个人工具
登录
查看“UbuntuHelp:FeistyLUKSTwoFormFactor”的源代码 - Ubuntu中文
UbuntuHelp
讨论
查看源代码
历史
搜索
导航
首页
最近更改
随机页面
页面分类
帮助
编辑
编辑指南
沙盒
新闻动态
字词处理
工具
链入页面
相关更改
特殊页面
页面信息
查看“UbuntuHelp:FeistyLUKSTwoFormFactor”的源代码
来自Ubuntu中文
←
UbuntuHelp:FeistyLUKSTwoFormFactor
跳转至:
导航
,
搜索
因为以下原因,你没有权限编辑本页:
您所请求的操作仅限于该用户组的用户使用:
用户
您可以查看与复制此页面的源代码。
== Creating Encrypeted USB Flash Drive == === Create UDEV Mapping === Each computer system will report and mount your USB flash drive differently. e.g., /dev/sda or /dev/sdb To avoid constant changes in the cryptsetup's initramfs scripts which rely on the the USB flash drive create a ''common'' device name for your USB flash drive on each system you intend to lock. ==== Find USB Flash Drive Serial ID ==== Insert the USB flash drive you will be using. The USB will trigger a udev scan and will report the deivce name to the console. e.g., /dev/sdb. Armed with the device retrieve the device information and look for your USB flash drive manufacturer and associated serial number. <pre><nowiki> udevinfo -a -p $(udevinfo -q path -n /dev/sdb) ... ATTRS{serial}=="#######################" ATTRS{product}=="SUPERFLY" ATTRS{manufacturer}=="LEXAR" ... </nowiki></pre> ==== Add USB Flash Drive Serial ID to UDEV Rules ==== Add the USB flash drive serial id and the common name to `/etc/udev/rules.d/65-persistent-storage.rules` and rescan the devices. The modified cryptsetup scripts use `/dev/cryptKey`. If you change the naming you'll need to modify those scripts. <pre><nowiki> vi /etc/udev/rules.d/65-persistent-storage.rules </nowiki></pre> Insert the following somewhere before the end label `LABEL="persistent_storage_end"`. <pre><nowiki> KERNEL=="sd*|sr*|st*", ATTRS{serial}=="######################"", SYMLINK+="cryptKey%n" </nowiki></pre> Trigger and look for the common name device for your USB flash drive. <pre><nowiki> udevtrigger ls /dev/cryptKey </nowiki></pre> The list command should have successfully returned `/dev/cryptKey`. Do not continue until this is correct. ==== Create LUKS Partition with EXT2 Filesystem ==== <pre><nowiki> modprobe dm_crypt cryptsetup luksFormat --hash=sha512 --cipher=aes-cbc-essiv:sha256 --key-size=256 /dev/cryptKey cryptsetup luksOpen /dev/cryptKey cryptkeys mkfs.ext2 /dev/mapper/cryptkeys mkdir /mnt/cryptkeys mount -t ext2 /dev/mapper/cryptkeys /mnt/cryptkeys </nowiki></pre> ==== Generate Random Machine Key ==== Create a ''random'' key that will eventually be used to lock/unlock this system and store it on the opened and mounted encrypted USB flash drive. Replace '''#FILENAME''' with the name of your choosing. It will be used in later system configurations. <pre><nowiki> cd /mnt/cryptkeys dd if=/dev/random of=#FILENAME.luks bs=1 count=256 </nowiki></pre>
返回至
UbuntuHelp:FeistyLUKSTwoFormFactor
。