README

The secure file system is always mounted on the directory "/secure".

After installation the secure file system "/usr/lib/secureboot/securefilesystem"
is very small and provides only 1801 blocks of encrypted storage. This is
fine for protecting a few secrets but it does not suffice to store entire
user's home directories. Before you (think about to) transfer user's home
directories to the directory "/secure", you must create a new bigger file system
and you need to pick your own secret passphrase to encrypt the new file system.

The passphrase for the small default file system is "secureboot", you need to use
this passphrase as long as you have not created and replaced your own (bigger) 
file system.

To do this, use the script "secureboot-encrypt" and specify your desired file system
size in KBytes.

   /usr/lib/secureboot/secureboot-encrypt --grow 4000000

This command creates a new 4 GByte file  /usr/lib/secureboot/secure.NEW that can be used
as a replacement for the file /usr/lib/secureboot/securefilesystem.
Please make sure that you remember the passphrase used to create the new
encrypted file system.

You can replace the active file system with the new one using this command:

   /usr/lib/secureboot/secureboot-replace

or
   /usr/lib/secureboot/secureboot-replace --rollback

to undo your replacement changes.   

Backups can be created with the following command. They are stored in a separate 
directory if you have sufficient disc space in your root file system.

   /usr/lib/secureboot/secureboot-backup




MORE INFORMATION:

https://senderek.ie/opensource/secureboot2

Senderek Web Security, Ireland.
