Benjamin Loison Benjamin_Loison

0 Followers · 0 Following

• https://github.com/Benjamin-Loison

• Matrix: https://matrix.to/#/@benjamin_loison:matrix.org Discord: https://lemnoslife.com/discord_benjamin_loison

• Joined on 2022-10-16
• • 

Overview Repositories

65

Projects Packages Public Activity Starred Repositories

Benjamin_Loison commented on issue Benjamin_Loison/linux#58 2025-03-26 18:40:29 +01:00

How to enable full disk encryption after install?

update-initramfs -k all -c

Output:

update-initramfs: Generating /boot/initrd.img-6.1.0-29-amd64
update-initramfs: Generating /boot/initrd.img-6…

Benjamin_Loison commented on issue Benjamin_Loison/linux#58 2025-03-26 18:39:24 +01:00

How to enable full disk encryption after install?

/boot/grub/grub.cfg:

#
# DO NOT EDIT THIS FILE
#
# It is automatically generated by grub-mkconfig using templates
# from /etc/grub.d and…

Benjamin_Loison commented on issue Benjamin_Loison/linux#58 2025-03-26 18:37:28 +01:00

How to enable full disk encryption after install?

update-grub

Output:

Generating grub configuration file ...
Found background image: /usr/share/images/desktop-base/desktop-grub.png
Found…

Benjamin_Loison commented on issue Benjamin_Loison/linux#58 2025-03-26 18:36:45 +01:00

How to enable full disk encryption after install?

In another shell:

ls /boot/efi/

ls: cannot access '/boot/efi/': No such file or directory

[ -d /sys/firmware/efi ] && echo UEFI 

Benjamin_Loison commented on issue Benjamin_Loison/linux#58 2025-03-26 18:36:00 +01:00

How to enable full disk encryption after install?

grub-install

Output:

Installing for x86_64-efi platform.
grub-install: warning: EFI variables are not supported on this system..
Installation…

Benjamin_Loison commented on issue Benjamin_Loison/linux#58 2025-03-26 18:35:22 +01:00

How to enable full disk encryption after install?

Initial /etc/default/grub:

...
GRUB_DEFAULT=0
GRUB_TIMEOUT=5
GRUB_DISTRIBUTOR=`lsb_release -i -s 2> /dev/null 

Benjamin_Loison commented on issue Benjamin_Loison/linux#58 2025-03-26 18:34:33 +01:00

How to enable full disk encryption after install?

In /etc/default/grub, remove the existing reference to the root partition from GRUB_CMDLINE_LINUX

there was no such reference.

Benjamin_Loison commented on issue Benjamin_Loison/linux#58 2025-03-26 18:33:08 +01:00

How to enable full disk encryption after install?

/etc/fstab:

...
# <file system> <mount point>   <type>  <options>       <dump>  <pass>
# / was on /dev/vda2 during installation
UUID=8eb1534f-3…

Benjamin_Loison commented on issue Benjamin_Loison/linux#58 2025-03-26 18:31:29 +01:00

How to enable full disk encryption after install?

/etc/crypttab:

# ...
rootfs UUID=8eb1534f-39c0-4ded-907e-aee490cb2f3f /etc/luks/boot_os.keyfile luks,discard

should…

Benjamin_Loison commented on issue Benjamin_Loison/linux#58 2025-03-26 18:30:11 +01:00

How to enable full disk encryption after install?

cryptsetup luksAddKey /dev/vda2 /etc/luks/boot_os.keyfile

Enter any existing passphrase:

Benjamin_Loison commented on issue Benjamin_Loison/linux#58 2025-03-26 18:29:23 +01:00

How to enable full disk encryption after install?

Should investigate the permissions given.

Benjamin_Loison commented on issue Benjamin_Loison/linux#58 2025-03-26 18:29:04 +01:00

How to enable full disk encryption after install?

mkdir /etc/luks
dd if=/dev/urandom of=/etc/luks/boot_os.keyfile bs=4096 count=1

Output:

1+0 records in
1+0 records out
4096 bytes (4.1 kB,…

Benjamin_Loison commented on issue Benjamin_Loison/linux#58 2025-03-26 18:22:51 +01:00

How to enable full disk encryption after install?

With the current setup, the system would ask the encryption passphrase twice: once to access the second-stage GRUB boot loader and once again for the Linux kernel to access the encrypted root…

Benjamin_Loison commented on issue Benjamin_Loison/linux#58 2025-03-26 18:22:18 +01:00

How to enable full disk encryption after install?

user@debian:~$ sudo chroot /mnt
root@debian:/#

Benjamin_Loison commented on issue Benjamin_Loison/linux#58 2025-03-26 18:22:01 +01:00

How to enable full disk encryption after install?

Bash script:

sudo mount /dev/mapper/rootfs /mnt
sudo mount /dev/vda1 /mnt/boot/efi
sudo mount --bind /dev /mnt/dev
sudo mount --bind /dev/pts…

Benjamin_Loison commented on issue Benjamin_Loison/linux#58 2025-03-26 18:20:12 +01:00

How to enable full disk encryption after install?

mount /dev/mapper/rootfs /mnt

Output:

mount: /mnt: must be superuser to use mount.
       dmesg(1) may have more information after failed…

Benjamin_Loison commented on issue Benjamin_Loison/linux#58 2025-03-26 18:19:37 +01:00

How to enable full disk encryption after install?

sudo resize2fs /dev/mapper/rootfs

Output:

resize2fs 1.47.0 (5-Feb-2023)
Resizing the filesystem on /dev/mapper/rootfs to 4857344 (4k)…

Benjamin_Loison commented on issue Benjamin_Loison/linux#58 2025-03-26 18:19:08 +01:00

How to enable full disk encryption after install?

sudo cryptsetup open /dev/vda2 rootfs

Enter passphrase for /dev/vda2:

Benjamin_Loison commented on issue Benjamin_Loison/linux#58 2025-03-26 18:18:36 +01:00

How to enable full disk encryption after install?

sudo cryptsetup reencrypt /dev/vda2 --new --reduce-device-size 16M --type=luks1

Output:

Enter new passphrase: 
Verify passphrase: 
Finished,…

Benjamin_Loison commented on issue Benjamin_Loison/linux#58 2025-03-26 18:17:30 +01:00

How to enable full disk encryption after install?

cryptsetup reencrypt /dev/vda2 --new --reduce-device-size 16M --type=luks1

bash: cryptsetup: command not found

Should try without --type if it works fine.