Encrypt boot partition ?

Help with issues regarding installation of Debian

Encrypt boot partition ?

Postby Defaultusername123 » 2020-12-27 21:00

Hi I just installed a new installation via graphical installation using guided lvm encryption, I noticed when I boot into another live disto that my boot partition is viewable in other distros , I'm wondering if there is a detailed guide on encrypting my boot partition. I had previously done it in the past on my ssd but I do not recall which guide I used.

I want my boot partition encrypted so when I'm using another live distro that it can't be compromised or edited in anyway as it is not secure as it appears to auto mount when I load other distributions. Any help would be appreciated. Is there a way to graphically do it ?
Defaultusername123
 
Posts: 7
Joined: 2020-12-27 20:53

Re: Encrypt boot partition ?

Postby Head_on_a_Stick » 2020-12-27 21:31

Black Lives Matter

Debian buster-backports ISO image: for new hardware support
User avatar
Head_on_a_Stick
 
Posts: 13041
Joined: 2014-06-01 17:46
Location: /dev/chair

Re: Encrypt boot partition ?

Postby Defaultusername123 » 2020-12-27 22:25

Quote -

"[quote][/quote]I was able to get encrypted /boot working by partitioning (ESP
partition, crypt partition ( LVM ( root, home, swap ) ) ). When the
grub install failed, switch to "execute shell", and:

$ cd /target/etc/default

$ echo 'GRUB_ENABLE_CRYPTODISK=y' >> grub

$ exit

Then re-execute the grub install. Install completed. Got EFI password
prompt, grub, kernel password prompt, 'login:'.

Would that be
LVM ( root, home, swap on a single lvm partition or all separate partitions ??
Defaultusername123
 
Posts: 7
Joined: 2020-12-27 20:53

Re: Encrypt boot partition ?

Postby Defaultusername123 » 2020-12-27 23:48

I found a way to do it but it keeps the boot partition separated on a external USB , how can I have it all in one with boot partition encrypted ? Surly it can be done by default doesn't make sense to have a operating system that can be secure by default eh ?
Defaultusername123
 
Posts: 7
Joined: 2020-12-27 20:53

Re: Encrypt boot partition ?

Postby Defaultusername123 » 2020-12-28 02:27

[img]https://ibb.co/HHf6vJc[img/][*]

https://ibb.co/HHf6vJc

I get this error when I try install how do I fix
Defaultusername123
 
Posts: 7
Joined: 2020-12-27 20:53

Re: Encrypt boot partition ?

Postby Defaultusername123 » 2020-12-28 03:19

https://www.meebey.net/posts/secure_usb ... th_debian/

I did the above method and got it working to boot the boot partition off USB although it made the whole ex4 partition the root partition
And I didn't have access to root or sudo as I wasn't on the sudoers.config list, couldn't edit as I don't have permission I dropped into a recovery shell and used the supplyed root password but still didn't work. Does anyone know the difference between the graphical installer and the installer on the live boot screen vs the installer after having first booted Into live mode and installing from the desktop "calamares"/ installer.
Defaultusername123
 
Posts: 7
Joined: 2020-12-27 20:53

Re: Encrypt boot partition ?

Postby Head_on_a_Stick » 2020-12-28 10:31

Defaultusername123 wrote:Would that be
LVM ( root, home, swap on a single lvm partition

Yes. A separate /boot partition is not needed at all. The only partition required outside the LVM setup is the EFI system partition (for /boot/efi).
Black Lives Matter

Debian buster-backports ISO image: for new hardware support
User avatar
Head_on_a_Stick
 
Posts: 13041
Joined: 2014-06-01 17:46
Location: /dev/chair


Return to Installation

Who is online

Users browsing this forum: No registered users and 14 guests

fashionable