Hi I just installed a new installation via graphical installation using guided lvm encryption, I noticed when I boot into another live disto that my boot partition is viewable in other distros , I'm wondering if there is a detailed guide on encrypting my boot partition. I had previously done it in the past on my ssd but I do not recall which guide I used.
I want my boot partition encrypted so when I'm using another live distro that it can't be compromised or edited in anyway as it is not secure as it appears to auto mount when I load other distributions. Any help would be appreciated. Is there a way to graphically do it ?
Scheduled Maintenance: We are aware of an issue with Google, AOL, and Yahoo services as email providers which are blocking new registrations. We are trying to fix the issue and we have several internal and external support tickets in process to resolve the issue. Please see: viewtopic.php?t=158230
Encrypt boot partition ?
-
Head_on_a_Stick
- Posts: 14114
- Joined: 2014-06-01 17:46
- Location: London, England
- Has thanked: 81 times
- Been thanked: 133 times
-
Defaultusername123
- Posts: 7
- Joined: 2020-12-27 20:53
Re: Encrypt boot partition ?
Quote -
"[quote][/quote]I was able to get encrypted /boot working by partitioning (ESP
partition, crypt partition ( LVM ( root, home, swap ) ) ). When the
grub install failed, switch to "execute shell", and:
$ cd /target/etc/default
$ echo 'GRUB_ENABLE_CRYPTODISK=y' >> grub
$ exit
Then re-execute the grub install. Install completed. Got EFI password
prompt, grub, kernel password prompt, 'login:'.
Would that be
LVM ( root, home, swap on a single lvm partition or all separate partitions ??
"[quote][/quote]I was able to get encrypted /boot working by partitioning (ESP
partition, crypt partition ( LVM ( root, home, swap ) ) ). When the
grub install failed, switch to "execute shell", and:
$ cd /target/etc/default
$ echo 'GRUB_ENABLE_CRYPTODISK=y' >> grub
$ exit
Then re-execute the grub install. Install completed. Got EFI password
prompt, grub, kernel password prompt, 'login:'.
Would that be
LVM ( root, home, swap on a single lvm partition or all separate partitions ??
-
Defaultusername123
- Posts: 7
- Joined: 2020-12-27 20:53
Re: Encrypt boot partition ?
I found a way to do it but it keeps the boot partition separated on a external USB , how can I have it all in one with boot partition encrypted ? Surly it can be done by default doesn't make sense to have a operating system that can be secure by default eh ?
-
Defaultusername123
- Posts: 7
- Joined: 2020-12-27 20:53
Re: Encrypt boot partition ?
[img]https://ibb.co/HHf6vJc[img/][*]
https://ibb.co/HHf6vJc
I get this error when I try install how do I fix
https://ibb.co/HHf6vJc
I get this error when I try install how do I fix
-
Defaultusername123
- Posts: 7
- Joined: 2020-12-27 20:53
Re: Encrypt boot partition ?
https://www.meebey.net/posts/secure_usb ... th_debian/
I did the above method and got it working to boot the boot partition off USB although it made the whole ex4 partition the root partition
And I didn't have access to root or sudo as I wasn't on the sudoers.config list, couldn't edit as I don't have permission I dropped into a recovery shell and used the supplyed root password but still didn't work. Does anyone know the difference between the graphical installer and the installer on the live boot screen vs the installer after having first booted Into live mode and installing from the desktop "calamares"/ installer.
I did the above method and got it working to boot the boot partition off USB although it made the whole ex4 partition the root partition
And I didn't have access to root or sudo as I wasn't on the sudoers.config list, couldn't edit as I don't have permission I dropped into a recovery shell and used the supplyed root password but still didn't work. Does anyone know the difference between the graphical installer and the installer on the live boot screen vs the installer after having first booted Into live mode and installing from the desktop "calamares"/ installer.
-
Head_on_a_Stick
- Posts: 14114
- Joined: 2014-06-01 17:46
- Location: London, England
- Has thanked: 81 times
- Been thanked: 133 times
Re: Encrypt boot partition ?
Yes. A separate /boot partition is not needed at all. The only partition required outside the LVM setup is the EFI system partition (for /boot/efi).Defaultusername123 wrote:Would that be
LVM ( root, home, swap on a single lvm partition
deadbang