libreboot
[Top][All Lists]
Advanced
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [Libreboot] Full disk encryption on Lenovo X200

From: Tudor SUCIU
Subject: Re: [Libreboot] Full disk encryption on Lenovo X200
Date: Sun, 10 Jul 2016 14:57:52 +0200 
Hello Duncan,

What I wrote addresses the case when somebody with libreboot on his laptop
wants a single encrypted partition (the "/").
I will not test the grub stuff, with libreboot grub is directly in bios. I
already attached a working grub.cfg (to be put in bios).
So, for me, this guide:
https://libreboot.org/docs/gnulinux/encrypted_trisquel.html
Breaks at "Further partitioning" because an install with encrypted /boot is
not allowed anymore.
In order to obtain what I want - a full disk encrypted - I obviously don't
want to put a /boot partition on the main disk.
If there is no unencrypted /boot the installer does not want to advance. It
gives an error.
So, you have my "hack" guide, that temporarily puts /boot on an external
disk, just before putting it back onto "/".

Hope it helps somebody in the future, I had to install trisquel 3 times
before getting it right.


On Sun, Jul 10, 2016 at 12:39 PM, Duncan Guthrie <address@hidden>
wrote:

> Hi T,
> You can avoid the need for /boot entirely by adding
> "GRUB_ENABLE_CRYPTDISK=y" to grub.cfg as discussed here:
> https://trisquel.info/en/forum/netinsall-tty-apt-get-update-not-working?page=1#comment-99091
> Read it carefully and see what you think. On that forum they discuss how
> to delete /boot, because GRUB can probe disks and unlock them, although you
> need to put in LUKS password twice. It does work, I can conform, on a
> computer without Libreboot installed. It may be of use to you, as
> instructions are provided which show how to install using the text
> installer (Debian was used but Trisquel has the same process as they have
> the same text installer). Then there's no need for putting /boot on
> external USB drive. Note, you may need to unlock the drive on a live CD in
> order to add the option to GRUB config file if the installer doesn't do it
> automatically.
> If you really need /boot on an external drive one suspects you just change
> the UUID in /etc/fstab to that of some partition on the USB drive. Then
> copy all the files there, and delete the partition that /boot is mounted
> at, usually /dev/sda1 if you install on /dev/sda.
>
> Hope that helps,
> D.
>
> On 10 July 2016 11:06:04 BST, Tudor SUCIU <address@hidden> wrote:
> >Hello,
> >
> >The guide on libreboot site is not working for me.
> >I needed:
> >- network connection on ethernet
> >- use the text installer, LVM is not an option in the graphical install
> >- use a usb key as "/boot" - unencrypted
> >- pretty complicated to boot the thing (option 4 - search on external
> >devices)
> >- after first successful boot from unencrypted /boot, as root:
> >  cp -r /boot /root/
> >  umount /boot
> >  cp -r /root/boot/* /boot
> >  vim /etc/fstab -> take out /boot
> >  update-grub (did not work - would not boot with given conf)
> >  manual boot instructions from the page work ok
> >  new grubtest.cfg file in libreboot bios (attached)
>
reply via email to
[Prev in Thread] Current Thread [Next in Thread]