installation / Migration / Configuration => Topic started by: shako on 05 July 2022, 10:57:00

Title: Base Artix installation w/ disk encryption
Post by: shako on 05 July 2022, 10:57:00
Hi everyone,

I am following this (https://wiki.artixlinux.org/Main/InstallationWithFullDiskEncryption) guide to install Artix w/ "almost full" disk encryption (leaving an unencrypted /boot partition). Since the guide only provides instructions regarding the graphical installer (through calamares), I was wondering if the same steps could be followed while installing the base OpenRC system through command line.

I suspect that, after mouning the partitions:
Code: [Select]
 swapon /dev/lvmSystem/volSwap
 mount /dev/lvmSystem/volRoot /mnt
 mkdir /mnt/boot
 mount /dev/sdX1 /mnt/boot
 

One simply has to install the system normally through basestrap, generate the fstab,  modify grub.cfg according to the guide and enable the required OpenRC services. May anyone who tried this before give me some hints on what I may be doing wrong? :)
Title: Re: Base Artix installation w/ disk encryption
Post by: VictorBrand on 05 July 2022, 12:39:51
Yes, you can do this, it's not so complicated. I have an Artix installation with full disk encryption made by manually installing. You just create and encrypted container, set up lvm and other stuff like btrfs with subvolumes, then you just mount your partitions to /mnt and proceed through the casual installation process.

All you need is to additionally configure cryptsetup, lvm (and optionally btrfs) to be present in initrams. You may need to adjust your /etc/fstab manually, and also create and configure /etc/crypttab (with OpenRC, you must edit the /etc/conf.d/dmcrypt file instead!). If you go with full disk encryption (i.e. encrypted /boot), you may optionally set up a keyfile to open your LUKS container and add it to your initramfs in order not to enter the password twice during the boot.
Title: Re: Base Artix installation w/ disk encryption
Post by: shako on 06 July 2022, 08:55:14
Thanks a lot @VictorBrand!

May I only ask what you mean by:

Quote from: VictorBrand – on
with OpenRC, you must edit the /etc/conf.d/dmcrypt file instead!

Following the guide, I see that you must install and enable that service at boot runlevel, but I see no specifications regarding its configuration.

Title: Re: Base Artix installation w/ disk encryption
Post by: VictorBrand on 06 July 2022, 13:31:21
Quote from: shako – on
Following the guide, I see that you must install and enable that service at boot runlevel, but I see no specifications regarding its configuration.
You should specify in the /etc/conf.d/dmcrypt file the same information as in the /etc/crypttab, but in a different format. The latter file in OpenRC has no effect (unless you use dracut to generate your initramfs, but it is rather unneeded in Artix, since we have mkinitcpio). Just look into the former file and read the comments, everything should be clear and self-explanatory there.
Title: Re: Base Artix installation w/ disk encryption
Post by: shako on 08 July 2022, 11:26:44
Hey @VictorBrand, just wanted to let you know that I just went through the whole installation processes. Following the steps provided by the guide (with the obvious exception of the installation through Calamares) was enough. Thanks! :)
Text only | Text with Images