Add Arch Linux TOC

2018-07-11 16:50:00 +02:00
parent 0c98911adc
commit 3abb6a9cfa
14 changed files with 168 additions and 4 deletions
--- a/.gitignore
+++ b/.gitignore
@@ -0,0 +1,3 @@
+/html
+/composer.lock
+/vendor
--- a/CHANGELOG.md
+++ b/CHANGELOG.md
@@ -0,0 +1 @@
+# Changelog
--- a/README.md
+++ b/README.md
@@ -1,13 +1,14 @@
 # YubiKey Full Disk Encryption

-This repository contains a step-by-step tutorial to create a full disk encryption setup with two factor 
-authentication (2FA) via [YubiKey](https://yubico.com/products/yubikey-hardware/). It contains:
+[This repository](https://github.com/sandrokeil/yubikey-full-disk-encryption-secure-boot-uefi "YubiKey Full Disk Encryption Repository") 
+contains a step-by-step tutorial to create a full disk encryption setup with two factor authentication (2FA) 
+via [YubiKey](https://yubico.com/products/yubikey-hardware/). It contains:

- YubiKey encrypted root and home folder
+- YubiKey encrypted `root (/)` and `home (/home)` folder on separated partitions
 - Encrypted `/boot` partition
 - UEFI Secure boot (self signed boot loader)

-Currently supported Linux:
+Currently guides for:

 - Arch Linux 

@@ -15,3 +16,24 @@ Currently supported Linux:
 It took me several days to figure out how to set up a fully encrypted machine with 2FA. This guide should help
 others to get it done in minutes (hopefully). There exists a plenty bunch of tutorials but no one contains a step-by-step 
 guide to get the above things done.
+
+## Documentation
+
+For the latest online documentation visit [http://sandrokeil.github.io/yubikey-full-disk-encryption-secure-boot-uefi/](http://sandrokeil.github.io/yubikey-full-disk-encryption-secure-boot-uefi/ "Latest yubikey-full-disk-encryption-secure-boot-uefi documentation").
+Refer the *Quick Start* section for a detailed explanation. 
+
+Documentation is [in the book tree](book/), and can be compiled using [bookdown](http://bookdown.io) or [Docker](https://www.docker.com/)
+
+```console
+$ docker run -it --rm -v $(pwd):/app sandrokeil/bookdown book/bookdown.json
+$ docker run -it --rm -p 8080:8080 -v $(pwd):/app php:7.1-cli php -S 0.0.0.0:8080 -t /app/doc/html
+```
+
+or run *bookdown*
+
+```console
+$ ./vendor/bin/bookdown book/bookdown.json
+$ php -S 0.0.0.0:8080 -t book/html/
+```
+
+Then browse to [http://localhost:8080/](http://localhost:8080/)
--- a/book/arch/01-getting-started.md
+++ b/book/arch/01-getting-started.md
@@ -0,0 +1,28 @@
+# Getting Started
+
+For common stuff, the Arch Wiki is a good starting point. We need a bootable Arch Linux medium. Please take a look
+at the Arch Installtion Guide [en](https://wiki.archlinux.org/index.php/installation_guide#Pre-installation "Download and boot the installation medium") / [de](https://wiki.archlinux.de/title/Anleitung_für_Einsteiger#Das_neueste_ISO-Abbild_beziehen "Das neueste ISO-Abbild beziehen"). 
+
+Ok, you've create a bootable Arch Linux medium, now it's time to boot into the Arch Linux UEFI system.
+
+German users should execute `loadkeys de` (QWERTZ keyboard layout) in the tty prompt first.
+
+Let's install minimal packages to get started with our full disk encryption with YubiKey.
+
+```
+pacman -Sy yubikey-manager yubikey-personalization pcsc-tools libu2f-host make json-c cryptsetup
+```
+
+Now we must start the [smartcard service](https://wiki.archlinux.org/index.php/Smartcards "Smartcards")
+
+```
+systemctl start pcscd.service
+```
+
+and our connected YubiKey should be listed with
+
+```
+ykman list
+```
+
+That's it, now let's go over to the next chapter which describes how to prepare disks.
--- a/book/arch/02-prepare-disk.md
+++ b/book/arch/02-prepare-disk.md
@@ -0,0 +1,10 @@
+# Prepare Disks
+
+You have [different choices](https://wiki.archlinux.org/index.php/Dm-crypt/Encrypting_an_entire_system "dm-crypt/Encrypting an entire system") to setup encryption.
+This chapter describes [LVM on LUKS with encrypted boot partition](https://wiki.archlinux.org/index.php/Dm-crypt/Encrypting_an_entire_system#Encrypted_boot_partition_.28GRUB.29 "Encrypted boot partition (GRUB)").
+
+List your disks with `lsblk` and run `gdisk /dev/[your disk]` e.g. `gdisk /dev/nvme0n1`. You can take a look at the 
+`gdisk` Arch Wiki [en](https://wiki.archlinux.org/index.php/Fdisk#gdisk) / [de](https://wiki.archlinux.de/title/GPT#Partitionieren_mit_gdisk)
+
+> It's crucial to use `gdisk` because GPT is needed for UEFI boot.
+
--- a/book/arch/03-prepare-yubikey.md
+++ b/book/arch/03-prepare-yubikey.md
@@ -0,0 +1,3 @@
+# Prepare YubiKey
+
+TBD
--- a/book/arch/04-prepare-volumes.md
+++ b/book/arch/04-prepare-volumes.md
@@ -0,0 +1,3 @@
+# Prepare Volumes
+
+TBD
--- a/book/arch/05-install-arch.md
+++ b/book/arch/05-install-arch.md
@@ -0,0 +1,3 @@
+# Install Arch Linux
+
+TBD
--- a/book/arch/06-secure-boot.md
+++ b/book/arch/06-secure-boot.md
@@ -0,0 +1,3 @@
+# Setup secure boot
+
+TBD
--- a/book/arch/07-yubikey-login.md
+++ b/book/arch/07-yubikey-login.md
@@ -0,0 +1,3 @@
+# Enable YubiKey Login
+
+TBD
--- a/book/arch/08-minimal-gnome.md
+++ b/book/arch/08-minimal-gnome.md
@@ -0,0 +1,3 @@
+# Install minimal GNOME desktop
+
+TBD
--- a/book/arch/bookdown.json
+++ b/book/arch/bookdown.json
@@ -0,0 +1,28 @@
+{
+    "title": "YubiKey full disk encryption Arch Linux guide",
+    "content": [
+        {"getting-started": "01-getting-started.md"},
+        {"prepare-disk": "02-prepare-disk.md"},
+        {"prepare-yubikey": "03-prepare-yubikey.md"},
+        {"prepare-volumes": "04-prepare-volumes.md"},
+        {"install-arch": "05-install-arch.md"},
+        {"secure-boot": "06-secure-boot.md"},
+        {"yubikey-login": "07-yubikey-login.md"},
+        {"minimal-gnome": "08-minimal-gnome.md"}
+    ],
+    "theme": {
+        "toc": {
+            "collapsibleFromLevel": 1
+        }
+    },
+    "template": "bookdown/themes",
+    "tocDepth": 1,
+    "target": "./html",
+    "numbering": false,
+    "extensions": {
+        "commonmark": [
+            "Webuni\\CommonMark\\TableExtension\\TableExtension",
+            "Webuni\\CommonMark\\AttributesExtension\\AttributesExtension"
+        ]
+    }
+}
--- a/book/bookdown.json
+++ b/book/bookdown.json
@@ -0,0 +1,23 @@
+{
+    "title": "YubiKey full disk encryption guide",
+    "content": [
+        {"intro": "../README.md"},
+        {"changelog": "../CHANGELOG.md"},
+        {"arch-linux": "arch/bookdown.json"}
+    ],
+    "theme": {
+        "toc": {
+            "collapsibleFromLevel": 1
+        }
+    },
+    "template": "bookdown/themes",
+    "tocDepth": 1,
+    "target": "../html",
+    "numbering": false,
+    "extensions": {
+        "commonmark": [
+            "Webuni\\CommonMark\\TableExtension\\TableExtension",
+            "Webuni\\CommonMark\\AttributesExtension\\AttributesExtension"
+        ]
+    }
+}
--- a/composer.json
+++ b/composer.json
@@ -0,0 +1,31 @@
+{
+    "name": "sandrokeil/yubikey-full-disk-encryption-secure-boot-uefi",
+    "description": "Tutorial to create full disk encryption with YubiKey, encrypted boot partition and secure boot with UEFI",
+    "type": "library",
+    "license": "BSD-3-Clause",
+    "homepage": "http://sandrokeil.github.io/yubikey-full-disk-encryption-secure-boot-uefi/",
+    "authors": [
+        {
+            "name": "Sandro Keil",
+            "email": "social@sandro-keil.de",
+            "homepage": "https://sandro-keil.de"
+        }
+    ],
+    "keywords": [
+        "yubikey",
+        "full-disk-encryption",
+        "2fa",
+        "secure-boot",
+        "uefi",
+        "arch-linux",
+        "luks",
+        "lvm2"
+    ],
+    "require": {
+        "bookdown/bookdown": "^1.1.0",
+        "webuni/commonmark-table-extension": "^0.6.1",
+        "webuni/commonmark-attributes-extension": "^0.5.0"
+    },
+    "minimum-stability": "dev",
+    "prefer-stable": true
+}