Full disk encryption secure boot: Difference between revisions
(Page creation) |
(Packages & Partitions) |
||
| Line 1: | Line 1: | ||
{{Draft}} | {{Draft}} | ||
This guide is to explain step by step how to setup Alpine Linux with Full Disk Encryption using LUKS2, /boot & / together on the same partition, with UEFI & Secure Boot. | This guide is to explain step by step how to setup Alpine Linux with Full Disk Encryption using LUKS2, /boot & / together on the same partition on a nvme drive, with UEFI & Secure Boot. | ||
= Sequence of Events = | |||
* Installing packages | |||
* Partitioning the disk | |||
* Configuring LUKS | |||
* Installing Alpine | |||
* Configuring Secure Boot | |||
= Installing packages = | |||
To facilitate the partitioning we will use gdisk : | |||
<pre># apk add gptfdisk</pre> | |||
For encryption, we will use cryptsetup : | |||
<pre># apk add cryptsetup</pre> | |||
For using and managing UEFI, multiple packages are needed : | |||
<pre># apk add e2fsprogs grub grub-efi</pre> | |||
= Partitioning the disk = | |||
Let's assume the disk is /dev/nvme0n1 and no partitions are present, we will create two partitions only : one for UEFI, one for / | |||
<pre># gdisk /dev/nvme0n1 | |||
Command (? for help): n | |||
Partition number (1-128, default 1): | |||
First sector (2048-1000215182, default = 2048) or {+-}size{KMGTP}: | |||
Last sector (2048-1000215182, default = 1000214527) or {+-}size{KMGTP}: 512M | |||
Hex code or GUID (L to show codes, Enter = 8300): ef00 | |||
Changed type of partition to 'EFI system partition' | |||
Command (? for help): n | |||
Partition number (2-128, default 2): | |||
First sector (1048577-1000215182, default = 1050624) or {+-}size{KMGTP}: | |||
Last sector (1050624-1000215182, default = 1000214527) or {+-}size{KMGTP}: | |||
Current type is 8300 (Linux filesystem) | |||
Hex code or GUID (L to show codes, Enter = 8300): 8309 | |||
Changed type of partition to 'Linux LUKS' | |||
Command (? for help): w | |||
Final checks complete. About to write GPT data. THIS WILL OVERWRITE EXISTING | |||
PARTITIONS!! | |||
Do you want to proceed? (Y/N): Y | |||
OK; writing new GUID partition table (GPT) to /dev/nvme0n1. | |||
The operation has completed successfully. | |||
</pre> | |||
Revision as of 20:59, 26 July 2022
 Do not follow instructions here until this notice is removed. |
This guide is to explain step by step how to setup Alpine Linux with Full Disk Encryption using LUKS2, /boot & / together on the same partition on a nvme drive, with UEFI & Secure Boot.
Sequence of Events
- Installing packages
- Partitioning the disk
- Configuring LUKS
- Installing Alpine
- Configuring Secure Boot
Installing packages
To facilitate the partitioning we will use gdisk :
# apk add gptfdisk
For encryption, we will use cryptsetup :
# apk add cryptsetup
For using and managing UEFI, multiple packages are needed :
# apk add e2fsprogs grub grub-efi
Partitioning the disk
Let's assume the disk is /dev/nvme0n1 and no partitions are present, we will create two partitions only : one for UEFI, one for /
# gdisk /dev/nvme0n1
Command (? for help): n
Partition number (1-128, default 1):
First sector (2048-1000215182, default = 2048) or {+-}size{KMGTP}:
Last sector (2048-1000215182, default = 1000214527) or {+-}size{KMGTP}: 512M
Hex code or GUID (L to show codes, Enter = 8300): ef00
Changed type of partition to 'EFI system partition'
Command (? for help): n
Partition number (2-128, default 2):
First sector (1048577-1000215182, default = 1050624) or {+-}size{KMGTP}:
Last sector (1050624-1000215182, default = 1000214527) or {+-}size{KMGTP}:
Current type is 8300 (Linux filesystem)
Hex code or GUID (L to show codes, Enter = 8300): 8309
Changed type of partition to 'Linux LUKS'
Command (? for help): w
Final checks complete. About to write GPT data. THIS WILL OVERWRITE EXISTING
PARTITIONS!!
Do you want to proceed? (Y/N): Y
OK; writing new GUID partition table (GPT) to /dev/nvme0n1.
The operation has completed successfully.