1

Topic: full disk encryption guide libreboot

Is there any updates on this guide? how to do it, etc,

HyperbolaBSD: The Future of Secure Libre Lightweight Operating Systems!

2

Re: full disk encryption guide libreboot

zapper wrote:

Is there any updates on this guide? how to do it, etc,

It still under development, I let you know when it's ready.

3 (edited by zapper 2017-10-24 20:43:22)

Re: full disk encryption guide libreboot

Emulatorman wrote:
zapper wrote:

Is there any updates on this guide? how to do it, etc,

It still under development, I let you know when it's ready.

thank you. I should also mention, that openrc isn't fully ingrained into the new 0.2 isos.  not sure why...

oh that reminds me, that guide may be outdated, so probably good to test that if you can...

HyperbolaBSD: The Future of Secure Libre Lightweight Operating Systems!

4 (edited by aether 2017-11-25 11:57:11)

Re: full disk encryption guide libreboot

For those interested, this guide is working : https://wiki.parabola.nu/Installing_Par … ing_/boot)

You only need to adapt some parts for OpenRC. Here is what I needed to adapt (in comparison to Parabola / systemd)
Fully working FDE !

On live iso, start the following services :

rc-service lvm start
rc-service dmcrypt start

To set the hostname :

nano /etc/conf.d/hostname

Replace value

To set the keymap :

nano /etc/conf.d/keymaps

Replace value

To set an user and add necessary groups to it :

useradd -m -g users -G wheel,audio,network,video,optical,storage,disk,sys -c your_username -s /bin/bash your_username && passwd your_username

To avoid issues with keyboard layout when using X :

-> Create a 20-keyboard.conf

nano /etc/X11/xorg.conf.d/20-keyboard.conf

Section "InputClass"
    Identifier "keyboard"
    MatchIsKeyboard "on"
    Option "XkbLayout" "fr" # example "fr", adapt to your language
    Option "XkbModel" "pc105" # adapt as necessary
EndSection

To set the DM :

nano /etc/conf.d/xdm

Example with gdm, replace the value to match the DM you wish to use (lightdm, slim..)

DISPLAYMANAGER="gdm"

And finally, don't forget to enable the needed services before exiting chroot (some are maybe optional for you)

rc-update add lvm boot
rc-update add dmcrypt boot
rc-update add mdraid boot
rc-update add cronie default
rc-update add elogind default
rc-update add alsasound default
rc-update add sshd default
rc-update add NetworkManager default
rc-update add syslog-ng default
rc-update add avahi-daemon default
rc-update add avahi-dnsconfd default
rc-update add cupsd default
rc-update add ntpd default
rc-update add udev default
rc-update add dhcpcd default
rc-update add dbus default
rc-update add xdm default
rc-update add fuse default
rc-update add lm_sensors default
rc-update add acpid default
rc-update add libvirtd default

5

Re: full disk encryption guide libreboot

aether wrote:

To set the DM :

nano /etc/conf.d/xdm

Example with gdm, replace the value to match the DM you wish to use (lightdm, slim..)

DISPLAYMANAGER="gdm"

Now, it is not needed anymore, since i've created the init scripts for our all DM apps from scratch, so you can enable the service directly, eg:

# rc-update add gdm default

6

Re: full disk encryption guide libreboot

Emulatorman wrote:
aether wrote:

To set the DM :

nano /etc/conf.d/xdm

Example with gdm, replace the value to match the DM you wish to use (lightdm, slim..)

DISPLAYMANAGER="gdm"

Now, it is not needed anymore, since i've created the init scripts for our all DM apps from scratch, so you can enable the service directly, eg:

# rc-update add gdm default

Btw, recently i've pushed our encrypted installation guide which is based on Libreboot documentation. smile

7

Re: full disk encryption guide libreboot

Emulatorman wrote:

Now, it is not needed anymore, since i've created the init scripts for our all DM apps from scratch, so you can enable the service directly, eg:

# rc-update add gdm default

Awesome, it works great ! (using lightdm)

8

Re: full disk encryption guide libreboot

aether wrote:

For those interested, this guide is working : https://wiki.parabola.nu/Installing_Par … ing_/boot)

You only need to adapt some parts for OpenRC. Here is what I needed to adapt (in comparison to Parabola / systemd)
Fully working FDE !

On live iso, start the following services :

rc-service lvm start
rc-service dmcrypt start

To set the hostname :

nano /etc/conf.d/hostname

Replace value

To set the keymap :

nano /etc/conf.d/keymaps

Replace value

To set an user and add necessary groups to it :

useradd -m -g users -G wheel,audio,network,video,optical,storage,disk,sys -c your_username -s /bin/bash your_username && passwd your_username

To avoid issues with keyboard layout when using X :

-> Create a 20-keyboard.conf

nano /etc/X11/xorg.conf.d/20-keyboard.conf

Section "InputClass"
    Identifier "keyboard"
    MatchIsKeyboard "on"
    Option "XkbLayout" "fr" # example "fr", adapt to your language
    Option "XkbModel" "pc105" # adapt as necessary
EndSection

To set the DM :

nano /etc/conf.d/xdm

Example with gdm, replace the value to match the DM you wish to use (lightdm, slim..)

DISPLAYMANAGER="gdm"

And finally, don't forget to enable the needed services before exiting chroot (some are maybe optional for you)

rc-update add lvm boot
rc-update add dmcrypt boot
rc-update add mdraid boot
rc-update add cronie default
rc-update add elogind default
rc-update add alsasound default
rc-update add sshd default
rc-update add NetworkManager default
rc-update add syslog-ng default
rc-update add avahi-daemon default
rc-update add avahi-dnsconfd default
rc-update add cupsd default
rc-update add ntpd default
rc-update add udev default
rc-update add dhcpcd default
rc-update add dbus default
rc-update add xdm default
rc-update add fuse default
rc-update add lm_sensors default
rc-update add acpid default
rc-update add libvirtd default

This combined with emulatorman's guide helped enormously. So thank you!

The only thing I didn't get working yet is the vlc sound. Doesn't seem to open at the moment.

But, wifi works and so does usb mass storage now. smile

HyperbolaBSD: The Future of Secure Libre Lightweight Operating Systems!

9 (edited by zapper 2017-12-03 15:15:23)

Re: full disk encryption guide libreboot

Emulatorman wrote:
Emulatorman wrote:
aether wrote:

To set the DM :

nano /etc/conf.d/xdm

Example with gdm, replace the value to match the DM you wish to use (lightdm, slim..)

DISPLAYMANAGER="gdm"

Now, it is not needed anymore, since i've created the init scripts for our all DM apps from scratch, so you can enable the service directly, eg:

# rc-update add gdm default

Btw, recently i've pushed our encrypted installation guide which is based on Libreboot documentation. smile

Please add #4 of this thread's message to the guide after you install


rc-update add lvm boot
rc-update add dmcrypt boot
rc-update add mdraid boot
rc-update add cronie default
rc-update add elogind default
rc-update add alsasound default
rc-update add sshd default
rc-update add NetworkManager default
rc-update add syslog-ng default
rc-update add avahi-daemon default
rc-update add avahi-dnsconfd default
rc-update add cupsd default
rc-update add ntpd default
rc-update add udev default
rc-update add dhcpcd default
rc-update add dbus default
rc-update add xdm default
rc-update add fuse default
rc-update add lm_sensors default
rc-update add acpid default
rc-update add libvirtd default 

that aka...

helped me a ton I can tell you. smile

HyperbolaBSD: The Future of Secure Libre Lightweight Operating Systems!