Re: [Libreboot] Full disk encryption on Lenovo X200

[Duncan Guthrie]

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

Hi T,
The Trisquel 7 install image has not been updated for about 1,5 years.
Were you trying an older version? It may be something on your end
otherwise. I would be interested to learn more

Thanks for your correspondence,
D.

On 10/07/16 13:57, Tudor SUCIU wrote:
> Hello Duncan,
> 
> What I wrote addresses the case when somebody with libreboot on his
> laptop wants a single encrypted partition (the "/"). I will not 
> test the grub stuff, with libreboot grub is directly in bios. I 
> already attached a working grub.cfg (to be put in bios). So, for 
> me, this guide: 
> https://libreboot.org/docs/gnulinux/encrypted_trisquel.html Breaks 
> at "Further partitioning" because an install with encrypted /boot 
> is not allowed anymore. In order to obtain what I want - a full 
> disk encrypted - I obviously don't want to put a /boot partition
> on the main disk. If there is no unencrypted /boot the installer
> does not want to advance. It gives an error. So, you have my
> "hack" guide, that temporarily puts /boot on an external disk, just
> before putting it back onto "/".
> 
> Hope it helps somebody in the future, I had to install trisquel 3 
> times before getting it right.
> 
> 
> On Sun, Jul 10, 2016 at 12:39 PM, Duncan Guthrie 
> <address@hidden <mailto:address@hidden>> wrote:
> 
> Hi T, You can avoid the need for /boot entirely by adding 
> "GRUB_ENABLE_CRYPTDISK=y" to grub.cfg as discussed here: 
> https://trisquel.info/en/forum/netinsall-tty-apt-get-update-not-workin
g?page=1#comment-99091
>
>
> 
Read it carefully and see what you think. On that forum they discuss
> how to delete /boot, because GRUB can probe disks and unlock them,
>  although you need to put in LUKS password twice. It does work, I 
> can conform, on a computer without Libreboot installed. It may be 
> of use to you, as instructions are provided which show how to 
> install using the text installer (Debian was used but Trisquel has 
> the same process as they have the same text installer). Then 
> there's no need for putting /boot on external USB drive. Note, you 
> may need to unlock the drive on a live CD in order to add the 
> option to GRUB config file if the installer doesn't do it 
> automatically. If you really need /boot on an external drive one 
> suspects you just change the UUID in /etc/fstab to that of some 
> partition on the USB drive. Then copy all the files there, and 
> delete the partition that /boot is mounted at, usually /dev/sda1
> if you install on /dev/sda.
> 
> Hope that helps, D.
> 
> On 10 July 2016 11:06:04 BST, Tudor SUCIU <address@hidden 
> <mailto:address@hidden>> wrote:
>> Hello,
>> 
>> The guide on libreboot site is not working for me. I needed: - 
>> network connection on ethernet - use the text installer, LVM is 
>> not an option in the graphical install - use a usb key as
>> "/boot" - unencrypted - pretty complicated to boot the thing
>> (option 4 - search on external devices) - after first successful
>> boot from unencrypted /boot, as root: cp -r /boot /root/ umount
>> /boot cp -r /root/boot/* /boot vim /etc/fstab -> take out /boot
>> update-grub (did not work - would not boot with given conf)
>> manual boot instructions from the page work ok new grubtest.cfg
>> file in libreboot bios (attached)
> 
> 

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v2

iQIcBAEBCAAGBQJXgkqrAAoJEPs8tiiQ8FTANwgQAKg45Sawkkw9nMCYxUltoWYd
ew+du6lhJIOSFg7Kp6L+s0kBdgnQqOjOmGW0kBw3ku2Ax3N9545MRDT3nems7OVd
dGwHvqI3AUTkVeEq/Ou4EbC1NsgPfRSvBnG88v0LyXUXgfnOGJfNJk/En9YGHkrD
wILONjT3/d4SSGHuqkOMmkGDRdjxGjzHMJAG2JZeI1mV8U1mZ6fAWlUjZV5Y4H7m
64IlkomiSX+4OXbtiqMaMRZUdIhNQTDR10Dx7oK9VzMaj/BPN90EkRc6bV6P/Xjx
oM1VTKnyhclUYbCm8br3ruEGcKWBC0bVzLbtCU8IiWOgPcLtWLq/obCwoUjFKkON
NNoXqRKCXekdocwpfOnqxGJzDs+tTYZPUts/k6/5FhpCHAkEp5JXlwZaS7q7mhsR
ohqo2yzhO4F3fd8ZhYoYe+9SRzaY1D8o6zAbAssq3Kxmqhb6XZZaLrgyUA4MbFu7
txzbKAabhb/EIapMqzOoZi+jRU9mhj0X8YBU3aciYLfta6ZRRyAiLIcjHq6arbcN
0rmLvE9q4dfRLqLHMtRssn+su4XGyj0nkHdrKtNQbjR0b32axJLv4S1mHXsZfpr9
yAeC8X1Y9LQZvlXcABuVpLI9QsOVmQvI+Qysp64G5haXTTvV1etd+c7D92MzXRxQ
07Vz/9ubPYNp4L9H2qjQ
=OhRg
-----END PGP SIGNATURE-----