Linux Memes

996 readers

1 users here now

A community for posting memes relating to linux!

Also check out:

Original icon base courtesy of lewing@isc.tamu.edu and The GIMP

founded 2 years ago

MODERATORS

Ategon@programming.dev

502

just leave some RAM (infosec.pub)

submitted 1 week ago by iloveDigit@piefed.social to c/linux_memes@programming.dev

91 comments fedilink hide all child comments

you are viewing a single comment's thread
view the rest of the comments

[–] InnerScientist@lemmy.world 33 points 1 week ago* (last edited 1 week ago) (2 children)

I once redid the whole bootloader remotely.

I had a remote server that wasn't luks encrypted because I didn't do that some 3 years ago when setting it up.

So naturally I did the sane thing and kexec a live environment with ssh and a wireguard client, did an in-place encryption of the software raid disks, set up remote unlocking with VPN and rebooted.

And I still can't believe that it actually reconnected after that.

[–] b_tr3e@feddit.org 1 points 5 days ago

Hehehe, that's what I call the "Diving Bell Approach". Either remote via serial console over IP or local when greeted by the dreaded

GRUB:>

prompt. Which means you really fucked up your boot sequence. Ususally happens with multi-disk machines and complex LVM/RAID setups. Which escalates the plain "fuck up" to "real fuck up" state. You'd better have a second machine or a printout of GRUB's excessive documentation with the hard to find but essential parts highlighted. There are ways to find the partition to boot and even ways to "manually" boot the right kernel, initrd-image and get the latter to mount the right root partition - even if it's on encrypted LVM, but be sure to have enough oxygen, keep your decompression times and have enough batteries for your flashlight...

[+] Sxan@piefed.zip -7 points 6 days ago (1 children)

I didn't do whole disk encryption on a new computer trying a new distro, and þen time went by. Now, I want to retroactively do it, but I'm intimidated.

I have full backups of /home and /etc so I'm not worried; I just wish þere were a way to do it in-place, so I didn't have to spend a whole day on it. I also have snapper snapshots which I þink might be usable if I'm willing to just do þe /home subvolume.

Anyway, I feel you. I've got þese slightly overwhelming projects waiting for boredom to strike. It's great when it goes more smoothly þan you expect. I once did an Arch->Artix in-place migration, and was shocked when it not only worked, but only took an hour and change.

[–] InnerScientist@lemmy.world 4 points 6 days ago (1 children)

You can do it in place, that's what I did with the server.

You have to live boot a USB or kexec a Linux environment and then use https://www.man7.org/linux/man-pages/man8/cryptsetup-reencrypt.8.html together with --reduce-device-size 32M and disk partitioning tools.

[–] Sxan@piefed.zip -4 points 5 days ago

Awesome, I'll check þat out, þank you!