ARCH Linux安装Buks Crefryption
时间:2020-02-23 14:45:24 来源:igfitidea点击:
创建分区
parted /dev/sda mklabel gpt mkpart ESP fat32 1MiB 200MiB set 1 boot on name 1 efi mkpart primary 200MiB 800MiB name 2 boot mkpart primary 800MiB 100% set 3 lvm on name 3 lvm print
配置luks.
modprobe dm-crypt modprobe dm-mod cryptsetup luksFormat -v -s 512 -h sha512 /dev/sda3 cryptsetup open /dev/sda3 luks_lvm
配置LVM.
pvcreate /dev/mapper/luks_lvm vgcreate arch /dev/mapper/luks_lvm lvcreate -n home -L 70G arch lvcreate -n root -L 120G arch lvcreate -n swap -L 1G -C y arch
格式分区
mkfs.fat -F32 /dev/sda1 mkfs.ext4 /dev/sda2 mkfs.btrfs -L root /dev/mapper/arch-root mkfs.btrfs -L home /dev/mapper/arch-home mkswap /dev/mapper/arch-swap
安装分区
swapon /dev/mapper/arch-swap
swapon -a ; swapon -s
mount /dev/mapper/arch-root /mnt
mkdir -p /mnt/{home,boot}
mount /dev/sda2 /mnt/boot
mount /dev/mapper/arch-home /mnt/home
mkdir /mnt/boot/efi
mount /dev/sda1 /mnt/boot/efi
安装Arch Linux:
pacstrap /mnt base base-devel efibootmgr vim dialog xterm btrfs-progs grub --noconfirm genfstav -U -p /mnt > /mnt/etc/fstab arch-chroot /mnt /bin/bash
配置mkinitcpio
vim /etc/mkinitcpio.conf
修改要添加的行 encrypt和 lvm2:
HOOKS="base udev autodetect modconf block encrypt lvm2 filesystems keyboard fsck"
生成新的initramfs镜像:
mkinitcpio -v -p linux
安装grub.
pacman -s grub --noconfirm grub-install --efi-directory=/boot/efi
配置LUKS内核参数
vim /etc/default/grub
添加行:
GRUB_CMDLINE_LINUX_DEFAULT="quiet resume=/dev/mapper/swap cryptdevice=/dev/sda3:luks_lvm"
自动解锁LUKS加密分区
dd if=/dev/urandom of=/crypto_keyfile.bin bs=512 count=10 chmod 000 /crypto_keyfile.bin chmod 600 /boot/initramfs-linux* cryptsetup luksAddKey /dev/sda3 /crypto_keyfile.bin
remodyify mkinicpio.conf.
现在包括 /crypto_keyfile.bin文件下的文件指令 mkinicpio.conf文件。
vim /etc/mkinitcpio.conf
添加行
FILES=/crypto_keyfile.bin
重新生ramdisk文件。
mkinitcpio -p linux
重新生格grub.cfg文件:
grub-mkconfig -o /boot/grub/grub.cfg grub-mkconfig -o /boot/efi/EFI/arch/grub.cfg
后安装配置。
记得修改 live-setup.sh因此:
pacman -S git --noconfirm git clone https://github.com/jmutai/dotfiles.git cp dotfiles/setup/pacman.conf /etc/pacman.conf cp dotfiles/setup/live-setup.sh . chmod +x live-setup.sh ./live-setup.sh
卸载分区并重新启动
exit umount -R /mnt reboot
