Skip to content

Instantly share code, notes, and snippets.

/arch_encrypt_s1

Created December 23, 2012 17:02
Show Gist options
  • Star 0 You must be signed in to star a gist
  • Fork 0 You must be signed in to fork a gist
  • Save anonymous/4364427 to your computer and use it in GitHub Desktop.
Save anonymous/4364427 to your computer and use it in GitHub Desktop.
Download ZIP
arch encrypted install
Raw
arch_encrypt_s1
#!/bin/bash
#This is an automatic install script intended for use on a virtual box machine
#user "passwd" and "systemctl start sshd.service" on the target machine and "ip addr" to find its internal ip
modprobe dm-crypt
modprobe dm-mod
#modprobe aes_x86_64
#modprobe blowfish
#modprobe cryptoloop
#modprobe anubis
#modprobe arc4
#modprobe blowfish
#modprobe cast5
#modprobe cast6
#modprobe cbc
#modprobe crc32c
#modprobe crypto_algapi
#modprobe crypto_hash
#modprobe cryptomgr
#modprobe crypto_null
#modprobe deflate
#modprobe des
#modprobe ecb
#modprobe gf128mul
#modprobe hmac
#modprobe khazad
#modprobe lrw
#modprobe md4
#modprobe md5
#modprobe michael_mic
#modprobe sha256
#modprobe sha512
#modprobe tea
#modprobe tgr192
#modprobe twofish_common
#modprobe wp512
#modprobe xcbc
#-----------
#drive setup stuff
#-----------
parted -s /dev/sda mklabel gpt
parted -s /dev/sda mkpart "primary" "fat16" "100MB" "200MB" #GPT required sda1
parted -s /dev/sda mkpart "primary" "ext4" "300MB" "900MB" #boot sda2
parted -s /dev/sda mkpart "primary" "ext4" "900MB" "99%" #everything else sda3
parted -s /dev/sda set 1 bios_grub on
mkfs.ext4 /dev/sda2
#mount /dev/sda2 /mnt
#modprobe dm_mod
cryptsetup --cipher aes-xts-plain64 --key-size 512 --hash sha512 --use-urandom -y luksFormat /dev/sda3 #you must type yes in all caps
#cryptsetup luksDump /dev/sda3
cryptsetup luksOpen /dev/sda3 rootdir
mkfs.ext4 /dev/mapper/rootdir
mount /dev/mapper/rootdir /mnt
mkdir /mnt/boot
mount /dev/sda2 /mnt/boot
#---------
#gen fstab, hostname and cp
#---------
echo "/dev/sda2 /boot ext4 defaults 0 0" >> /mnt/etc/fstab
echo "/dev/mapper/rootdir / ext4 defaults 0 1" >> /mnt/etc/fstab
echo archbox > /mnt/etc/hostname
cp -r /arch /mnt
#----------------------------------------
#install base system and chroot into /mnt
#----------------------------------------
pacstrap /mnt base base-devel
arch-chroot /mnt
#auto exit, unmount and reboot
#exit
#umount /mnt
#reboot
#other stuff no longer used
#modprobe aes-x86_64
#modprobe sha256_generic
#parted -s /dev/sda mkpart "primary" "fat16" "250MB" "500MB" #/boot
#cryptsetup luksFormat --cipher aes --verify-passphrase --key-size 256 --use-random /dev/sda
#modprobe -a vboxguest vboxsf vboxvideo
#echo -e "vboxguest\nvboxsf\nvboxvideo" > /etc/modules-load.d/virtualbox.conf
#x stuff
#pacman -S xorg-server xorg-xinit xorg-server-utils mesa xorg-twm xorg-xclock xterm
Raw
arch_encrypt_s2
#!/bin/bash
#intended to be run right after stage 1
mkinitcpio -p linux
#echo "/dev/sda2 / ext4 defaults 0 1" > /etc/fstab
#-----------------
#boot loader stuff
#-----------------
#install grub-bios thing
pacman --noconfirm -S grub-bios
cp /arch/mkinitcpio.conf /etc/mkinitcpio.conf
cp /arch/grub /etc/default/grub
grub-install --target=i386-pc --recheck /dev/sda
cp /usr/share/locale/en\@quot/LC_MESSAGES/grub.mo /boot/grub/locale/en.mo
grub-mkconfig -o /boot/grub/grub.cfg
#awk '/^GRUB_CMDLINE_LINUX=\"\"/{$0="GRUB_CMDLINE_LINUX=\"cryptdevice=/dev/sda3:cryptroot\""}1' /etc/default/grub > /etc/default/grub
#sed -i "s/HOOKS=\"base udev autodetect pata scsi sata filesystems usbinput fsck\"/HOOKS=\"base udev autodetect pata scsi sata keymap encrypt filesystems usbinput fsck\"/" /etc/mkinitcpio.conf
Raw
grub
GRUB_DEFAULT=0
GRUB_TIMEOUT=5
GRUB_DISTRIBUTOR="Arch"
GRUB_CMDLINE_LINUX_DEFAULT="quiet"
GRUB_CMDLINE_LINUX="cryptdevice=/dev/sda3:rootdir"
# Preload both GPT and MBR modules so that they are not missed
GRUB_PRELOAD_MODULES="part_gpt part_msdos"
# Uncomment to enable Hidden Menu, and optionally hide the timeout count
#GRUB_HIDDEN_TIMEOUT=5
#GRUB_HIDDEN_TIMEOUT_QUIET=true
# Uncomment to use basic console
GRUB_TERMINAL_INPUT=console
# Uncomment to disable graphical terminal
#GRUB_TERMINAL_OUTPUT=console
# The resolution used on graphical terminal
# note that you can use only modes which your graphic card supports via VBE
# you can see them in real GRUB with the command `vbeinfo'
GRUB_GFXMODE=auto
# Uncomment to allow the kernel use the same resolution used by grub
GRUB_GFXPAYLOAD_LINUX=keep
# Uncomment if you want GRUB to pass to the Linux kernel the old parameter
# format "root=/dev/xxx" instead of "root=/dev/disk/by-uuid/xxx"
#GRUB_DISABLE_LINUX_UUID=true
# Uncomment to disable generation of recovery mode menu entries
GRUB_DISABLE_RECOVERY=true
# Uncomment and set to the desired menu colors. Used by normal and wallpaper
# modes only. Entries specified as foreground/background.
#GRUB_COLOR_NORMAL="light-blue/black"
#GRUB_COLOR_HIGHLIGHT="light-cyan/blue"
# Uncomment one of them for the gfx desired, a image background or a gfxtheme
#GRUB_BACKGROUND="/path/to/wallpaper"
#GRUB_THEME="/path/to/gfxtheme"
# Uncomment to get a beep at GRUB start
#GRUB_INIT_TUNE="480 440 1"
#GRUB_SAVEDEFAULT="true"
Raw
mkinitcpio.conf
# vim:set ft=sh
# MODULES
# The following modules are loaded before any boot hooks are
# run. Advanced users may wish to specify all system modules
# in this array. For instance:
# MODULES="piix ide_disk reiserfs"
MODULES=""
# BINARIES
# This setting includes any additional binaries a given user may
# wish into the CPIO image. This is run last, so it may be used to
# override the actual binaries included by a given hook
# BINARIES are dependency parsed, so you may safely ignore libraries
BINARIES=""
# FILES
# This setting is similar to BINARIES above, however, files are added
# as-is and are not parsed in any way. This is useful for config files.
# Some users may wish to include modprobe.conf for custom module options
# like so:
# FILES="/etc/modprobe.d/modprobe.conf"
FILES=""
# HOOKS
# This is the most important setting in this file. The HOOKS control the
# modules and scripts added to the image, and what happens at boot time.
# Order is important, and it is recommended that you do not change the
# order in which HOOKS are added. Run 'mkinitcpio -H <hook name>' for
# help on a given hook.
# 'base' is _required_ unless you know precisely what you are doing.
# 'udev' is _required_ in order to automatically load modules
# 'filesystems' is _required_ unless you specify your fs modules in MODULES
# Examples:
## This setup specifies all modules in the MODULES setting above.
## No raid, lvm2, or encrypted root is needed.
# HOOKS="base"
#
## This setup will autodetect all modules for your system and should
## work as a sane default
# HOOKS="base udev autodetect pata scsi sata filesystems"
#
## This is identical to the above, except the old ide subsystem is
## used for IDE devices instead of the new pata subsystem.
# HOOKS="base udev autodetect ide scsi sata filesystems"
#
## This setup will generate a 'full' image which supports most systems.
## No autodetection is done.
# HOOKS="base udev pata scsi sata usb filesystems"
#
## This setup assembles a pata mdadm array with an encrypted root FS.
## Note: See 'mkinitcpio -H mdadm' for more information on raid devices.
# HOOKS="base udev pata mdadm encrypt filesystems"
#
## This setup loads an lvm2 volume group on a usb device.
# HOOKS="base udev usb lvm2 filesystems"
#
## NOTE: If you have /usr on a separate partition, you MUST include the
# usr, fsck and shutdown hooks.
HOOKS="base udev autodetect pata scsi sata keymap encrypt filesystems usbinput fsck"
# COMPRESSION
# Use this to compress the initramfs image. By default, gzip compression
# is used. Use 'cat' to create an uncompressed image.
#COMPRESSION="gzip"
#COMPRESSION="bzip2"
#COMPRESSION="lzma"
#COMPRESSION="xz"
#COMPRESSION="lzop"
# COMPRESSION_OPTIONS
# Additional options for the compressor
#COMPRESSION_OPTIONS=""
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment