dede/ykfde
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Add Arch Linux TOC

Browse Source
This commit is contained in:
Sandro Keil
2018-07-11 16:50:00 +02:00
parent 0c98911adc
commit 3abb6a9cfa
14 changed files with 168 additions and 4 deletions
Download Patch File Download Diff File Expand all files Collapse all files

3
.gitignore vendored Normal file
View File

@@ -0,0 +1,3 @@
/html
/composer.lock
/vendor

1
CHANGELOG.md Normal file
View File

@@ -0,0 +1 @@
# Changelog

30
README.md
View File

@@ -1,13 +1,14 @@
# YubiKey Full Disk Encryption # YubiKey Full Disk Encryption
This repository contains a step-by-step tutorial to create a full disk encryption setup with two factor [This repository](https://github.com/sandrokeil/yubikey-full-disk-encryption-secure-boot-uefi "YubiKey Full Disk Encryption Repository")
authentication (2FA) via [YubiKey](https://yubico.com/products/yubikey-hardware/). It contains: contains a step-by-step tutorial to create a full disk encryption setup with two factor authentication (2FA)
via [YubiKey](https://yubico.com/products/yubikey-hardware/). It contains:
- YubiKey encrypted root and home folder - YubiKey encrypted `root (/)` and `home (/home)` folder on separated partitions
- Encrypted `/boot` partition - Encrypted `/boot` partition
- UEFI Secure boot (self signed boot loader) - UEFI Secure boot (self signed boot loader)
Currently supported Linux: Currently guides for:
- Arch Linux - Arch Linux
@@ -15,3 +16,24 @@ Currently supported Linux:
It took me several days to figure out how to set up a fully encrypted machine with 2FA. This guide should help It took me several days to figure out how to set up a fully encrypted machine with 2FA. This guide should help
others to get it done in minutes (hopefully). There exists a plenty bunch of tutorials but no one contains a step-by-step others to get it done in minutes (hopefully). There exists a plenty bunch of tutorials but no one contains a step-by-step
guide to get the above things done. guide to get the above things done.
## Documentation
For the latest online documentation visit [http://sandrokeil.github.io/yubikey-full-disk-encryption-secure-boot-uefi/](http://sandrokeil.github.io/yubikey-full-disk-encryption-secure-boot-uefi/ "Latest yubikey-full-disk-encryption-secure-boot-uefi documentation").
Refer the *Quick Start* section for a detailed explanation.
Documentation is [in the book tree](book/), and can be compiled using [bookdown](http://bookdown.io) or [Docker](https://www.docker.com/)
```console
$ docker run -it --rm -v $(pwd):/app sandrokeil/bookdown book/bookdown.json
$ docker run -it --rm -p 8080:8080 -v $(pwd):/app php:7.1-cli php -S 0.0.0.0:8080 -t /app/doc/html
```
or run *bookdown*
```console
$ ./vendor/bin/bookdown book/bookdown.json
$ php -S 0.0.0.0:8080 -t book/html/
```
Then browse to [http://localhost:8080/](http://localhost:8080/)

28
book/arch/01-getting-started.md Normal file
View File

@@ -0,0 +1,28 @@
# Getting Started
For common stuff, the Arch Wiki is a good starting point. We need a bootable Arch Linux medium. Please take a look
at the Arch Installtion Guide [en](https://wiki.archlinux.org/index.php/installation_guide#Pre-installation "Download and boot the installation medium") / [de](https://wiki.archlinux.de/title/Anleitung_für_Einsteiger#Das_neueste_ISO-Abbild_beziehen "Das neueste ISO-Abbild beziehen").
Ok, you've create a bootable Arch Linux medium, now it's time to boot into the Arch Linux UEFI system.
German users should execute `loadkeys de` (QWERTZ keyboard layout) in the tty prompt first.
Let's install minimal packages to get started with our full disk encryption with YubiKey.
```
pacman -Sy yubikey-manager yubikey-personalization pcsc-tools libu2f-host make json-c cryptsetup
```
Now we must start the [smartcard service](https://wiki.archlinux.org/index.php/Smartcards "Smartcards")
```
systemctl start pcscd.service
```
and our connected YubiKey should be listed with
```
ykman list
```
That's it, now let's go over to the next chapter which describes how to prepare disks.

10
book/arch/02-prepare-disk.md Normal file
View File

@@ -0,0 +1,10 @@
# Prepare Disks
You have [different choices](https://wiki.archlinux.org/index.php/Dm-crypt/Encrypting_an_entire_system "dm-crypt/Encrypting an entire system") to setup encryption.
This chapter describes [LVM on LUKS with encrypted boot partition](https://wiki.archlinux.org/index.php/Dm-crypt/Encrypting_an_entire_system#Encrypted_boot_partition_.28GRUB.29 "Encrypted boot partition (GRUB)").
List your disks with `lsblk` and run `gdisk /dev/[your disk]` e.g. `gdisk /dev/nvme0n1`. You can take a look at the
`gdisk` Arch Wiki [en](https://wiki.archlinux.org/index.php/Fdisk#gdisk) / [de](https://wiki.archlinux.de/title/GPT#Partitionieren_mit_gdisk)
> It's crucial to use `gdisk` because GPT is needed for UEFI boot.

3
book/arch/03-prepare-yubikey.md Normal file
View File

@@ -0,0 +1,3 @@
# Prepare YubiKey
TBD

3
book/arch/04-prepare-volumes.md Normal file
View File

@@ -0,0 +1,3 @@
# Prepare Volumes
TBD

3
book/arch/05-install-arch.md Normal file
View File

@@ -0,0 +1,3 @@
# Install Arch Linux
TBD

3
book/arch/06-secure-boot.md Normal file
View File

@@ -0,0 +1,3 @@
# Setup secure boot
TBD

3
book/arch/07-yubikey-login.md Normal file
View File

@@ -0,0 +1,3 @@
# Enable YubiKey Login
TBD

3
book/arch/08-minimal-gnome.md Normal file
View File

@@ -0,0 +1,3 @@
# Install minimal GNOME desktop
TBD

28
book/arch/bookdown.json Normal file
View File

@@ -0,0 +1,28 @@
{
"title": "YubiKey full disk encryption Arch Linux guide",
"content": [
{"getting-started": "01-getting-started.md"},
{"prepare-disk": "02-prepare-disk.md"},
{"prepare-yubikey": "03-prepare-yubikey.md"},
{"prepare-volumes": "04-prepare-volumes.md"},
{"install-arch": "05-install-arch.md"},
{"secure-boot": "06-secure-boot.md"},
{"yubikey-login": "07-yubikey-login.md"},
{"minimal-gnome": "08-minimal-gnome.md"}
],
"theme": {
"toc": {
"collapsibleFromLevel": 1
}
},
"template": "bookdown/themes",
"tocDepth": 1,
"target": "./html",
"numbering": false,
"extensions": {
"commonmark": [
"Webuni\\CommonMark\\TableExtension\\TableExtension",
"Webuni\\CommonMark\\AttributesExtension\\AttributesExtension"
]
}
}

23
book/bookdown.json Normal file
View File

@@ -0,0 +1,23 @@
{
"title": "YubiKey full disk encryption guide",
"content": [
{"intro": "../README.md"},
{"changelog": "../CHANGELOG.md"},
{"arch-linux": "arch/bookdown.json"}
],
"theme": {
"toc": {
"collapsibleFromLevel": 1
}
},
"template": "bookdown/themes",
"tocDepth": 1,
"target": "../html",
"numbering": false,
"extensions": {
"commonmark": [
"Webuni\\CommonMark\\TableExtension\\TableExtension",
"Webuni\\CommonMark\\AttributesExtension\\AttributesExtension"
]
}
}

31
composer.json Normal file
View File

@@ -0,0 +1,31 @@
{
"name": "sandrokeil/yubikey-full-disk-encryption-secure-boot-uefi",
"description": "Tutorial to create full disk encryption with YubiKey, encrypted boot partition and secure boot with UEFI",
"type": "library",
"license": "BSD-3-Clause",
"homepage": "http://sandrokeil.github.io/yubikey-full-disk-encryption-secure-boot-uefi/",
"authors": [
{
"name": "Sandro Keil",
"email": "social@sandro-keil.de",
"homepage": "https://sandro-keil.de"
}
],
"keywords": [
"yubikey",
"full-disk-encryption",
"2fa",
"secure-boot",
"uefi",
"arch-linux",
"luks",
"lvm2"
],
"require": {
"bookdown/bookdown": "^1.1.0",
"webuni/commonmark-table-extension": "^0.6.1",
"webuni/commonmark-attributes-extension": "^0.5.0"
},
"minimum-stability": "dev",
"prefer-stable": true
}