utzig

Arch Install Guide 2025 - PART 1

Secure Boot and Encrypted Device

Precursor

This guide will install Arch Linux on a Secure Boot enabled drive using block level at-rest LUKS encryption with passwordless unlocking using TPM. TPM will issue an passkey if and only if Secure Boot is enabled and the system firmware has not been altered. We will also be creating a unified kernel image so that we can boot Linux directly in the EFI partition without requiring a boot loader.

We will also be creating a backup key to enable booting of the drive in case of BIOS upgrade or other event that may make TPM not serve the key. The code should obviously be stored securely elsewhere off system.

utzig

Extra packages:

dkms bc linux-headers lvm2 efibootmgr

Create encrypted partitions:

# cryptsetup luksFormat /dev/nvme0n1p3

utzig

Modern Arch linux installation guide

Table of contents

• Introduction
• Preliminary Steps
• Main installation
  • Disk partitioning
  • Disk formatting
• Disk mounting

utzig

diff --git a/package-lock.json b/package-lock.json
index e7a83a6..17f0c07 100644
--- a/package-lock.json
+++ b/package-lock.json
@@ -7478,7 +7478,7 @@
     },
     "node_modules/basic-auth": {
       "version": "2.0.1",
-      "resolved": "https://artifactory.banno-tools.com/artifactory/api/npm/npm/basic-auth/-/basic-auth-2.0.1.tgz",
+      "resolved": "https://registry.npmjs.org/basic-auth/-/basic-auth-2.0.1.tgz",

utzig

--- sdk-mcuboot-1.9.99-ncs1/boot/bootutil/src/swap_move.c.orig	2022-05-24 08:15:45.000000000 -0300
+++ sdk-mcuboot-1.9.99-ncs1/boot/bootutil/src/swap_move.c	2023-02-07 21:50:22.259499220 -0300
@@ -47,7 +47,26 @@
 #define BOOT_STATUS_ASSERT(x) ASSERT(x)
 #endif

-static uint32_t g_last_idx = UINT32_MAX;
+uint32_t
+find_last_idx(struct boot_loader_state *state, uint32_t swap_size)
+{

utzig

#include <hal.h>

#include <flash_map_backend/flash_map_backend.h>

#include <bootconf.h>

/* License this file however you want, feel free to do anything */

/*
 * This depends on a file bootconf.h which contains the following information:

utzig

• How to Build a Successful Information Security Career (Daniel Miessler)
  • https://danielmiessler.com/blog/build-successful-infosec-career/#gs.DtVCbbw
• The First Steps to a Career in Information Security (Errata Security - Marisa Fagan)
  • http://blog.erratasec.com/2010/04/first-steps-to-career-in-information.html#.WFrbofkrIuU
• Hiring your first Security Professional (Peerlyst - Dawid Balut)
  • https://www.peerlyst.com/posts/hiring-your-first-security-professional-dawid-balut
• How to Start a Career in Cyber security
  • https://www.concise-courses.com/security/how-to-start-your-career/
• How to Get Into Information Security (ISC^2)
• https://www.isc2.org/how-to-get-into-information-security.aspx

utzig

People

:bowtie:	😄 :smile:	😆 :laughing:
😊 :blush:	😃 :smiley:	☺️ :relaxed:
😏 :smirk:	😍 :heart_eyes:	😘 :kissing_heart:
😚 :kissing_closed_eyes:	😳 :flushed:	😌 :relieved:
😆 :satisfied:	😁 :grin:	😉 :wink:
😜 :stuck_out_tongue_winking_eye:	😝 :stuck_out_tongue_closed_eyes:	😀 :grinning:
😗 :kissing:	😙 :kissing_smiling_eyes:	😛 :stuck_out_tongue:

utzig

(Free) Virtual Networks (VPNs)

• ChaosVPN: http://wiki.hamburg.ccc.de/ChaosVPN
• Gh0st Networks: http://www.gh0st.net/
• Hacking Lab: https://www.hacking-lab.com/
• p0wnlabs: http://p0wnlabs.com/
• pwn0: https://pwn0.com/
• PentestIT: https://lab.pentestit.ru/

utzig

Disk Area 0
	magic: good
	length: 4096
	version: 1
	gc_seq: 4
	id: 255 (scratch)
	Free space: 4048
Disk Area 1
	magic: good
	length: 4096