Skip to content

Instantly share code, notes, and snippets.

@gdamjan

gdamjan/README.md

Last active October 3, 2021 18:14
Show Gist options
  • Star 0 You must be signed in to star a gist
  • Fork 0 You must be signed in to fork a gist
  • Save gdamjan/0e51c1093eddc12495f60eaacb0fa559 to your computer and use it in GitHub Desktop.
Save gdamjan/0e51c1093eddc12495f60eaacb0fa559 to your computer and use it in GitHub Desktop.
Download ZIP
Arch install with tpm2/luks/secureboot notes
Raw
README.md

Инсталација

  1. Arch инсталиран
  • pacstrap /mnt base linux linux-firmware sudo vim openssh networkmanager iwd
  • UEFI vm
  • /dev/vda1 ESP (vfat)
  • /dev/vda2 crypt luks root
  • systemctl enable --now sshd NetworkManager
  1. јузер damjan
  • useradd -m damjan
  • usermod -a -G wheel damjan
  • /etc/sudoers.d/wheel
  • ssh-copy-id …

Reboot

После инсталација

  • ги скокнавме од инсталација

    • sudo pacman -S tree tmux which
    • timezone = sudo timedatectl set-timezone Europe/Skopje
    • hostname = sudo hostnamectl set-hostname arch-testing
    • locale = sudo localectl set-locale en_US.UTF-8
    • [testing]
    • networkd/resolved/mdns/llmnr

  • Dbus broker

    • sudo pacman -S dbus-broker
    • sudo systemctl enable dbus-broker.service
    • sudo systemctl --user --global enable dbus-broker.service

  • home

    • нов диск за home
    • homectl

  • secure-boot

    • sudo pacman -S sbctl binutils efibootmgr
    • sudo sbctl generate-keys
    • sudo sbctl bundle -s --kernel-img /boot/vmlinuz-linux --initramfs /boot/initramfs-linux.img --efi-stub /usr/lib/systemd/boot/efi/linuxx64.efi.stub --cmdline /etc/kernel/cmdline -p /boot /boot/EFI/Linux/arch-bundle.efi
    • sudo sbctl sign -s /boot/EFI/Linux/arch-bundle.efi
    • sudo efibootmgr -v -c -L ArchBundle -l /EFI/Linux/arch-bundle.efi --disk /dev/vda
    • reboot - set UEFI/Secure-boot in "Custom mode" or "User mode"
    • sudo sbctl enroll-keys
    • reboot

  • tpm2 luks unseal - trials and tribulations

    • sudo pacman -S tmp2-tss
    • measurements
    • објаснето
    • systemd-cryptenroll --tpm2-device=auto /dev/vda2
Raw
package-list
alsa-utils
autoconf
automake
bison
bluez-utils
code
dbus-broker
docker
dog
dolphin
efibootmgr
encfs
fakeroot
firefox
fwupd
go
gwenview
intel-ucode
kate
kmag
kolourpaint
krita
kwallet-pam
libreoffice-fresh
make
man-db
man-pages
modem-manager-gui
mpv
mtr
nextcloud-client
nmap
okular
opensc
patch
pavucontrol
phonon-qt5-gstreamer
pkgconf
plasma-desktop
plasma-disks
plasma-pa
plasma-systemmonitor
podman
pwgen
sbctl
sbsigntools
sddm-kcm
spectacle
tmux
tpm2-pkcs11
tpm2-tss-engine
ttf-dejavu
tree
unzip
usbutils
vim
virt-manager
vokoscreen
whois
wireguard-tools
yakuake
yubico-pam
yubikey-manager
Raw
package-list-aur
google-chrome
mpv-mpris
rebar3
ttf-vlgothic
yay
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment