Tutorial: Full disk encryption on Librem5

nretro · August 12, 2021, 10:04pm

Here ist Cc281080’s script in the right format: (as code block, see https://en.wikipedia.org/wiki/Bbcode)

source_path=$1
reencrypted_path="${source_path}_reencrypted"

if [[ -d "${reencrypted_path}" ]]; then
echo "Cleaning up path for reencrypted version: ‘${reencrypted_path}’"
rm -rf "${reencrypted_path}"
echo ""
fi
echo "Coping Source Path to ‘${reencrypted_path}’"
cp -a "${source_path}" "${reencrypted_path}"

echo ""
echo "Opening Source LUKS Container…"
source_loop_device=`losetup -P -f --show "${source_path}/librem5r4.img"`
cryptsetup luksOpen "${source_loop_device}p2" Librem5_Orig
cryptsetup status /dev/mapper/Librem5_Orig
UUID=`cryptsetup luksDump "${source_loop_device}p2" | grep UUID | sed -e 's/^UUID:\s*\(\S*\)$/\1/'`

echo ""
echo "Reencryptipng new LUKS Container…"
reencrypted_loop_device=`losetup -P -f --show "${reencrypted_path}/librem5r4.img"`
cryptsetup luksFormat --type luks1 --key-size 256 --uuid "${UUID}" -q "${reencrypted_loop_device}p2"

echo ""
echo "Opening Reencrypted LUKS Container…"
cryptsetup luksOpen "${reencrypted_loop_device}p2" Librem5_Reencrypted
cryptsetup status /dev/mapper/Librem5_Reencrypted

echo ""
echo "Transfering all data to the reencrypted LUKS Container…"
partclone.ext4 --dev-to-dev -s /dev/mapper/Librem5_Orig -o /dev/mapper/Librem5_Reencrypted

echo ""
echo "Unloading the crypt containers…"
cryptsetup luksClose /dev/mapper/Librem5_Reencrypted
cryptsetup luksClose /dev/mapper/Librem5_Orig
losetup -d "${reencrypted_loop_device}"
losetup -d "${source_loop_device}"

echo ""
echo "New Image created succesfully"
echo "Please put your Librem5 to flash mode"
echo "cd ‘${reencrypted_path}’"
echo "uuu flash_librem5r4.lst"