![]() ![]() # cryptsetup luksFormat -type luks2 -cipher camellia-xts-plain64 -key-size 512 -iter-time 2000 -pbkdf argon2id -hash sha512 /dev/sda2 Lot of people will use the default values of cryptsetup but for a more secure setup I used camellia for ciphering rather than the NIST validated (understand NSA compliant) AES algorithm, the much stronger and newer password-based key derivation function argon2 rather than the default pbkdf2, and the SHA-2 sha512 instead of the default sha256 because SHA-3 keccak or finalist blake2 are not available here.Ĭryptsetup benchmark won't show you those and sometimes even /proc/crypto will not show you camellia for example (even if it is available). N # create a new partition (LVM for later LUKS encrypted container)ģ0 or 31 depending on your architecture # partition type: Linux LVMĭon't forget to check the drive preparation. N # create a new partition (EFI system partition) So we will have two partitions: one ESP and one partition that will host the LUKS container. UEFI is enabled, so I will use a GPT partition type and an EFI system partition (ESP). Now we will use dm-crypt to encrypt an entire system with LVM on LUKS on only one disk. Identify the block device associated to disks with lsblk or fdisk -l. If you're not confident with those steps check the ArchWiki. So you can download the ArchLinux iso, verify its signature, boot the live environment, set the keyboard layout, verify the boot mode, connect to the internet, update the system clock. Pre-installation # First basic steps #įor those first steps, I think you are a big boy enough to do them alone. ![]() First of all, this tutorial doesn't prevent you from following the ArchWiki - Installation guide, it is not standalone. ![]()
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |