sandrokeil / Yubikey Full Disk Encryption Secure Boot Uefi
Programming Languages
Labels
Projects that are alternatives of or similar to Yubikey Full Disk Encryption Secure Boot Uefi
YubiKey Full Disk Encryption
This repository contains a step-by-step tutorial to create a full disk encryption setup with two factor authentication (2FA) via YubiKey. It contains:
- YubiKey encrypted
root (/)
andhome (/home)
folder on separated partitions - Encrypted
/boot
partition - UEFI Secure boot (self signed boot loader)
- YubiKey authentication for user login
Currently guides for:
- Arch Linux with helper scripts
Additional security chapter:
- Disable INTEL AMT
- Disable AMD PSP
Why
It took me several days to figure out how to set up a fully encrypted machine with 2FA. This guide should help others to get it done in minutes (hopefully). There exists a plenty bunch of tutorials but no one contains a step-by-step guide to get the above things done.
I guess the entire manual will take between 1 - 3 hours.
Prerequisites
You should be familiar with linux and should be able to edit files with vi
Vi Cheat Sheet.
You need an USB stick for the Linux Live environment and a second computer would be useful for look ups and to read this guide while
preparing your fully encrypted Linux.
And of course you will need at least two YubiKeys.
WARNING: You gonna get a bricked machine if you only have a single Yubikey and it breaks.
Support this guide
- Star this project on GitHub
- Spread this guide, so everyone can use it
- Help to improve this guide, create an issue
Documentation
For the latest online documentation visit http://sandrokeil.github.io/yubikey-full-disk-encryption-secure-boot-uefi/. Refer the Quick Start section for a detailed explanation.
Documentation is in the book tree, and can be compiled using bookdown or Docker
$ docker run -it --rm -v $(pwd):/app sandrokeil/bookdown bookdown.json
$ docker run -it --rm -p 8080:8080 -v $(pwd):/app php:7.1-cli php -S 0.0.0.0:8080 -t /app/html
or run bookdown
$ ./vendor/bin/bookdown bookdown.json
$ php -S 0.0.0.0:8080 -t html/
Then browse to http://localhost:8080/