Last active
October 17, 2023 12:25
-
-
Save atomofiron/d111a4a4490886492314587ac13f834b to your computer and use it in GitHub Desktop.
Linux encrypted persistence
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| dd if=linux.iso of=/dev/sda conv=fsync bs=4M status=progress | |
| # reboot | |
| fdisk /dev/sda <<< $(printf "n\np\n\n\n\nw") | |
| cryptsetup --verbose --verify-passphrase luksFormat /dev/sda3 | |
| cryptsetup luksOpen /dev/sda3 usb_part | |
| mkfs.ext4 -L persistence /dev/mapper/usb_part | |
| e2label /dev/mapper/usb_part persistence | |
| mkdir -p /mnt/usb_part | |
| mount /dev/mapper/usb_part /mnt/usb_part | |
| echo "/ union" | sudo tee /mnt/usb_part/persistence.conf | |
| umount /dev/mapper/usb_part | |
| cryptsetup luksClose /dev/mapper/usb_part | |
| # change passphrase | |
| cryptsetup luksClose /dev/mapper/usb_part | |
| cryptsetup luksChangeKey /dev/sda3 | |
| # reboot with persistence | |
| sudo apt install -y cryptsetup-nuke-password | |
| dpkg-reconfigure cryptsetup-nuke-password | |
| # backup | |
| cryptsetup luksHeaderBackup --header-backup-file luksheader.back /dev/sda3 | |
| openssl enc -e -aes-256-cbc -in luksheader.back -out luksheader.back.enc | |
| # restore | |
| openssl enc -d -aes-256-cbc -in luksheader.back.enc -out luksheader.back | |
| cryptsetup luksHeaderRestore --header-backup-file luksheader.back /dev/sda3 |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment