![]() ![]() Furthermore, MDADM RAID 1 may be used for boot, rescue and swap partitions with RAID 10, RAID 5 and RAID 6 being further options for swap. single or a RAID 1 flavour is always used for metadata block groups. The signature is verified upon boot, and bootup aborts if verification fails.ĭepending on the number of disks and the disk.sh options chosen, BTRFS "single", "raid1", "raid1c3", "raid1c4", "raid10", "raid5" or "raid6" is used for the data block groups of the system partition where the Btrfs subvolumes are located ( etc.). Only the EFI System Partitions are not encrypted, but the EFI binaries are Secure Boot signed. The installation steps make use of LUKS encryption wherever possible. Gentoo Linux system: ssh -p 50022 Initramfs system to LUKS unlock remotely (further info at the bottom of this page): ssh -p 50023 Customised SystemRescueCD system: ssh -p 50024 three boot options are available in GRUB's boot menu.After boot into rescue system based upon a customised SystemRescueCDĪfter completion of this installation guide, SSH connections will be possible via SSH public key authentication to the:.Remote: SSH login into initramfs+dropbear system, manual decryption of LUKS partitions and resumption of Gentoo Linux boot.Locally: One-time password entry and automatic decryption of LUKS partitions (multiple root and swap partitions) in further boot process via LUKS keyfile stored in initramfs which itself is stored on LUKS encrypted partition(s).The following installation guide results in a fully encrypted, Secure Boot signed (EFI binary/binaries) and GnuPG signed (kernel, initramfs, microcode etc.) system with heavy use of RAID (mdadm and BTRFS based) and support for LUKS unlock: ![]() Make sure that the system is in Setup Mode in order to be able to add your custom keys. ⚠ The installation guide builds heavily on Secure Boot. ![]()
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |