#Cifrar archivos, como última opción: consejos para no perder #información valiosa
#Cifrar archivos, como última opción: consejos para no perder #información valiosa
crypttab not copied to initrd #boot #systeminstallation #encryption #luks #initramfs
I just installed Arch manually, but now it fails to boot. It only asks to unlock nvme1n1p1, but not the root, leading to a "failed to find root" error.
fstab seems correct. I suspect the issue is in crypttab.
Does anyone know a good blog post or guide to set it up correctly? I feel like I’m close to solving this.
#ArchLinux #Btrfs #LVM #LUKS #Linux
1/2
#TIL that whilst having a too-long-running #Linux machine with #LUKS #FDE already unlocked, but where I've /maybe/ forgotten the passphrase (so won't be able to boot it successfully), it's possible to check if I've remembered the passphrase correctly with:
# cryptsetup open --verbose --test-passphrase DEV
Enter passphrase for DEV:
Key slot 0 unlocked.
Command successful.
Mein Backup der wichtigsten Sachen habe ich immer dabei – auf einem USB-Stick am Schlüsselbund. Der ist natürlich verschlüsselt, damit im schlimmsten Fall die Daten nicht in falsche Hände geraten. Hier mal ein sehr einfacher Weg, einen Stick oder eine externe SSD/Festplatte unter #Linux zu verschlüsseln:
Single password for disk encryption and login #encryption #desktopenvironments #luks
Nach vielen Stunden habe ich endlich eine #debian Installation mit #btrfs und #luks hinbekommen, nun ist das wlan deaktiviert und ich bekomme es nicht an. Was für eine shit show!
Eigentlich hatte ich auf eine #hyprland Installation gehofft, wo das plugin system funktioniert - im Gegensatz zu #opensuse ..
Okay, this is hella weird…
For quite some time now my Plymouth boot splash has not been showing text prompts when asking for my LUKS passphrase ("Please enter passphrase for device …"). Just the box to type it into.
I've been looking into this again and turns out apparently Plymouth doesn't know which font to choose for the prompt so it just shows… nothing?
I checked and sure enough, the font the Plymouth theme requests is in the initramfs with a generic file name. Logs show me that it's looking for fc-match
, which isn't in the initramfs.
Checking with the downstream Arch issue tracker and upstream, a bug was fixed that prevented display of messages because some assumptions about fc-match
were false and the fallback should work again.
Except it doesn't for me and I can't figure out what the issue is.
So, checking Arch Wiki again, it says that I can tell Plymouth to use SimpleDRM and… now the prompt is back?! Even if I include fc-match
in the initramfs it won't work.
And the boot splash is now 5x as large.
I'm so confused…
New post https://jrfern.codeberg.page/2025/02/02/luks_en_pmos.html (Encrypting a partition in postmarketOS with systemd) #postmarketos #luks #systemd
@platymew An alternative is to use passphrase files or TPM key storage for LUKS autounlocking during boot, then give ZFS the mapped/opened LUKS devices as underlying pool storage. Depending on your use case, this may be perfectly sufficient. For example, it allows for easy rapid decommissioning of drives.
For the general question of whether ZFS can operate on top of LUKS, the simple answer IMO is an unqualified yes. The complexity shows up in secure unlocking.
In one of your recent stream VODs, @tomlawrence, someone asked, whether they could run #ZFS on #LUKS - i can answer that; YES*, with an *asterisk.
I did this for quite some time, until i've decided that it's rather inconvenient to type in my password on every reboot. Now, i'm running LUKS on ZVOLs, in #Ubuntu / #qemu / #libvirt.
It's a small home server, and i need a few "privacy insensitive" VMs to auto-start after power-fail.
All one needs is a block dev, zpool create, done!
"What makes this attack particularly concerning is its practicality in real-world scenarios. Unlike previous attacks against full-disk encryption requiring precise file location knowledge, CrashXTS succeeds through controlled randomization of encrypted data."
Benutzt die #Verschlüsselung unter #Linux nicht auch #XTS?
#AES #LUKS
https://www.cyberkendra.com/2025/01/microsoft-patches-critical-bitlocker.html
Sous Solus, si vous saisissez votre mot de passe LUKS en AZERTY lors de l'installation, au premier démarrage, le clavier sera en QWERTY pour le déverrouillage !
@x_cli Si tu utilises LUKS avec Clevis (TPM2) sur FCOS et que tu dois effacer le volume, c'est probablement dû à l'option wipe_volume: true par défaut. Ça empêche de garder les données entre les installs. Pour éviter ça, configure LUKS manuellement sans cette directive et assure-toi que Clevis ajoute une nouvelle keyslot sans écraser l'existant.
How to replace a disk in a RAID5 which is also encrypted by LUKS? #encryption #raid #luks #mdadm