Install LVM LUKS on UEFI GPT

From Void Linux Wiki
Jump to: navigation, search

This guide describes how to install Void Linux on a UEFI system with root over encrypted LVM.

Introduction

Warning: If you do not boot from UEFI mode, the bootloader installation will fail!

To follow this guide, first you need to boot from a Linux live CD/USB of your choice in UEFI mode.

For UEFI boot, the disk needs to be GPT partitioned and an EFI System Partition (ESP) must be present. The size of the ESP must be at least 260M or more, type EF00, and formatted with FAT32.

This partition will serve as your /boot filesystem as well as the partition that the UEFI firmware can read to load the bootloader.

From now on, /dev/sda1 will be the ESP (/boot) and /dev/sda2 will be the encrypted partition with LVM.

Installation

Preparing the disk

The first step is to use gdisk (or cgdisk) to create the GPT partitions:

# gdisk /dev/sda
Note: You can also use fdisk or cfdisk (needs util-linux 2.25 or newer)

Encrypting the partition

We will encrypt the entire /dev/sda2 partition and then unlock the container to start setting up LVM:

# cryptsetup luksFormat /dev/sda2
# cryptsetup luksOpen /dev/sda2 crypt

The decrypted container will be now available at /dev/mapper/crypt.

Warning: The default keyboard layout is us. If you enter the passphrase using a different keymap, you likely won't be able to unlock your crypted volume.

Creating logical volumes

First, we will create a physical volume on top of the opened LUKS container and a volume group, named void. Then, we will setup the logical volumes on the volume group. The partition scheme is defined as follows:

swap 2G (optional)
/ 20G
/home the remaining free space
Note: The above partitioning scheme is an example. Please, change it to suit your needs.
# pvcreate /dev/mapper/crypt
# vgcreate void /dev/mapper/crypt
# lvcreate -C y -L 2G -n swap void (optional)
# lvcreate -L 20G -n root void
# lvcreate -l 100%FREE -n home void

Creating filesystems and mounting the partitions

The ESP must be formatted in FAT32. The root and home partitions are formatted using the ext4 filesystem.

The root partition is mounted on /mnt, while the ESP is on /mnt/boot.

# mkfs.fat -F32 /dev/sda1
# mkfs.ext4 /dev/mapper/void-root
# mkfs.ext4 /dev/mapper/void-home
# mount /dev/mapper/void-root /mnt
# mkdir /mnt/boot
# mount /dev/sda1 /mnt/boot

If you have created a swap partition, then you have to format and activate it:

# mkswap /dev/mapper/void-swap
# swapon /dev/mapper/void-swap

Install the base system

If doing this from a Void live CD or any Void system

# xbps-install -S --repository=http://repo.voidlinux.eu/current -r /mnt base-system lvm2 cryptsetup grub-x86_64-efi

From any other Linux

# wget http://repo.voidlinux.eu/static/xbps-static-latest.x86_64-musl.tar.xz
# tar xf xbps-static-latest.x86_64-musl.tar.xz -C /mnt
# /mnt/usr/bin/xbps-install -S --repository=http://repo.voidlinux.eu/current -r /mnt base-system lvm2 cryptsetup grub-x86_64-efi

Chroot into Void

Now that the base system is installed, it's time to enter our new Void Linux environment by chrooting into it:

# mkdir /mnt/{dev,proc,sys}
# mount -t proc /proc /mnt/proc
# mount --rbind /dev /mnt/dev
# mount --rbind /sys /mnt/sys
# chroot /mnt /bin/bash

Configure the base system

In this step, we will set the root password, edit the mandatory configuration files and install the bootloader (GRUB).

# passwd root
# chown root:root /
# chmod 755 /
# vi /etc/rc.conf
# blkid | grep void-root | cut -f2 -d\" >> /etc/fstab
# vi /etc/fstab
# echo myhostname > /etc/hostname
# grub-mkconfig -o /boot/grub/grub.cfg
# grub-install --target=x86_64-efi --efi-directory=/boot --bootloader-id="Void Linux [GRUB]" --recheck
Warning: Add hostonly=yes in /etc/dracut.conf.d/hostonly.conf. Also, in /etc/default/grub you must add rd.auto=1 to the line GRUB_CMDLINE_LINUX_DEFAULT="...".

Configure glibc locale

Uncomment your preferred locales in /etc/default/libc-locales.

# xbps-reconfigure -f glibc-locales

Then, configure dracut and finally force update of dracut with:

# xbps-reconfigure -f linux4.xx

Exit chroot, unmount the partitions and reboot

# exit
# umount -R /mnt
# reboot

If this fails to boot, see this note about UEFI.

Note that we used /boot and not /boot/efi, so you need to drop the ../efi/.. and then run:

# mkdir /boot/EFI/BOOT
# cp -p /boot/EFI/GRUB/grubx64.efi /boot/EFI/BOOT/bootx64.efi

Enjoy, and welcome to the Void!