Workshops

User Tools

Site Tools

Trace: pgp_workshop reencrypt_linux_post_install
reencrypt_linux_post_install

Differences

This shows you the differences between two versions of the page.

Link to this comparison view

Both sides previous revisionPrevious revision
Next revision		Previous revision
reencrypt_linux_post_install [2025/05/03 18:40] – [Do the actual reencryption] userareencrypt_linux_post_install [2025/07/26 09:51] (current) usera
Line 476: Line 476:
 Resizing the filesystem on /dev/mapper/cryptodisk to 77879296 (4k) blocks. Resizing the filesystem on /dev/mapper/cryptodisk to 77879296 (4k) blocks.
 The filesystem on /dev/mapper/cryptodisk is now 77879296 (4k) blocks long. The filesystem on /dev/mapper/cryptodisk is now 77879296 (4k) blocks long.
 +</code>
 +
 +Now, you need to note down the content of the file /etc/resolv.conf, which is use by linux to access internet:
 +<code>
 +cat /etc/resolv.conf
 </code> </code>
  
Line 492: Line 497:
 </code> </code>
  
-the prompt will change a bit: you are now an administrator inside your own system! Enter the following command:+the prompt will change a bit: you are now an administrator inside your own system!  
 +Let us first check that we are connected to internet. To do that, you need to try to ping a website: 
 + 
 +<code> 
 +ping google.com 
 +</code> 
 + 
 +if you see something like this: 
 +<code> 
 +(base) usera@debian:~$ ping google.com 
 +PING google.com (142.250.74.78) 56(84) bytes of data. 
 +64 bytes from arn09s23-in-f14.1e100.net (142.250.74.78): icmp_seq=1 ttl=113 time=20.3 ms 
 +64 bytes from arn09s23-in-f14.1e100.net (142.250.74.78): icmp_seq=2 ttl=113 time=21.3 ms 
 +64 bytes from arn09s23-in-f14.1e100.net (142.250.74.78): icmp_seq=3 ttl=113 time=20.4 ms 
 +</code> 
 + 
 +then you are good to go, you can do CTRL+C to stop it. Otherwise, try copying the content of the /etc/resolv.conf file from before: 
 + 
 +<code> 
 +nano /etc/resolv.conf 
 +</code> 
 +then paste the content, and enter CTRL+X, then Y do save the changes. Try again to ping: 
 + 
 +<code> 
 +ping google.com 
 +</code> 
 + 
 +It should work now. 
 + 
 +Now, install some required packages: 
 +<code> 
 +sudo apt install cryptsetup cryptsetup-initramfs 
 +</code> 
 + 
 +and let us do some modifications. 
 +Enter the following command:
  
 <code> <code>
Line 536: Line 576:
 /dev/mapper/cryptodisk /               ext4    errors=remount-ro 0       1 /dev/mapper/cryptodisk /               ext4    errors=remount-ro 0       1
 </code> </code>
 +
 +you need finally to modify the file /etc/default/grub:
 +<code>
 +nano /etc/default/grub
 +</code>
 +
 +you need to locate the entry "GRUB_CMDLINE_LINUX=" and change it to "GRUB_CMDLINE_LINUX="cryptdevice=UUID=<LUKS partition UUID>:cryptodisk root=/dev/mapper/cryptdisk"
 +where you change <LUKS partition UUID> for the UUID of your encrypted partition.
 +You can then enter:
 +
 +<code>
 +sudo update-initramfs -u
 +</code>
 +
 +and then:
 +
 +<code>
 +update-grub
 +</code>
 +
 +and finally the following commands:
 +
 +<code>
 +exit
 +sudo shutdown -r now
 +</code>
 +
 +you will then remove your USB key and boot in your encrypted system hopefully. You should see a prompt asking to unlock your disk, and then your familiar OS will boot, with all the configuration you previously had. Congratulations !
reencrypt_linux_post_install.1746297631.txt.gz · Last modified: by usera