dede/ykfde
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Add Arch helper scripts

Browse Source
This commit is contained in:
Sandro Keil
2018-12-29 13:18:48 +01:00
parent c9882d01d8
commit f27e6a0bf8
7 changed files with 111 additions and 1 deletions
Download Patch File Download Diff File Expand all files Collapse all files

2
README.md
View File

@@ -11,7 +11,7 @@ via [YubiKey](https://yubico.com/products/yubikey-hardware/). It contains:
Currently guides for:
- Arch Linux
- Arch Linux with helper scripts
Additional security chapter:

16
scripts/arch/01-init.sh Executable file
View File

@@ -0,0 +1,16 @@
#!/usr/bin/env bash
set -e
SCRIPT_NAME=`basename "$0"`
echo "=========== ${SCRIPT_NAME} ==========="
pacman -Sy yubikey-manager yubikey-personalization pcsc-tools libu2f-host make json-c cryptsetup
systemctl start pcscd.service
ykman list
lsblk
echo ""
echo "====================="
echo "Proceed with chapter 02: Prepare disks"

13
scripts/arch/03-ykfde.sh Executable file
View File

@@ -0,0 +1,13 @@
#!/usr/bin/env bash
set -e
SCRIPT_NAME=`basename "$0"`
echo "=========== ${SCRIPT_NAME} ==========="
curl -L https://github.com/agherzan/yubikey-full-disk-encryption/archive/master.zip | bsdtar -xvf - -C .
cd yubikey-full-disk-encryption-master
make install
echo ""
echo "====================="
echo "Proceed with chapter 03: Prepare 2nd slot"

22
scripts/arch/04-prepare-volumes.sh Executable file
View File

@@ -0,0 +1,22 @@
#!/usr/bin/env bash
set -e
SCRIPT_NAME=`basename "$0"`
echo "=========== ${SCRIPT_NAME} ==========="
pvcreate /dev/mapper/cryptlvm
vgcreate MyVolGroup /dev/mapper/cryptlvm
lvcreate -L 20G MyVolGroup -n root
lvcreate -l 100%FREE MyVolGroup -n home
mkfs.ext4 /dev/MyVolGroup/root
mkfs.ext4 /dev/MyVolGroup/home
mount /dev/MyVolGroup/root /mnt
mkdir /mnt/home
mount /dev/MyVolGroup/home /mnt/home
echo ""
echo "====================="
echo "Proceed with chapter 04: Encrypted boot partition"

24
scripts/arch/05-chroot.sh Executable file
View File

@@ -0,0 +1,24 @@
#!/usr/bin/env bash
set -e
SCRIPT_NAME=`basename "$0"`
echo "=========== ${SCRIPT_NAME} ==========="
pacman -Sy yubikey-manager yubikey-personalization pcsc-tools libu2f-host make json-c cryptsetup
mkdir -p /run/lvm
mount --bind /hostrun/lvm /run/lvm
cd /home/yubikey-full-disk-encryption-master
make install
cp /home/ykfde.conf /etc/ykfde.conf
source /home/challenge.txt
sed -i "s/#YKFDE_CHALLENGE=\"/YKFDE_CHALLENGE=\"$YKFDE_CHALLENGE/g" /etc/ykfde.conf
cat /etc/ykfde.conf
echo ""
echo "====================="
echo "Proceed with chapter 05: mkinitcpio"

15
scripts/arch/05-install.sh Executable file
View File

@@ -0,0 +1,15 @@
#!/usr/bin/env bash
set -e
SCRIPT_NAME=`basename "$0"`
echo "=========== ${SCRIPT_NAME} ==========="
pacstrap /mnt base yubikey-manager yubikey-personalization pcsc-tools libu2f-host acpid dbus grub-efi-x86_64 efibootmgr lvm2
genfstab -U -p /mnt >> /mnt/etc/fstab
cat /mnt/etc/fstab
echo ""
echo "====================="
echo "Proceed with chapter 05: YubiKey Full Disk Encryption"

20
scripts/arch/06-secure-boot.sh Executable file
View File

@@ -0,0 +1,20 @@
#!/usr/bin/env bash
set -e
SCRIPT_NAME=`basename "$0"`
echo "=========== ${SCRIPT_NAME} ==========="
pacman -Sy binutils fakeroot
curl -L https://github.com/xmikos/cryptboot/archive/master.zip | bsdtar -xvf - -C .
cd cryptboot-master
makepkg -si --skipchecksums
cryptboot-efikeys create
cryptboot-efikeys enroll
cryptboot update-grub
echo ""
echo "====================="
echo "Proceed with chapter 06: Pacman hooks"