c8d3a35e4a8e311c4b16a92c47a810648fad7a38
ubuntu/lvm/\346\232\227\345\217\267\345\214\226\343\201\225\343\202\214\343\201\237\343\203\207\343\202\243\343\202\271\343\202\257\343\202\222\350\265\267\345\213\225\346\231\202\343\201\253\350\207\252\345\213\225\347\232\204\343\201\253\343\203\236\343\202\246\343\203\263\343\203\210\343\201\231\343\202\213.md
| ... | ... | @@ -0,0 +1,37 @@ |
| 1 | +[Full_Disk_Encryption_Howto_2019 - Community Help Wiki](https://help.ubuntu.com/community/Full_Disk_Encryption_Howto_2019) |
|
| 2 | + |
|
| 3 | +``` |
|
| 4 | +$ sudo su - |
|
| 5 | +# apt install -y cryptsetup-initramfs |
|
| 6 | +``` |
|
| 7 | + |
|
| 8 | +``` |
|
| 9 | +# echo "KEYFILE_PATTERN=/etc/luks/*.keyfile" >> /etc/cryptsetup-initramfs/conf-hook |
|
| 10 | +# echo "UMASK=0077" >> /etc/initramfs-tools/initramfs.conf |
|
| 11 | +``` |
|
| 12 | + |
|
| 13 | +``` |
|
| 14 | +# mkdir /etc/luks |
|
| 15 | +# dd if=/dev/urandom of=/etc/luks/boot_os.keyfile bs=512 count=1 |
|
| 16 | +1+0 records in u=rx,go-rwx /etc/luks |
|
| 17 | +1+0 records out |
|
| 18 | +512 bytes (0.5 kB, 0.5 KiB) copied, 0.0002368 s, 17.3 MB/s |
|
| 19 | + |
|
| 20 | +# chmod u=rx,go-rwx /etc/luks |
|
| 21 | +# chmod u=r,go-rwx /etc/luks/boot_os.keyfile |
|
| 22 | + |
|
| 23 | +# cryptsetup luksAddKey /dev/sdb1 /etc/luks/boot_os.keyfile |
|
| 24 | +Enter any existing passphrase: |
|
| 25 | +``` |
|
| 26 | + |
|
| 27 | +``` |
|
| 28 | +# echo "LUKS_BOOT UUID=$(blkid -s UUID -o value /dev/sdb1) /etc/luks/boot_os.keyfile luks,discard" >> /etc/crypttab |
|
| 29 | +``` |
|
| 30 | + |
|
| 31 | +`fstab`に設定を書く.参考→[dm-crypt/システム設定 - ArchWiki](https://wiki.archlinux.jp/index.php/Dm-crypt/%E3%82%B7%E3%82%B9%E3%83%86%E3%83%A0%E8%A8%AD%E5%AE%9A#.E8.B5.B7.E5.8B.95.E6.99.82.E3.81.AB.E3.83.9E.E3.82.A6.E3.83.B3.E3.83.88) |
|
| 32 | +``` |
|
| 33 | +# nano /etc/fstab |
|
| 34 | +``` |
|
| 35 | +``` |
|
| 36 | +/dev/mapper/[name] /mnt/[mount point]/ ext4 defaults,errors=remount-ro 0 2 |
|
| 37 | +``` |
|
| ... | ... | \ No newline at end of file |