reencrypt_linux_post_install
Differences
This shows you the differences between two versions of the page.
| Both sides previous revisionPrevious revisionNext revision | Previous revision | ||
| reencrypt_linux_post_install [2025/05/03 17:55] – [Do the actual reencryption] usera | reencrypt_linux_post_install [2025/07/26 09:51] (current) – usera | ||
|---|---|---|---|
| Line 476: | Line 476: | ||
| Resizing the filesystem on / | Resizing the filesystem on / | ||
| The filesystem on / | The filesystem on / | ||
| + | </ | ||
| + | |||
| + | Now, you need to note down the content of the file / | ||
| + | < | ||
| + | cat / | ||
| </ | </ | ||
| Line 492: | Line 497: | ||
| </ | </ | ||
| - | the prompt will change a bit | + | the prompt will change a bit: you are now an administrator inside your own system! |
| + | Let us first check that we are connected to internet. To do that, you need to try to ping a website: | ||
| + | |||
| + | < | ||
| + | ping google.com | ||
| + | </ | ||
| + | |||
| + | if you see something like this: | ||
| + | < | ||
| + | (base) usera@debian: | ||
| + | PING google.com (142.250.74.78) 56(84) bytes of data. | ||
| + | 64 bytes from arn09s23-in-f14.1e100.net (142.250.74.78): | ||
| + | 64 bytes from arn09s23-in-f14.1e100.net (142.250.74.78): | ||
| + | 64 bytes from arn09s23-in-f14.1e100.net (142.250.74.78): | ||
| + | </ | ||
| + | |||
| + | then you are good to go, you can do CTRL+C to stop it. Otherwise, try copying the content of the / | ||
| + | |||
| + | < | ||
| + | nano / | ||
| + | </ | ||
| + | then paste the content, and enter CTRL+X, then Y do save the changes. Try again to ping: | ||
| + | |||
| + | < | ||
| + | ping google.com | ||
| + | </ | ||
| + | |||
| + | It should work now. | ||
| + | |||
| + | Now, install some required packages: | ||
| + | < | ||
| + | sudo apt install cryptsetup cryptsetup-initramfs | ||
| + | </ | ||
| + | |||
| + | and let us do some modifications. | ||
| + | Enter the following command: | ||
| + | |||
| + | < | ||
| + | blkid | ||
| + | </ | ||
| + | |||
| + | in my case I get: | ||
| + | |||
| + | < | ||
| + | /dev/sdb2: SEC_TYPE=" | ||
| + | /dev/sdb3: LABEL=" | ||
| + | /dev/sdb1: BLOCK_SIZE=" | ||
| + | /dev/loop0: TYPE=" | ||
| + | / | ||
| + | /dev/sda2: UUID=" | ||
| + | /dev/sda3: UUID=" | ||
| + | /dev/sda1: UUID=" | ||
| + | </ | ||
| + | |||
| + | you should note the UUID of the encrypted disk, in my case sda2, whose UUID is 5c24539d-acc7-4216-bc61-0939b2d4f51f | ||
| + | edit the file / | ||
| + | |||
| + | < | ||
| + | nano / | ||
| + | </ | ||
| + | |||
| + | and add the following line, replacing [UUID] with the value you noted: | ||
| + | |||
| + | < | ||
| + | cryptodisk UUID=[UUID] none luks, | ||
| + | </ | ||
| + | |||
| + | you can exit the editor with CTRL+X, then type Y for saving it. | ||
| + | then note the UUID of the decrypted partition, here / | ||
| + | |||
| + | < | ||
| + | nano / | ||
| + | </ | ||
| + | |||
| + | you should check the line that has the mount point "/", | ||
| + | |||
| + | < | ||
| + | / | ||
| + | </ | ||
| + | |||
| + | you need finally to modify the file / | ||
| + | < | ||
| + | nano / | ||
| + | </ | ||
| + | |||
| + | you need to locate the entry " | ||
| + | where you change <LUKS partition UUID> for the UUID of your encrypted partition. | ||
| + | You can then enter: | ||
| + | |||
| + | < | ||
| + | sudo update-initramfs -u | ||
| + | </ | ||
| + | |||
| + | and then: | ||
| + | |||
| + | < | ||
| + | update-grub | ||
| + | </ | ||
| + | |||
| + | and finally the following commands: | ||
| + | |||
| + | < | ||
| + | exit | ||
| + | sudo shutdown -r now | ||
| + | </ | ||
| + | |||
| + | you will then remove your USB key and boot in your encrypted system hopefully. You should see a prompt asking to unlock your disk, and then your familiar OS will boot, with all the configuration you previously had. Congratulations ! | ||
reencrypt_linux_post_install.1746294931.txt.gz · Last modified: by usera