Talk:LVM on LUKS: Difference between revisions

From Alpine Linux
No edit summary
 
(9 intermediate revisions by 4 users not shown)
Line 3: Line 3:
----
----
Hello! While following the directions for installing grub (via grub-install) I found the package efibootmgr is longer available using apk. Help!
Hello! While following the directions for installing grub (via grub-install) I found the package efibootmgr is longer available using apk. Help!
--[[User:Mnemolyst|Mnemolyst]] ([[User talk:Mnemolyst|talk]]) 22:40, 07 Nov 2019 (UTC)
----
The last two umount statements before the reboot require a newer version of umount than what comes in the standard Alpine download. I needed to add the package util-linux to get the correct version and although the page mentions the package in the early section about getting the boot device name it doesn't explicitly state to download it.
--[[User:Sadbadman|Sadbadman]] ([[User talk:Sadbadman|talk]]) 06:45, 2 February 2020 (UTC)
----
I had difficulty with an encrypted /boot setup sda1=>efi, sda2=>crypt=>lvm(/root,/boot,swap).  The instructions by default will result in using LUKS2 with Argon2.  This is not actually supported by GRUB2 for an encrypted /boot setup (see Arch wiki article "GRUB", section "Encrypted_/boot" and  GRUB bug 55093 - i can't post links yet).  Until GRUB 2.06 is released and reaches alpine, users wanting encrypted /boot may need --type luks1 when running cryptsetup luksFormat.  And once GRUB 2.06 does arrive, it may require using PBKDF2.  Users will need to consult GRUB documentation when that time comes.  --[[User:Stapleemptier|Stapleemptier]] ([[User talk:Stapleemptier|talk]]) 09:09, 16 February 2020 (UTC)
I was able to confirm the above about --type luks1 today.  That, plus adding "GRUB_ENABLE_CRYPTODISK=y" to /etc/default/grub, allowed this procedure to work with v3.11.  I will update accordingly.  --[[User:Stapleemptier|Stapleemptier]] ([[User talk:Stapleemptier|talk]]) 00:38, 17 February 2020 (UTC)
== Optional: Overwrite LUKS Partition with Random Data ==
<s>Is this section still accurate since since Kernel 5.6, or roughly Alpine Linux version 3.13?
Doesn't /dev/random now do what is needed here without installing extra packages?</s>
[[User:Zcrayfish|zcrayfish]] ([[User talk:Zcrayfish|talk]]) 18:56, 17 December 2021 (UTC)
:{{done}}
:Looks like psykose, et al, removed the references to mostly obsolete haveged.
:[[User:Zcrayfish|zcrayfish]] ([[User talk:Zcrayfish|talk]]) 03:23, 14 August 2023 (UTC)

Latest revision as of 03:23, 14 August 2023

Why was ,mode=1777 removed from /tmp? --Ncopa (talk) 07:12, 15 May 2014 (UTC)


Hello! While following the directions for installing grub (via grub-install) I found the package efibootmgr is longer available using apk. Help! --Mnemolyst (talk) 22:40, 07 Nov 2019 (UTC)


The last two umount statements before the reboot require a newer version of umount than what comes in the standard Alpine download. I needed to add the package util-linux to get the correct version and although the page mentions the package in the early section about getting the boot device name it doesn't explicitly state to download it. --Sadbadman (talk) 06:45, 2 February 2020 (UTC)


I had difficulty with an encrypted /boot setup sda1=>efi, sda2=>crypt=>lvm(/root,/boot,swap). The instructions by default will result in using LUKS2 with Argon2. This is not actually supported by GRUB2 for an encrypted /boot setup (see Arch wiki article "GRUB", section "Encrypted_/boot" and GRUB bug 55093 - i can't post links yet). Until GRUB 2.06 is released and reaches alpine, users wanting encrypted /boot may need --type luks1 when running cryptsetup luksFormat. And once GRUB 2.06 does arrive, it may require using PBKDF2. Users will need to consult GRUB documentation when that time comes. --Stapleemptier (talk) 09:09, 16 February 2020 (UTC)

I was able to confirm the above about --type luks1 today. That, plus adding "GRUB_ENABLE_CRYPTODISK=y" to /etc/default/grub, allowed this procedure to work with v3.11. I will update accordingly. --Stapleemptier (talk) 00:38, 17 February 2020 (UTC)

Optional: Overwrite LUKS Partition with Random Data

Is this section still accurate since since Kernel 5.6, or roughly Alpine Linux version 3.13? Doesn't /dev/random now do what is needed here without installing extra packages? zcrayfish (talk) 18:56, 17 December 2021 (UTC)

✔️ Done

Looks like psykose, et al, removed the references to mostly obsolete haveged.
zcrayfish (talk) 03:23, 14 August 2023 (UTC)