mirror of
https://github.com/tommytran732/Arch-Setup-Script
synced 2025-02-20 18:01:33 -05:00
Update README.md
Indicate this is a fork of the upstream project, from the "2.0" setup (since TommyTran merged the the server/desktop scripts, figured this was worth restarting). Signed-off-by: funk-on-code <113871227+funk-on-code@users.noreply.github.com>
This commit is contained in:
parent
2f61f900ae
commit
5919be194f
20
README.md
20
README.md
@ -2,18 +2,28 @@
|
||||
|
||||
[](https://github.com/TommyTran732/Arch-Setup-Script/actions/workflows/shellcheck.yml)
|
||||
|
||||
This is my installer for Arch Linux. It sets up a BTRFS system with encrypted `/boot` and full snapper support (both snapshotting and rollback work!). It also includes various system hardening configurations.
|
||||
Welcome to my fork of [Arch-Setup-Script](https://github.com/tommytran732/Arch-Setup-Script), a high-quality installer for Arch Linux. It sets up a BTRFS system with encrypted `/boot` and full snapper support (both snapshotting and rollback work!). It also includes various system hardening configurations.
|
||||
|
||||
The script is based on [easy-arch](https://github.com/classy-giraffe/easy-arch). However, it diverges substantially from the original project does not follow its development.
|
||||
The original script was based on [easy-arch](https://github.com/classy-giraffe/easy-arch). However, it diverges substantially from the original project does not follow its development.
|
||||
|
||||
Visit my Matrix group: https://invite.arcticfoxes.net/#/#tommy:arcticfoxes.net
|
||||
### On a personal note:
|
||||
I will admit, I prefer doing things [The Arch Way](https://wiki.archlinux.org/index.php/Arch_Linux#Principles), but when your average bootstrapping of Arch Linux involves hundreds of systems a month, ease-of-use **does** become a major factor -- and having tried numerous scripts out there, fixing the least broken one, seemed like the best use of limited time.
|
||||
|
||||
After all, if you:
|
||||
|
||||
- Do something once, do it from the command line.
|
||||
- Do something **more** than once, script it.
|
||||
|
||||
I will submit some of the changes here back to upstream as well.
|
||||
|
||||
If you have any questions about this script as a whole (this is literally just my working fork), please visit the _upstream_ Matrix group: https://invite.arcticfoxes.net/#/#tommy:arcticfoxes.net
|
||||
|
||||
### How to use it?
|
||||
1. Download an Arch Linux ISO from [here](https://archlinux.org/download/)
|
||||
2. Flash the ISO onto an [USB Flash Drive](https://wiki.archlinux.org/index.php/USB_flash_installation_medium).
|
||||
3. Boot the live environment.
|
||||
4. Connect to the internet.
|
||||
5. `git clone https://github.com/tommytran732/Arch-Setup-Script/`
|
||||
5. `git clone https://github.com/funk-on-code/Arch-Setup-Script/`
|
||||
6. `cd Arch-Setup-Script`
|
||||
7. `chmod u+x ./install.sh`
|
||||
8. `./install.sh`
|
||||
@ -32,4 +42,4 @@ Since this is an encrypted `/boot` setup, GRUB will prompt you for your encrypti
|
||||
|
||||
The implication of this is that an attacker can change your secure boot state with a programmer, replace your grubx64.efi and it will not be detected until its too late.
|
||||
|
||||
This type of attack can theoratically be solved by splitting /boot out to a seperate partition and encrypt the root filesystem separately. The key protector for the root filesystem can then be sealed to a TPM with PCR 0+1+2+3+5+7+14. It is a bit more complicated to set up so my installer does not support this (yet!).
|
||||
This type of attack can theoratically be solved by splitting /boot out to a seperate partition and encrypt the root filesystem separately. The key protector for the root filesystem can then be sealed to a TPM with PCR 0+1+2+3+5+7+14. It is a bit more complicated to set up so my installer does not support this (yet!).
|
||||
|
Loading…
Reference in New Issue
Block a user