I could just imagine a thief, stealing someone’s laptop, but the laptop has Arch Linux on it. So when he turns on the computer, he would be sooo confused haha
Hi Kai, this video is outdated. I installed Arch before, using this video as a guide. I was now looking it up because I’m doing a fresh install, but I got stuck adding the ‘encrypted’ hook, because mkinitcpio was nowhere to be found... It appears ‘pacstrap /mnt’ is not enough anymore. You have to include ‘linux’ at the end of the command at the least, or better, as per the Arch docs: ‘pacstrap /mnt base linux linux-firmware’. For me, that was still not enough, as I needed DHCP, so I had to pedal back a bit and add ‘dhcpcd’ to the pacstrap command as well.
Thanks for the video. I enjoyed the way you broadcast the terminal. Hopefully you have a tutorial on that. Also good to see another AwesomeWM user in the world. I am hoping this method is as simple with using rEFInd as the bootloader.
Kai you are brilliant. The X1Carbon is what I would love. You think gen 3 would be sufficient for linuxmint or Arch? Im sporting T430S w/LM 18.3. with the trackpad, camera and microphone disabled.
Thanks for making these videos. I am wondering something though: At 2:38 in the video, it shows the arch ISO boot manager for BIOS/CSM booting (it looks different when the arch ISO gets booted in UEFI mode). However, you are installing with a GPT. Does that mean you are installing BIOS/GPT? Does the laptop not have a UEFI enabled firmware? I prefer not to use such a setup as it is incompatible with windows multibooting.
the screen at 2:38 makes me think you are booting in csm mode in this video. check it out in a virtual machine, the arch usb boot manager looks different when booted up in UEFI mode.
Why did you boot the arch ISO USB with legacy BIOS CSM enabled? When you did `bootctl install` at 9:13 it said "not booted with EFI, skipping EFI variable setup. I'm not sure if at the end of the video you booted the encrypted system with the CSM enabled or disabled. Obviously I want to create a UEFI bootable encrypted install so I'm not even sure if this tutorial is useful for me now.
Nice work :) I've found it generally easier using an MBR system, is there any reason GPT is better? The network thing (since you mentioned it) - installing and enabling networkmanager while chrooted in makes most sense to me, I'm going to use it anyway and it beats copying in wpa supplicant commands.
YouwillneverdefeattheriddleoftheBlackRiders As far as I know, MBR is not deprecated though it probably will be (same as X). I have used both in the past, but found MBR to be easier to set up and maintain for my purposes. I don't have any benefit from using GPT, so I don't see any point in using it.
You generally shouldn't install an MBR and use the CSM or BIOS way of booting if your motherboard has UEFI firmware, because an MBR partitioned disk has several disadvantages over a GPT partitioned disk: - gap between MBR and first partition is used to store the rest of the bootloader. There is no convention on where the first partition should start and so your bootloader can be overwritten by a windows update. - max 4 primary partitions - MBRs can only handle partition information of drives up to 2TB. - boot data is only saved on one place on the disk, there is no failsafe mechanism. - no cyclic redundancy check recovery in case of a corrupted partition table I suspect people who still use an mbr boot to often just be lazy and not wanting to learn about UEFI or even still have an irrational fear of microsoft and secureboot.
After encrypting your drive could you or would you be able to have it so if the password/passphrase was enter incorrectly say 5 times that the hdd was unusable or wiped clean??
How do you capture the screen of the X1 Carbon 3? At 1:45 you seem to connect something to the X1 Carbon? Maybe it's a HDMI/USB Video Capture Box. If so, which one do you recommend?
can you make video setting it all up with dracut using key to decrypt luks patition, please? following various tutorials but still can't make it work..
I have never thought of this tbh. So thanks for bringing it up. However the counterpoint that comes to mind, is that the hacker could also install a keylogger in Grub, no?
Interesting - I've always read that you needed keyboard, encrypt, lvm2 BEFORE filesystems in the HOOKS section or you won't be able to type in a password.
I just want to understand something. In your HOOKS, you put encrypt after filesystems but for me it didnt work like that and after looking at the wiki I put it after and it worked. Do you know how it worked for you?
I ran into an ordering issue in my later videos on other machines. I don't know exactly what went wrong. Wish ordering was not an issue. I use sd-encrypt in my hooks now.
@@kaihendry one more question , if we are encryption new partition then where password or hash save into our system? If we not save any password in system then ?
i would like to know if its a good alternative to VeraCrypt, also as much as i dont like it, it is becoming a company policy to include full-disk encryption to all machines.
I would personally appreciate a more to-the-point edit for this video. Watching you look up the web isn't particularly interesting. cut to the chase, please! :)
Kai Hendry yes. I myself installed manjaro openrc with encrypted partitions on nvme ssd drive. it is still interesting to know the steps to do that anyway (sometimes the installer fails ;-)
I could just imagine a thief, stealing someone’s laptop, but the laptop has Arch Linux on it.
So when he turns on the computer, he would be sooo confused haha
works good with tech support scammers
Loving the content. I'm a Linux newb. And your videos are confusing and interesting at the same time lol
whydontyouwork welcome to Linux! :D glad to have you aboard . Linux is awesome haha :p I use arch linux :)
Ryan Mcconkey Basically every arch user haha! I use arch btw!
Do you still use Linux?
@@jeffersondavis9397 I am a sysadmin at enterprise level now. It’s a windows environment as most companies are. I don’t generally use Linux.
Finally, someone who makes my ‘office’ look semi organised. 👌
Hi Kai, this video is outdated. I installed Arch before, using this video as a guide. I was now looking it up because I’m doing a fresh install, but I got stuck adding the ‘encrypted’ hook, because mkinitcpio was nowhere to be found... It appears ‘pacstrap /mnt’ is not enough anymore. You have to include ‘linux’ at the end of the command at the least, or better, as per the Arch docs: ‘pacstrap /mnt base linux linux-firmware’. For me, that was still not enough, as I needed DHCP, so I had to pedal back a bit and add ‘dhcpcd’ to the pacstrap command as well.
I agree I need to redo this. Struggling to find time.
Kai..i always enjoy watching.. You are awesome and make it interesting.
Thanks for the video. I enjoyed the way you broadcast the terminal. Hopefully you have a tutorial on that. Also good to see another AwesomeWM user in the world. I am hoping this method is as simple with using rEFInd as the bootloader.
I use dwm.suckless.org/
@@kaihendry I3 DWM AwesomeWM. All very close to each other. Tiling Managers for the win
Thank you for posting was looking for examples to prepare for LPIC2.
I have no clue about LPIC2. Do tell me if you pass! Good luck
Kai you are brilliant. The X1Carbon is what I would love. You think gen 3 would be sufficient for linuxmint or Arch? Im sporting T430S w/LM 18.3. with the trackpad, camera and microphone disabled.
I ran a X1C3 before, no show stoppers come to mind.
Thanks for making these videos. I am wondering something though: At 2:38 in the video, it shows the arch ISO boot manager for BIOS/CSM booting (it looks different when the arch ISO gets booted in UEFI mode). However, you are installing with a GPT. Does that mean you are installing BIOS/GPT? Does the laptop not have a UEFI enabled firmware? I prefer not to use such a setup as it is incompatible with windows multibooting.
I'm assuming UEFI capable hardware and GPT. It is the most compatible dual boot with Windows approach I know of.
the screen at 2:38 makes me think you are booting in csm mode in this video. check it out in a virtual machine, the arch usb boot manager looks different when booted up in UEFI mode.
Why did you boot the arch ISO USB with legacy BIOS CSM enabled? When you did `bootctl install` at 9:13 it said "not booted with EFI, skipping EFI variable setup. I'm not sure if at the end of the video you booted the encrypted system with the CSM enabled or disabled. Obviously I want to create a UEFI bootable encrypted install so I'm not even sure if this tutorial is useful for me now.
Nice work :) I've found it generally easier using an MBR system, is there any reason GPT is better? The network thing (since you mentioned it) - installing and enabling networkmanager while chrooted in makes most sense to me, I'm going to use it anyway and it beats copying in wpa supplicant commands.
Thank you! I think you need GPT for UEFI / bootctl to work.
Ah, fair enough!
Dave Blair mbr is deprecated and should not be used anymore unless your system doesnt support booting from a gpt disk.
YouwillneverdefeattheriddleoftheBlackRiders
As far as I know, MBR is not deprecated though it probably will be (same as X). I have used both in the past, but found MBR to be easier to set up and maintain for my purposes. I don't have any benefit from using GPT, so I don't see any point in using it.
You generally shouldn't install an MBR and use the CSM or BIOS way of booting if your motherboard has UEFI firmware, because an MBR partitioned disk has several disadvantages over a GPT partitioned disk:
- gap between MBR and first partition is used to store the rest of the bootloader. There is no convention on where the first partition should start and so your bootloader can be overwritten by a windows update.
- max 4 primary partitions
- MBRs can only handle partition information of drives up to 2TB.
- boot data is only saved on one place on the disk, there is no failsafe mechanism.
- no cyclic redundancy check recovery in case of a corrupted partition table
I suspect people who still use an mbr boot to often just be lazy and not wanting to learn about UEFI or even still have an irrational fear of microsoft and secureboot.
After encrypting your drive could you or would you be able to have it so if the password/passphrase was enter incorrectly say 5 times that the hdd was unusable or wiped clean??
Andrew Armstrong You can make a copy of the encrypt hook and modify it to do the wipe, and build it with your initrd.
I like how you start reading how to do this after you turn on camera but cant type yes in capital letters.
How do you capture the screen of the X1 Carbon 3? At 1:45 you seem to connect something to the X1 Carbon? Maybe it's a HDMI/USB Video Capture Box. If so, which one do you recommend?
I recommend the Magewell natalian.org/2015/03/13/HDMI_in/
Thank you for your recommendation. You just exceeded 4000 subscribers btw.
Hi Kai, I am wondering; how do you record the screen from the other laptop?
With a Magewell XI100DUSB-HDMI & OBS!
can you make video setting it all up with dracut using key to decrypt luks patition, please? following various tutorials but still can't make it work..
Thanks Kai! Thas was very useful.
You might also enjoy ua-cam.com/play/PLiKgVPlhUNuwCvU4LHf-9EYnvtlLbJe6p.html where I did the same
With Grub you could encrypt /boot as well
There is no point to encrypting /boot is there? You want complexity not to be in your boot loader. Grub is bloatware.
@@kaihendry A hacker could install a keylogger on the unencrypted /boot partition.
I have never thought of this tbh. So thanks for bringing it up. However the counterpoint that comes to mind, is that the hacker could also install a keylogger in Grub, no?
Oh look at this! www.phoronix.com/scan.php?page=news_item&px=systemd-cryptsetup-keydev
As far as I understand it, you still need a second device with systemd. With grub not necessarily.
Interesting - I've always read that you needed keyboard, encrypt, lvm2 BEFORE filesystems in the HOOKS section or you won't be able to type in a password.
Nice work.
Another great video :) Thanks. Please make a short video about setting up VPN on arch linux
Will anyone teach us how to do this stuff on old versions of Macbook pro?
Did you try?
can the same principles be applied to other versions of linux like ubuntu? id prefer that to archlinux
No idea
I just want to understand something. In your HOOKS, you put encrypt after filesystems but for me it didnt work like that and after looking at the wiki I put it after and it worked. Do you know how it worked for you?
I ran into an ordering issue in my later videos on other machines. I don't know exactly what went wrong. Wish ordering was not an issue. I use sd-encrypt in my hooks now.
How to encrypt Boot home partition without format ?
encrypting the boot partition doesn't make sense to me
@@kaihendry one more question , if we are encryption new partition then where password or hash save into our system? If we not save any password in system then ?
@@knowledgemania1282 perhaps you should read how LUKS works
THE WIKI IS THE BEST MANUAL
OH KAY
Don't forget to gen fstab and change root password.
this video was quite helpful
Please help me I have please unlock disk sda3_crypt
finally after couple of hours i got how this works
theft-proof laptop? Not unless someone physically takes it.
hehe
Im a noob to linux, but im doing some research for hard drive encryption on several operating systems, is this a good option for linux?
Not sure what you're asking. Are you saying whether to trust hardware encryption? I wouldn't.
i would like to know if its a good alternative to VeraCrypt, also as much as i dont like it, it is becoming a company policy to include full-disk encryption to all machines.
I trust Luks a little more than VeraCrypt/Truecrypt. Nonetheless it's decision _you_ need to make.
Kai help me please..all I want to do is install linux in my drive..,not using virtual machine..on T430..i am so illiterate it's not funny
Perhaps become literate first before considering a developer's paradise?
At 3:20, I thought the video paused...
sorry, i detented my older comment. but maybe cab you mske tike this but wuth swap. because it's very handy to hibernate
My machine hibernates without a swap partition
I would personally appreciate a more to-the-point edit for this video. Watching you look up the web isn't particularly interesting. cut to the chase, please! :)
3:17 LOL who doesn't google to do this?
I have one question.... What did u drink?
Water?
Dude clean your desk
You're not confident here like your previous arch install video. Everything gave you hard time here. Nevertheless enjoyable.
you fogot genfstab step)
So much potential here. Crappy instruction. I’m out.
Nice Apple avatar. Perhaps you’re better off saving up for Apple?
@@kaihendry Don’t take criticism well do you Kai? Poor guy.
...or you can use the antergos installer ;-)
(or the newmanjaro architect iso)
Oh, they support encrypted installs? sd-encrypt ?
Kai Hendry yes. I myself installed manjaro openrc with encrypted partitions on nvme ssd drive.
it is still interesting to know the steps to do that anyway (sometimes the installer fails ;-)
As you might understood I am not a big fan of systemd ;-)
+Nadir Boussoukaia I'm cool with healthy resistance, though I've had a good UX