11 comments

[ 6.3 ms ] story [ 37.5 ms ] thread
(comment deleted)
> When individuals speak of doing “big fist pumps” after their Arch installs successfully boot

After http://linuxfromscratch.org/ and https://gentoo.org/, Arch seems a relatively smooth project.

> This was my journey to my first install. It was an encrypted one.

OK, this might be on the gnarly side.

Arch is that fellow in the neighborhood who doesn't say much, seems generally squared away, and is great to know when the fertilizer hits the air circulator.

Thanks, Arch!

I installed Arch on a new PC last week.

- For some reason archiso wouldn't run without acpi=off.

- For some reason it takes 90 seconds until GDM will show.

- For some reason my headphone port works, but line out doesn't.

So I've got some debugging to do in my free days after Christmas.

If anyone is tempted to try encrypting their boot partition like I was last week, allow me to save you some trouble.

Yes, GRUB can technically decrypt a LUKS1 partition, but since the kernel isn't running yet, it has to use a standalone (slow) implementation. Takes my laptop 30 seconds to decrypt the boot partition using GRUB, and 2 seconds to decrypt the root partition once the kernel has started (same number of iterations).

I'm planning on replacing this mess with a systemd-boot EFI image and secure boot using my own PK.

Isn't 30 seconds still not much? I wouldn't start worrying enough about boot times to take steps to improve them until they ran 5+ minutes.
It is a lot, especially since it also takes the 30sec until you know if you had a typo in your password or not.
(comment deleted)
For reference, secure boot is pretty easy if you have a kernel with a combined initramfs, command line, and efi stub loader. You just sign the kernel with your EFI key, and you’re good to go.

You don’t even need to build your own kernel to do this. You can use your distro’s kernel and patch it with objcopy.

>While you could deniably encrypt any system the mid-2014 Mac is special because it had a battery recall. The recall repair work gave owners the perfect excuse to shred their devices using crypto-randomness prior to service.

Do people really expect this stuff to hold up in court? Especially when you've written an entire public blog post on how to deniably encrypt one

(comment deleted)