1
0
mirror of https://github.com/tommytran732/Arch-Setup-Script synced 2024-11-09 04:01:33 -05:00

Add some grub settings from whonix

This commit is contained in:
TommyTran732 2021-07-25 07:03:01 +00:00 committed by tommytran732
parent d421ed5a56
commit 3adb403754
No known key found for this signature in database
GPG Key ID: 060B29EB996BD9F2

View File

@ -3,6 +3,12 @@
# Cleaning the TTY.
clear
# Updating the live environment
pacman -Syu
# Installing curl
pacman -S --noconfirm curl
# Selecting the kernel flavor to install.
kernel_selector () {
echo "List of kernels:"
@ -203,6 +209,15 @@ sed -i 's# part_msdos##g' /mnt/etc/default/grub
sed -i 's#rootflags=subvol=${rootsubvol}##g' /mnt/etc/grub.d/10_linux
sed -i 's#rootflags=subvol=${rootsubvol}##g' /mnt/etc/grub.d/20_linux_xen
# Enabling CPU Mitigations
curl https://raw.githubusercontent.com/Whonix/security-misc/master/etc/default/grub.d/40_cpu_mitigations.cfg >> /mnt/etc/grub.d/40_cpu_mitigations
# Distrusting the CPU
curl https://raw.githubusercontent.com/Whonix/security-misc/master/etc/default/grub.d/40_distrust_cpu.cfg >> /mnt/etc/grub.d/40_distrust_cpu
# Enabling IOMMU
curl https://raw.githubusercontent.com/Whonix/security-misc/master/etc/default/grub.d/40_enable_iommu.cfg >> 40_enable_iommu
# Adding keyfile to the initramfs to avoid double password.
dd bs=512 count=4 if=/dev/random of=/mnt/cryptkey/.root.key iflag=fullblock &>/dev/null
chmod 000 /mnt/cryptkey/.root.key &>/dev/null