After following these steps, your terminal will look like:
Zsh is a shell designed for interactive use, although it is also a powerful scripting language.
This guide provides instructions for an Arch Linux installation featuring full-disk encryption via LVM on LUKS and an encrypted boot partition (GRUB) for UEFI systems.
Following the main installation are further instructions to harden against Evil Maid attacks via UEFI Secure Boot custom key enrollment and self-signed kernel and bootloader.
You will find most of this information pulled from the Arch Wiki and other resources linked thereof.
Note: The system was installed on an NVMe SSD, substitute /dev/nvme0nX
with /dev/sdX
or your device as needed.
#!/bin/bash | |
# | |
# Digital Ocean Ubuntu 18.04 x64 Droplet with "Regular Intel" CPU. | |
# Running: | |
# git clone https://gist.github.com/54fc09734a3911e91eeeb43434f117df.git | |
# cd 54fc09734a3911e91eeeb43434f117df/ | |
# chmod +x make-chr.sh | |
# ./make-chr.sh | |
# | |
# Once the reboot is done, login with root/CHANGEME and change the password! |
LVM on LUKS Arch installation with systemd-boot
Sources:
Note: If you want a simpler encryption setup (with LUKS only), you can instead use the archinstall "guided" installer included with Arch since April 2021.
import exifread | |
# based on https://gist.github.com/erans/983821 | |
def _get_if_exist(data, key): | |
if key in data: | |
return data[key] | |
return None |
Ubuntu 14.04.3
Install dropbear SSH server with automated hooks for being included in an initramfs.
apt-get install dropbear
Remove default private/public key for login, clear dss key (would be regenererated otherwise), remove insecure 1024-bit RSA host key and generate a new 2048-bit RSA host key (we'll have to keep the DSA-key, dropbear won't start otherwise - make sure to use RSA when connecting):
# You must first install apktool (https://github.com/iBotPeaches/Apktool) and android SDK | |
# and decompile apk using it | |
# apktool d -rf my-app.apk | |
# then generate a key for sign in: | |
# keytool -genkey -v -keystore my-release-key.keystore -alias alias_name -keyalg RSA -keysize 2048 -validity 10000 | |
rm signed-app.apk | |
apktool b -f -d com.myapp | |
jarsigner -verbose -sigalg SHA1withRSA -digestalg SHA1 -keystore my-release-key.keystore com.myapp/dist/com.myapp.apk alias_name | |
zipalign -v 4 com.myapp/dist/com.myapp.apk signed-app.apk |
#!/bin/sh | |
PREREQ="dropbear" | |
prereqs() { | |
echo "$PREREQ" | |
} | |
case "$1" in | |
prereqs) |