This is one of the backbone of data security the following are some major benefits: 1. When the receiver gets the data, it will send the decryption key and the Encrypted data to a decryption algorithm to decode it. You can then send the output to the second party using any medium you like, or you can keep the Encrypted data for your own future use. The algorithm will then change the data given in the input using the Encryption key, and it will send the output. Partclone.Web development, programming languages, Software testing & others Reencrypted_loop_device= losetup -P -f -show librem5r4.imgĬryptsetup-reencrypt “$p2” Librem5_ReencryptedĬryptsetup status /dev/mapper/Librem5_ReencryptedĮcho “Transfering all data to the reencrypted LUKS Container…” The quick way, is that you have to go to the path of the downloaded image and do the following: ![]() I just managed to make the necessary reencryption. Thanks to the devs and community of Librem5 in Matrix for patiently helping to navigate some questions. Would be eager to hear other experiences or methods. Another approach could be to use the Jumpdrive to regenerate the encryption keys while the encrypted partition is not mounted, but haven’t tried it yet. As to solve the issue of regenerating the encryption keys, I’ve tried to create a separate partition, encrypt it with Luks type 2, migrate the whole system there via rsync, but I didn’t manage to instruct u-boot to boot from a different partition. Now you should have a fresh and encrypted librem5. As this is a fresh system you might want to update the timezone, time and date, then run an update: With this your encrypted partition should be as big as the phone’s disk is, and with a password of your choice. $ sudo cryptsetup luksChangeKey /dev/mmcblk0p2įirst insert the default passphrase (123456) Now let’s change the encryption passphrase: The encrypted partition should have expanded to use the full disk, you can verify it with: $ sudo cryptsetup resize /dev/mapper/crypt_root Run this two command to resize and expand the encrypted partition: Enter the decryption passphrase once again in your phone, then connect via USB with picocom as described before, and insert again your username and password. Press “Write” to save the changes, type yes to confirm, then press “Quit”. Then press “New” partition, it will appear with the full size, select “primary”, and confirm it. With the arrows, select the partition /dev/mmcblk0p2 and press “Delete”. Now we are going to expand the encrypted partition from 3.7GB to the full size of the disk.įor that I follow this instructions, describing them a bit more:įirst we use cfdisk to alter the partitions: Default username “purism”, default password “123456”. ![]() ![]() Press Enter, it will ask for your login and password. Once done, boot the phone and enter the decryption passphrase, default is “123456”.Ĭonnect your librem5 via USB to your computer and access it via picocom: TIP: In case you want to reflash again without downloading again the image, the “–skip-cleanup” argument saves a folder named like “devkit_image_flj6du8z…” with everything you need for an offline flashing with your existing image.įor flashing your device from a previously downloaded image, enter the “devkit_image_flj…” folder (you should see 3 files) and use: librem5-flash-image -dist byzantium -variant luks -skip-cleanup We start by flashing the latest Byzantium-Luks image with the script and instructions found in the librem5-devkit-tools: Still, the security of using the phone after following this instructions is improved if compared with no encryption at all. Meaning is - not secure as it should-, its meant for testing. Remember -> encryption key ≠ encryption passphrase. This method doesn’t offer the opportunity to regenerate the encryption keys (luks type1 doesn’t allow for reencryption of online partitions). The original image of Byzantium-luks from Purism is only 3.7GB, but we will expand it to the whole disk. At the end of the instructions you will have an encrypted root filesystem, encrypted with a pasphrase of your choice, using the full size of the phone’s disk. This is how I found my way through it and there might be different methods. This post aims to be a simple and noob-friendly tutorial to -test- Luks encryption on the Librem5.
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |