Currently the main drive, which is encrypted and where Arch Linux is installed into, has no partitions. As of this there currently seems no way to use something like a UUID to identify the disk while opening it at boot time. This could lead to a boot failure.
|
# Use the whole drive for encryption so nothing is visible at all (even no partitions) |
|
ENCRYPTION_PARTITION="$INSTALL_DEVICE" |
|
#ENCRYPTION_PARTITION="$(ls ${INSTALL_DEVICE}* | grep -E "^${INSTALL_DEVICE}p?1$")" |
|
cryptsetup \ |
|
--batch-mode \ |
|
--verbose \ |
|
--cipher $ENCRYPTION_TYPE \ |
|
--key-size $ENCRYPTION_KEYSIZE \ |
|
--header $LUKS_ROOT_HEADER_FILE \ |
|
--type luks2 \ |
|
luksFormat $ENCRYPTION_PARTITION $LUKS_ROOT_KEY_FILE | \ |
|
show_progress_box "$DIALOG_STEP_TITLE - $DIALOG_SUBSTEP_TITLE" $PROGRESS_PERCENTAGE "Encrypting the root parition ..." |
|
root_device_id=$ENCRYPTION_PARTITION |
|
cryptsetup --header /mnt/$header_file_name --key-file=/mnt/$key_file_name --keyfile-size=$ENCRYPTION_KEYSIZE open $root_device_id $LUKS_DEVICE_NAME |
