You are not logged in.

Pages: 1

#1 2021-11-28 10:22:53

xreagan
Member
Registered: 2020-06-25
Posts: 1

How to do Encrypted boot using GRUB

My setup: HP Omen laptop with Win 10 on a 128G SSD, 188G partition of a 1TB HDD for Linux. Have rEFInd on the SSD for dualbooting.

My goal is to have an encrypted linux installed on the laptop. I came across the encrypted boot Arch wiki page and want to preferably have a encrypted boot setup. If that is to complex, encrypt just the root using LVM on LUKS.

Progress: Encrypted the 188G with LUKS and created swap, / and /home logical volumes, formatted and mounted them as described. There is already an ~700MB EFI partition within the 1TB HDD for Linux GRUB.

Where I am stuck: I am not entirely sure at what step I need to do the OS installation. My assumption from the wiki and others was it needs to be done in between preparing the logical volume and configuring mkinitcpio and GRUB.
So I tried to install Arch based ISO like EndeavourOS, Archcraft to make the initial setup easy on myself. Opened the LUKS partition on command line and proceeded on calamares to specify the swap, /, /home in the LVM volume group and /boot/efi on sda2. Every install has been failing usually saying the FS ran out of space.

I have no understanding of the configuring GRUB process but my assumption is it needs to come after an OS is installed because I previously went to grub-install step without an OS and ran into 

$ sudo grub-install --target=x86_64-efi --efi-directory=/efi --bootloader-id=GRUB --recheck
Installing for x86_64-efi platform.
grub-install: error: failed to get canonical path of `airootfs'.

and on searching I got it needs to be done from an installed OS? This is why I am trying to install before proceeding.

Other than a brief period with Manjaro I am pretty new to Arch and so have tried to find beginner friendly OS installation with encrypted boot partition but could find nothing.
If not advisable I would like to just follow the LVM on LUKS setup process on the same wiki page. But I run into the same problem of when exactly to install the OS and proceed with GRUB and other setup since the wiki doesn't explicitly specify that.

If you think this is too much for beginner and there is an Arch based distro that does encrypted installation via the installer (like Ubuntu does?) that would be fine for now too. Although I am not sure if Ubuntu encrypts /boot or just does LVM on LUKS, it was a simple process of selecting a partition and setting the passphrase.

I searched the forum with 'luks encrypted boot' but couldn't find any relevant post so am making one. I would reformat the post in case this is too mumbled up. All help or direction on how to proceed here is greatly appreciated. Thanks in advance.

Offline

#2 2021-11-28 16:24:21

Slithery
Administrator
From: Norfolk, UK
Registered: 2013-12-01
Posts: 5,776

Re: How to do Encrypted boot using GRUB

xreagan wrote:

So I tried to install Arch based ISO like EndeavourOS, Archcraft to make the initial setup easy on myself.

You're not going to get any help with that here, you need to install actual Arch following the instructions in the wiki just like the rules you agreed to when signing up stated.

Forum Rules wrote:

These forums are for Arch Linux x86_64 ONLY.

Not Antegros, or Apricity, or Manjaro, or any of the "easy Arch installers", nor Arch-ARM; nothing other than vanilla 64-bit Arch Linux. Ask those communities for support.
If you have installed Arch, please read the rules before posting. README: Forum Rules.

No, it didn't "fix" anything. It just shifted the brokeness one space to the right. - jasonwryan
Closing -- for deletion; Banning -- for muppetry. - jasonwryan

aur - dotfiles

Offline

Pages: 1

Board footer

Powered by FluxBB