config/r815/SETUP

UEFI boot does not work, so use legacy boot.
Installed with ubuntu-20.04-live-server-amd64.iso

ssh-copy-id
git clone 192.168.1.129:privat/configfiles
cp configfiles/ubuntu-20.04/home/.* .
sudo cp configfiles/ubuntu-20.04/home/.* /root
bash configfiles/ubuntu-20.04/packages

LVM_extend_to_full_disk() {
    lvextend -L +10G /dev/ubuntu-vg/ubuntu-lv
    resize2fs /dev/mapper/ubuntu--vg-ubuntu--lv
}

Change_LUKS_password_to_USB_cryptkey() {
    echo oldpassword:; read oldpassword
    echo secretpassword:; read secretpassword
    echo newpassword:; read newpassword </mnt/cryptkey.txt

    echo "$oldpassword $secretpassword $newpassword"
    DISK=/dev/disk/by-path/pci-0000:05:00.0-scsi-0:2:1:0

    # Add secretpassword to keyslot 2 (this will be slow to decrypt)
    (echo "$oldpassword"; echo "$secretpassword") |
	cryptsetup -y -v luksAddKey \
		   --pbkdf-parallel 1 \
		   --pbkdf-memory 4000000 --pbkdf argon2id --iter-time 40000 \
		   ${DISK}-part3

    # Remove oldpassword from keyslot 1
    (echo "$oldpassword") |
	cryptsetup -y -v luksRemoveKey ${DISK}-part3

    # Add newpassword to keyslot 1 (this will be fast to decrypt)
    (echo "$secretpassword"; echo "$newpassword") |
	cryptsetup -y -v luksAddKey \
		   --pbkdf-parallel 1 \
		   --pbkdf-memory 100000 --pbkdf argon2id --iter-time 1000 \
		   ${DISK}-part3

    # Check that slot 0 and 1 are in use
    cryptsetup luksDump ${DISK}-part3

    cryptsetup config --priority prefer --key-slot 0
    # This should be fast
    (echo "$newpassword"; echo "dummy") |
	cryptsetup -y -v luksAddKey \
		   --pbkdf-parallel 1 \
		   --pbkdf-memory 100000 --pbkdf argon2id --iter-time 1000 \
		   ${DISK}-part3
    # This is still slow
    (echo "dummy") |
	cryptsetup -y -v luksRemoveKey ${DISK}-part3
}

autodecrypt() {
    cd ~tange/configfiles/ubuntu-20.04/
    cp usr/share/initramfs-tools/scripts/local-top/cryptroot /usr/share/initramfs-tools/scripts/local-top/cryptroot
    update-initramfs -u -k all
}
r815 re-installed. 2020-06-01 16:40:56 +00:00			`UEFI boot does not work, so use legacy boot.`
			`Installed with ubuntu-20.04-live-server-amd64.iso`

			`ssh-copy-id`
			`git clone 192.168.1.129:privat/configfiles`
			`cp configfiles/ubuntu-20.04/home/.* .`
			`sudo cp configfiles/ubuntu-20.04/home/.* /root`
			`bash configfiles/ubuntu-20.04/packages`

			`LVM_extend_to_full_disk() {`
			`lvextend -L +10G /dev/ubuntu-vg/ubuntu-lv`
			`resize2fs /dev/mapper/ubuntu--vg-ubuntu--lv`
			`}`

			`Change_LUKS_password_to_USB_cryptkey() {`
			`echo oldpassword:; read oldpassword`
			`echo secretpassword:; read secretpassword`
			`echo newpassword:; read newpassword </mnt/cryptkey.txt`

			`echo "$oldpassword $secretpassword $newpassword"`
			`DISK=/dev/disk/by-path/pci-0000:05:00.0-scsi-0:2:1:0`

			`# Add secretpassword to keyslot 2 (this will be slow to decrypt)`
			`(echo "$oldpassword"; echo "$secretpassword") \|`
			`cryptsetup -y -v luksAddKey \`
			`--pbkdf-parallel 1 \`
			`--pbkdf-memory 4000000 --pbkdf argon2id --iter-time 40000 \`
			`${DISK}-part3`

			`# Remove oldpassword from keyslot 1`
			`(echo "$oldpassword") \|`
			`cryptsetup -y -v luksRemoveKey ${DISK}-part3`

			`# Add newpassword to keyslot 1 (this will be fast to decrypt)`
			`(echo "$secretpassword"; echo "$newpassword") \|`
			`cryptsetup -y -v luksAddKey \`
			`--pbkdf-parallel 1 \`
			`--pbkdf-memory 100000 --pbkdf argon2id --iter-time 1000 \`
			`${DISK}-part3`

			`# Check that slot 0 and 1 are in use`
			`cryptsetup luksDump ${DISK}-part3`

			`cryptsetup config --priority prefer --key-slot 0`
			`# This should be fast`
			`(echo "$newpassword"; echo "dummy") \|`
			`cryptsetup -y -v luksAddKey \`
			`--pbkdf-parallel 1 \`
			`--pbkdf-memory 100000 --pbkdf argon2id --iter-time 1000 \`
			`${DISK}-part3`
			`# This is still slow`
			`(echo "dummy") \|`
			`cryptsetup -y -v luksRemoveKey ${DISK}-part3`
			`}`

			`autodecrypt() {`
			`cd ~tange/configfiles/ubuntu-20.04/`
			`cp usr/share/initramfs-tools/scripts/local-top/cryptroot /usr/share/initramfs-tools/scripts/local-top/cryptroot`
			`update-initramfs -u -k all`
			`}`