diff --git a/docs/alpine-server-setup/home.md b/docs/alpine-server-setup/home.md new file mode 100644 index 0000000..a249c91 --- /dev/null +++ b/docs/alpine-server-setup/home.md @@ -0,0 +1 @@ +# A Alpine Linux installation \ No newline at end of file diff --git a/docs/void-desktop-setup/installation/installation-with-lvm.md b/docs/void-desktop-setup/installation/installation-with-lvm.md index 2a0f636..82c6178 100644 --- a/docs/void-desktop-setup/installation/installation-with-lvm.md +++ b/docs/void-desktop-setup/installation/installation-with-lvm.md @@ -113,7 +113,7 @@ The `uuid` is needed again and can be obtained by: Now edit `/boot/loader/void-options.conf` and insert: ``` -rw rd.luks.name==root root=/dev/disk/by-label/root quiet splash apparmor=1 security=apparmor loglevel=1 rd.lvm.vg=lv0 +rw rd.luks.name==root root=/dev/disk/by-label/root quiet splash apparmor=1 security=apparmor loglevel=1 rd.shell=0 rd.emergency=reboot rd.lvm.vg=lv0 ``` To obtain a boot menu. A timeout may be added to `/boot/loader/loader.conf`. diff --git a/docs/void-desktop-setup/installation/installation.md b/docs/void-desktop-setup/installation/installation.md index 299da5f..65fe9d3 100644 --- a/docs/void-desktop-setup/installation/installation.md +++ b/docs/void-desktop-setup/installation/installation.md @@ -111,7 +111,7 @@ The `uuid` is needed again and can be obtained by: Now edit `/boot/loader/void-options.conf` and insert: ``` -rw rd.luks.name==root root=/dev/mapper/root quiet splash apparmor=1 security=apparmor loglevel=1 +rw rd.luks.name==root root=/dev/mapper/root quiet splash apparmor=1 security=apparmor loglevel=1 rd.shell=0 rd.emergency=reboot ``` To obtain a boot menu. A timeout may be added to `/boot/loader/loader.conf`. diff --git a/docs/void-desktop-setup/post-installation/automatic-decryption.md b/docs/void-desktop-setup/post-installation/automatic-decryption.md index cdabb7b..6579034 100644 --- a/docs/void-desktop-setup/post-installation/automatic-decryption.md +++ b/docs/void-desktop-setup/post-installation/automatic-decryption.md @@ -1,52 +1,13 @@ -# Automatic decryption *(unfinished)* +# Automatic decryption -Using Clevis it's possible to automatically decrypt the system upon startup. But because we haven't been able to figure out how to create a functional template file for that we'll have to compile it ourselves. Note that you must use the `booster` initramfs. (A lot more information about the possibilities from clevis can be found on the [ArchWiki](https://wiki.archlinux.org/title/Clevis)) +Using Clevis it's possible to automatically decrypt the system upon startup. Note that you must use the `booster` initramfs which should be installed if you followed this guide. (A lot more information about the possibilities from Clevis can be found on the [ArchWiki](https://wiki.archlinux.org/title/Clevis)) -## Installing José +## Installation -First we have to compile [José](https://github.com/latchset/jose), a "C-language implementation of Javascript Object Signing and Encryption". José is a dependency of Clevis. -First install the dependencies needed to compile josé. +Installing clevis is straightforward: ``` -# xbps-install -Sy pkg-config zlib-devel jansson-devel openssl-devel jq-devel gcc meson ninja asciidoc -``` - -After that we have to obtain the source of José: - -``` -$ xbps-fetch https://github.com/latchset/jose/archive/refs/tags/v11.tar.gz -``` - -Unpack the Tar and go into the directory and follow the rest of these instructions: - -``` -$ mkdir build && cd build -$ meson .. --prefix=/usr -$ ninja -# ninja install -``` - -## Installing Clevis - -After having installed José install the other dependencies. - -``` -# xbps-install -Sy luksmeta cryptsetup-devel tpm2-tools libpwquality-devel -(probably missing a few) -``` - -Then clone the source code into a directory - -``` -$ xbps-fetch https://github.com/latchset/clevis/archive/refs/tags/v19.tar.gz -``` - -After unpacking and going into the directory follow the rest of these instructions: - -``` -$ meson build -$ ninja -C build -# ninja -C build install +# xbps-install -Sy clevis ``` ## Acquiring automatic decryption @@ -59,3 +20,15 @@ To bind our LUKS volume to TPM with clevis simply enter this command: ``` This will bind the partition with TPM2 and Secureboot and now the root partition can be unencrypted on startup automatically. + +If any changes have been made to the Bios or Secureboot and Clevis doesn't automatically decrypt the disk again. Clevis will have to be envoked again. + +``` +# clevis luks regen -d /dev/disk/by-label/luks -s +``` + +The keyslot can be found with: + +``` +# cryptsetup luksDump /dev/disk/by-label/luks +``` diff --git a/docs/void-desktop-setup/post-installation/linux-lts.md b/docs/void-desktop-setup/post-installation/linux-lts.md index 571c064..b4a966c 100644 --- a/docs/void-desktop-setup/post-installation/linux-lts.md +++ b/docs/void-desktop-setup/post-installation/linux-lts.md @@ -6,7 +6,7 @@ It might be desirable to install an LTS kernel for better stability. This can be # xbps-install -Sy linux-lts linux-lts-headers ``` -To uninstall the non-lts kernel, ignore the package through `/etc/xbps.d/xbps.conf` by adding: +To uninstall the non-lts kernel, ignore the package by creating `/etc/xbps.d/nolinux.conf` and inserting: ``` ignorepkg=linux diff --git a/docs/void-desktop-setup/post-installation/users.md b/docs/void-desktop-setup/post-installation/users.md index 9891456..81558d6 100644 --- a/docs/void-desktop-setup/post-installation/users.md +++ b/docs/void-desktop-setup/post-installation/users.md @@ -18,8 +18,7 @@ The user may be added to certain groups, to give it some rights. # usermod -aG wheel,audio,video,kvm,tty,input,storage ``` -The package `sudo` that is present in the `base-system` package will be removed. Since, it is bloatware. To persist this. That is sudo will not be installed ever again on the system. Edit `/etc/xbps.d/xbps.conf` and insert: - +The package `sudo` that is present in the `base-system` package will be removed. Since, it is bloatware. To persist this. That is sudo will not be installed ever again on the system. Create `/etc/xbps.d/nosudo.conf` and insert: ``` ignorepkg=sudo