Tutorial to create full disk encryption with YubiKey, encrypted boot partition and secure boot with UEFI
This repository
contains a step-by-step tutorial to create a full disk encryption setup with two factor authentication (2FA)
via YubiKey. It contains:
root (/) and home (/home) folder on separated partitions/boot partitionCurrently guides for:
Additional security chapter:
It took me several days to figure out how to set up a fully encrypted machine with 2FA. This guide should help
others to get it done in minutes (hopefully). There exists a plenty bunch of tutorials but no one contains a step-by-step
guide to get the above things done.
I guess the entire manual will take between 1 - 3 hours.
You should be familiar with linux and should be able to edit files with vi Vi Cheat Sheet.
You need an USB stick for the Linux Live environment and a second computer would be useful for look ups and to read this guide while
preparing your fully encrypted Linux.
And of course you will need at least two YubiKeys.
WARNING: You gonna get a bricked machine if you only have a single Yubikey and it breaks.
For the latest online documentation visit http://sandrokeil.github.io/yubikey-full-disk-encryption-secure-boot-uefi/.
Refer the Quick Start section for a detailed explanation.
Documentation is in the book tree, and can be compiled using bookdown or Docker
$ docker run -it --rm -v $(pwd):/app sandrokeil/bookdown bookdown.json$ docker run -it --rm -p 8080:8080 -v $(pwd):/app php:7.1-cli php -S 0.0.0.0:8080 -t /app/html
or run bookdown
$ ./vendor/bin/bookdown bookdown.json$ php -S 0.0.0.0:8080 -t html/
Then browse to http://localhost:8080/