Product SiteDocumentation Site

Chapter 4. Configuration

4.1. Use label for boot partition to simplify the startup key generation
4.2. Add a 'keyfile' on USB key to activate the automatic decryption
4.3. Booting from the main disk instead of startup key
4.4. Create a startup key from a working system
4.5. Backup of the startup key and store it is a safe location
4.6. Restore the startup key into another key
4.7. Store data in a remote location to secure their availability
4.8. Ensure the confidentiality of data stored into the cloud
4.9. Passphrase management
4.10. Add live OS into the usb key
4.11. Online security
4.12. Remove the key after startup
4.13. Two factor authentication
In this section we will see how to customize the system to improve its usability and to protect our data from lose.

Warning

Unless specified, the command bellow have to be executed as root.

4.1. Use label for boot partition to simplify the startup key generation

Using label for USB key will allow us to duplicate this key and ensure that the system will recognize the copy as the booting device
Define the label for /dev/sdb2 as BOOT (/dev/sdb2 is the /boot partition)
e2label /dev/sdb2 BOOT
Update /etc/fstab to use label instead UUID
  • replace UUID=(...) by LABEL=BOOT
Edit /etc/default/grub and uncomment the following line to not use UUID in grub.
  • GRUB_DISABLE_LINUX_UUID=true
Append the bold lines in the file /usr/lib/grub/grub-mkconfig_lib to configure grub to use label if available in a volume:
if label="`${grub_probe} --device ${device} --target=fs_label 2> /dev/null`" ; then
  echo "search --no-floppy --label ${label} --set root"
elif fs_uuid="`${grub_probe} --device ${device} --target=fs_uuid 2> /dev/null`" ; then
  echo "search --no-floppy --fs-uuid --set ${fs_uuid}"
fi
Upgrade grub configuration files with the following command
update-grub