Secure ArchLinux Installation Tutorial part 1 - Base System

Показать описание

In the very first video on my channel I thought it'd be cool to show you how to perform secure linux installation on a real life device. All footage was recorded using capture card.

Many tutorials lack either the SecureBoot portion or the disk encryption. It is time we fill this void.

00:00 - Intro
00:14 - Preparations
00:53 - Partitioning
02:33 - OS Installation
05:10 - Unified Kernel Image
07:46 - SecureBoot
09:10 - Outro

LINKS:

Socials:

#archlinux #linux #devops #devopstutorial #secops #opensource #secureboot

Рекомендации по теме

Комментарии

Thanks for the video! That's quite a lot of information to digest - I'm going to follow the steps on your GitHub and see if I can make it work.

Chris.Wiley.

Amazing video, thanks for making an easy to follow guide, but still making it compliant with the arch install guide. Much appreciated!

ivory

Nice guide bro. Thank you for your work!

justdaxik

I just wanna Say it's the best Security Tutorial for Arch Linux ( Linux anyway ) Ever really Learned a lot
Thank you so much for this i was looking so much for kinda Work Thank you Thank you Thank you

caspersro

Awesome work!🎉
You deserve a glass of polish vodka 😂

simondj

I did the equivalent of watching your mouth move as I completely zoned out.
This is cool and all, my fear would be my own ineptitude locking me out of my hardware, effectively bricking it.
I nuke my arch desktop because I am constantly installing garbage and I don't know how to clean anything.

Vexruna

Great video. I gotta try that hardened setup on one of my machines.
@4:34 I've never had any problems with the -m and -G switches for "useradd", is it related to dm-crypt?

carloschon

I don't what dracut is (mkinitcpio alternative?) and I'm confused on how the UEFI efistub worked in your case.
Don you have any resources where I can read up as I plan on doing a reinstall (using Arch with grub, networkmanager, luks on a partition (root) and windows dual boot rn, plan do ditch dual boot and go arch only),

savantshuia

on the boot menu only windows 11 shows up?

lettucedogg

I tried to install on my qemu and durin pacman -S linux I've got error:
# error command failed to execute correctly
# call to execv failed (Exec format error)
I checked video tutorial, my notes - everything is correct. What's wrong then? Where is error/typo?

marol-lh

Since the hard disk is encrypted with luks2, so anybody can access it, even with a live usb stick, why do I need secure boot?

racingtheweb

Any plans on a secure install guide for a systemd free distro?

SatisfyingRobot-bb

Thanks a ton, I got secure boot working on my laptop using this guide.
I was just wondering is there a way to auto decrypt the physical lvm volume without having to type the whole password out?

savantshuia

Very interesting tutorial! Thank you very much for it! So, I can make the same encryption and btrfs, right? But is it possible to make snapshots or install timeshift?
As for WM - it can by any, like i3 or hyprland?

marol-lh

Will the already installed win 11 will still boot after the secure boot setup?

RPGaming

I really dont like using sbctl enroll-keys nor enrolling the keys via the bios firmware, it can result on a bricked motherboard if you have one with a shitty implementation like the gigabyte ones, i heard it also causess error on windows systems with secure boot on setup mode.
So I would say is more safe to use the shim efi binary to launch whatever bootloader you have, that way you only have to enroll your keys to the shim bootloader, I know some of you wont like having Microsoft keys on your hardware but ey' at least is not a bricked device.

episodemaine

Is it really necessary to enable secure boot with encrypted partition? It’s one more not easy step and I think complete unneeded. It’s impossible to get to your files with luks2 so why bother?

wrona

I dont have /efi/EFI/Linux/arch-linux.efi in my system, what did I wrong?

astronaut

Mate i got an error saying 'Found OptionRom in the boot chain.This means we should not enroll keys into uefi without prevaution"..and it gave me three use flags
--microsoft(enroll ms oem certificate into signature database)
--tpm-eventlog:(Enroll opRom checksums and signature (exprimental))
this is the final use flag lol)...what exactly happended ??(btw, iam installing arch on baremetal)

EDIT:I used the microsoft-flag and poof it was done, but i wasn't able to do the command 'enroll-keys' alone before tht, so now will i be able to enable secure boot?, it wont mess up the install right?

CB

Heyy mate i have another silly question for ya, Iam getting an message saying ' A start job is running for so on ..ig this is due to process of mounting filesytem based pn uuid maybe..is this normal?

CB

Secure ArchLinux Installation Tutorial part 1 - Base System

Secure ArchLinux Installation Tutorial part 1 - Base System

Arch Linux: A ℂ𝕠𝕞𝕗𝕪 Install Guide

Why you (probably) shouldn't use an Arch Linux install script

Secure Linux Guide #shorts

How To Install And Configure Arch Linux For Penetration Testing

Arch Linux Full install on BIOS/MBR with Xfce4 and visual guide

Installing GrapheneOS the Easy Way

How to Make Arch Linux Stable and What NOT to Do!

How to Install Arch Linux | Step By Step

The Biggest Linux Security Mistakes

The COMPLETE Linux Hardening, Privacy & Security Guide!

Full Arch Linux Install (SAVAGE Edition!)

After Installing Arch & Gentoo - Setting up a Graphical Environment and Users

Installing Linux The 'Right' Way

Installare L'Ambiente Desktop Pantheon Su Arch Linux 2024 Estratto 1/2

How To Use The AUR (Arch User Repository)

Hacking Linux with These Simple Commands Pt:1

Linux Security - UFW Complete Guide (Uncomplicated Firewall)

How To Install BlackArch Linux

Arch Linux: installing Plymouth

Testing the new Arch Linux Guided Installer

What's the Best Operating System? #shorts

How to install Linux on any PC (EASILY) #shorts

Mac or Windows?