-
Notifications
You must be signed in to change notification settings - Fork 0
/
Encrypted-dual-boot.bash
141 lines (91 loc) · 2.71 KB
/
Encrypted-dual-boot.bash
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
#!/bin/bash
# USAGE: VIA PARAMS BELOW, must run pre-setup, install OS, then run post-setup.
# (Dual-boot with windows, encrypting ONLY linux ROOT partition)
# ./Encrypted-dual-boot.bash pre
# ./Encrypted-dual-boot.bash post
######################################
# SETTINGS - START
######################################
# Set BOOT partition location
# In Ubuntu "installation type" install screen, set:
# /dev/YOUR_BOOT_DEVICE_PARTITION_HERE as ext4, format it, and mount as "/boot"
BOOT_PART="/dev/YOUR_BOOT_DEVICE_PARTITION_HERE"
# Set ROOT partition location
# In Ubuntu "installation type" install screen, set:
# /dev/mapper/vgroot-lvroot as ext4, format it, and mount as "/"
ROOTFS_PART="/dev/YOUR_ROOT_DEVICE_PARTITION_HERE"
######################################
# SETTINGS - END
######################################
# https://stackoverflow.com/questions/5947742/how-to-change-the-output-color-of-echo-in-linux
if hash tput > /dev/null 2>&1; then
red=`tput setaf 1`
green=`tput setaf 2`
yellow=`tput setaf 3`
blue=`tput setaf 4`
magenta=`tput setaf 5`
cyan=`tput setaf 6`
reset=`tput sgr0`
else
red=``
green=``
yellow=``
blue=``
magenta=``
cyan=``
reset=``
fi
######################################
if [ "$EUID" -ne 0 ]; then
echo " "
echo "${red}Please run WITH 'sudo / root' PERMISSIONS.${reset}"
echo " "
echo "${cyan}Exiting...${reset}"
echo " "
exit
fi
######################################
# "pre" param passed
if [ "$1" == "pre" ]; then
cryptsetup luksFormat $ROOTFS_PART
cryptsetup luksOpen $ROOTFS_PART cryptroot
sleep 1
pvcreate /dev/mapper/cryptroot
vgcreate vgroot /dev/mapper/cryptroot
lvcreate -n lvroot -l 100%FREE vgroot
echo " "
echo "${cyan}Setup of encrypted partitions complete, you can proceed with OS installation${reset}"
echo " "
# "post" param passed
elif [ "$1" == "post" ]; then
mount /dev/mapper/vgroot-lvroot /mnt
mount $BOOT_PART /mnt/boot
mount --bind /dev /mnt/dev
# Get device UUID
ROOTFS_UUID=$(blkid $ROOTFS_PART | cut -d \" -f2)
# Don't nest / indent, or it could malform the settings
read -r -d '' CRYPTTAB_SETUP <<- EOF
\r
# <target name> <source device> <key file> <options>
cryptroot UUID=$ROOTFS_UUID none luks,discard
\r
EOF
# Export $CRYPTTAB_SETUP to chroot
export CRYPTTAB_SETUP=$CRYPTTAB_SETUP
# chroot, and setup to mount at boot
chroot /mnt /bin/bash <<"EOT"
mount -t proc proc /proc
mount -t sysfs sys /sys
mount -t devpts devpts /dev/pts
touch /etc/crypttab
echo -e "$CRYPTTAB_SETUP" > /etc/crypttab
update-initramfs -k all -c
sleep 1
cat /etc/crypttab
EOT
sleep 1
echo " "
echo "${cyan}Setup / install is FULLY complete, you must now reboot for changes to take effect.${reset}"
echo " "
fi
######################################