21 lines
1.2 KiB
Markdown
21 lines
1.2 KiB
Markdown
### Wipe and create LUKS
|
|
The keyword being wipe because encryption over a preused partition does not prevent old data from leaking. Kindof scary though to fully wipe your data knowing fully well some subsequent step might ruin most of your baclup. "But I'm too much of a man for external backups...."
|
|
|
|
* Use fdisk to remove old partitions.
|
|
* Create unecrypted boot on `/dev/nvmen1p5`. (Use `mkfs.ext4`)
|
|
* Create empty partition on remaining space (`linux filesystem` in fdisk).
|
|
* Mount with `cryptsetup open --type plain -d /dev/urandom /dev/... to-be-wiped`
|
|
* `dd if=/dev/zero of=/dev/mapper/to-be-wiped bs=1M`
|
|
* `cryptsetup close to-be-wiped`
|
|
* `cryptsetup luksFormat /dev/nvme...` (creates luks with a bunch of useful defaults) prompts for passphrase (generate a strong one!)
|
|
* Now `cryptsetup open /dev/nvme...` system which creates `/dev/mapper/system`
|
|
* Finally `mount --mkdir /dev/mapper/system /mnt/system`
|
|
> The final mount will have to be reflected in the fstab and the previous step executed in the initramfs already.
|
|
|
|
### Create btrfs + subvolumes
|
|
`mkfs.btrfs /mnt/sys`
|
|
I then create 2 subvolumes
|
|
`btfs subvolume create @/` and `btrfs subvolume create @rhome`
|
|
|
|
### Continue onto [[Installation]]
|