Skip to main content

PARROT GRUB LUKS ENCRYPTED BOOT

 

If you have encrypted /boot, make sure it's LUKS1, GRUB doesn't support LUKS2, if you want to use LUKS2 make sure it is the pbkdf2 and not argon, as it is not supported as of yet and is the default one used by LUKS2, so take care of it.

cryptsetup luksDump /dev/sda**

BOOT INTO THE LIVE ENVIRONMENT

Make folders for mount
mkdir /mnt/boot
mkdir /mnt/boot/efi

#Decrypt luks drives / and /boot
Cryptsetup luksOpen /dev/sda** mount-name-x //both root and boot
mount -o subvol=@ /dev/mapper/mount-name-root /mnt
mount /dev/mapper/mount-name-boot /mnt/boot
mount /dev/sda1 /mnt/boot/efi

#Bind /dev /proc /sys /run 
mount --bind /dev /mnt/dev
mount --bind /proc /mnt/proc
mount --bind /sys /mnt/sys
mount --bind /run /mnt/run

update-grub //Update the grub config (grub.cfg) based on current working
update-initramfs -u //Update the initramfs
grub-install /dev/sda //Update the efi one, only use when /boot part is changed aka change in /dev/sda-boot, like when you encrypt the /boot in my case

Manual - Template menuentry    

menuentry 'Parrot OS 6 GNU/Linux' --class parrot --class gnu-linux --class gnu --class os $menuentry_id_option 'gnulinux-simple-ea8f0226-32d2-4ba5-a5be-4e1b38cbde43' {
    load_video
    insmod gzio
    if [ x$grub_platform = xxen ]; then insmod xzio; insmod lzopio; fi
    insmod part_gpt
    insmod cryptodisk
    insmod luks
    insmod gcry_rijndael
    insmod gcry_rijndael
    insmod gcry_sha256
    insmod btrfs
    cryptomount -u d749f100-1b20-4e17-bcbb-4ce98c4b5c3d
    set root='cryptouuid/d749f1001b204e17bcbb4ce98c4b5c3d'
    if [ x$feature_platform_search_hint = xy ]; then
      search --no-floppy --fs-uuid --set=root --hint='cryptouuid/d749f1001b204e17bcbb4ce98c4b5c3d'  6ef2fbef-e84f-4ab0-8af8-b1caaa5fa6ab
    else
      search --no-floppy --fs-uuid --set=root 6ef2fbef-e84f-4ab0-8af8-b1caaa5fa6ab
    fi
    echo	'Loading Linux 6.11+parrot-amd64 ...'
    linux	/vmlinuz-6.11+parrot-amd64 root=UUID=ea8f0226-32d2-4ba5-a5be-4e1b38cbde43 ro rootflags=subvol=@ quiet splash noautomount quiet cryptdevice=UUID=f5b6d4a7-b23e-4f0d-8655-8bf03840c625:luks-f5b6d4a7-b23e-4f0d-8655-8bf03840c625 root=/dev/mapper/luks-f5b6d4a7-b23e-4f0d-8655-8bf03840c625 cryptdevice=UUID=d749f100-1b20-4e17-bcbb-4ce98c4b5c3d:luks-d749f100-1b20-4e17-bcbb-4ce98c4b5c3d splash resume=/dev/mapper/luks-aef3e537-9419-4872-905e-a56d42cd6aa3
    echo	'Loading initial ramdisk ...'
    initrd	/initrd.img-6.11+parrot-amd64
}
**d749f100-1b20-4e17-bcbb-4ce98c4b5c3d - /boot UUID**
**6ef2fbef-e84f-4ab0-8af8-b1caaa5fa6ab - /boot UUID after LUKS**

**f5b6d4a7-b23e-4f0d-8655-8bf03840c625 - / UUID**
**ea8f0226-32d2-4ba5-a5be-4e1b38cbde43 - / UUID after LUKS**
Labels:

Comments

Post a Comment

Popular posts from this blog

RSA Key Generate Flutter

Generate RSA Key Pairs in Flutter With PointyCastle. Generate Same Key Pairs based on n inputs, Such as User Name and Password. Generation Link Documentation Awesome Crypto Utility Dart File Utility Requirement Dart File   Here is a Code thanks to above three, RSA Key Pairs based on User Email and Password. import 'dart:typed_data' ; import 'package:pointycastle/api.dart' as crypto ; import 'dart:convert' ; import '../../../storage.dart' ; //Shared Prefs file to Store Keys import '../Helper/CryptoUtils.dart' ; //Awesome Utility Dart File import "package:pointycastle/export.dart" ; class RSAGeneration { String _email ; String _password ; String myPublicKey = '' ; String myPrivateKey = '' ; RSAGeneration({ required String email , required String password}) : _email = email , _password = password ; Uint8List deriveKeyFromInput (String input) { Digest digest = SHA256Digest () ; Uint8List data = Uint8List ...
Post a Comment
Read more

open-appsec

Compile open-appsec for ARM64 {RPi5} //Install Dependencies wget https: //downloads.openappsec.io/open-appsec-install sudo apt install -y build-essential cmake git libssl- dev libcurl4-openssl- dev \ libboost- all - dev libjsoncpp- dev pkg-config sudo apt install libgtest- dev sudo apt install doxygen sudo apt- get install libgmock- dev sudo apt- get install libmaxminddb- dev sudo apt- get install libpcre2- dev sudo apt- get install libhiredis- dev sudo apt- get install libxml2- dev sudo apt- get update && sudo apt- get install -y \ libboost- dev \ libssl- dev \ libpcre2- dev \ libxml2- dev \ libgtest- dev \ libcurl4-openssl- dev \ libhiredis- dev \ redis-server \ libmaxminddb- dev //Compile & Make git clone https: //github.com/openappsec/openappsec.git cd openappsec/ cmake -DCMAKE_INSTALL_PREFIX=build_out . sudo make install sudo make package wget https://github.com/mikefarah/yq/releases/download/v4.44.6/yq_...
Post a Comment
Read more