Warning: THE VOID WIKI IS DEPRECATED. It is no longer being maintained, contains outdated and incorrect information, and will eventually be shut down. Please refer to the Void Handbook, https://docs.voidlinux.org/, for the official documentation. If you can't find the information you're seeking, please raise an issue at https://github.com/void-linux/void-docs/issues
Difference between revisions of "Install LVM LUKS on UEFI GPT"
Jump to navigation
Jump to search
m (made the warning about UEFI more severe) |
(Wikified. Hopefully clarified some points too.) |
||
| Line 1: | Line 1: | ||
| − | + | This guide describes how to install [[Void Linux]] on a UEFI system with root over encrypted LVM. | |
| − | + | ==Introduction== | |
{{Warning|If you do not boot from UEFI mode, the bootloader installation will fail!}} | {{Warning|If you do not boot from UEFI mode, the bootloader installation will fail!}} | ||
| − | |||
| − | + | To follow this guide, first you need to boot from a Linux live CD/USB of your choice in UEFI mode. | |
| − | |||
| − | + | For UEFI boot, the disk needs to be {{ic|GPT}} partitioned and an {{ic|EFI System Partition}} (ESP) must be present. The size of the ESP must be at least {{ic|260M}} or more, type {{ic|EF00}}, and formatted with {{ic|FAT32}}. | |
| − | + | This partition will serve as your {{ic|/boot}} filesystem as well as the partition that the UEFI firmware can read to load the bootloader. | |
| − | + | From now on, {{ic|/dev/sda1}} will be the ESP ({{ic|/boot}}) and {{ic|/dev/sda2}} will be the encrypted partition with LVM. | |
| − | + | ==Installation== | |
| − | + | ===Preparing the installer=== | |
| − | + | Make sure the local install media is up to date before starting: | |
| − | |||
| − | + | # xbps-install -Su | |
| − | + | ===Preparing the disk=== | |
| − | + | The first step is to use {{ic|gdisk}} (or {{ic|cgdisk}}) to create the GPT partitions: | |
| − | |||
| − | + | # gdisk /dev/sda | |
| − | |||
| − | |||
| − | + | {{Note|You can also use {{ic|fdisk}} or {{ic|cfdisk}} (needs {{pkg|util-linux}} 2.25 or newer)}} | |
| − | + | ===Encrypting the partition=== | |
| − | + | We will encrypt the entire {{ic|/dev/sda2}} partition and then unlock the container to start setting up LVM: | |
| − | |||
| − | |||
| − | + | # cryptsetup luksFormat /dev/sda2 | |
| + | # cryptsetup luksOpen /dev/sda2 crypt | ||
| − | + | The decrypted container will be now available at {{ic|/dev/mapper/crypt}}. | |
| − | |||
| − | |||
| − | + | {{Warning|The default keyboard layout is {{ic|us}}. If you enter the passphrase using a different keymap, you likely won't be able to unlock your crypted volume.}} | |
| − | + | ===Creating logical volumes=== | |
| − | + | First, we will create a physical volume on top of the opened LUKS container and a volume group, named {{ic|void}}. Then, we will setup the logical volumes on the volume group. The partition scheme is defined as follows: | |
| − | |||
| − | |||
| − | |||
| − | |||
| − | |||
| − | |||
| − | |||
| − | < | + | <center> |
| − | + | {| class="wikitable" | |
| − | </ | + | |- |
| + | | swap | ||
| + | | 2G (optional) | ||
| + | |- | ||
| + | | / | ||
| + | | 20G | ||
| + | |- | ||
| + | | /home | ||
| + | | the remaining free space | ||
| + | |} | ||
| + | </center> | ||
| − | + | {{Note|The above partitioning scheme is an example. Please, change it to suit your needs.}} | |
| − | |||
| − | |||
| − | |||
| − | |||
| − | |||
| − | + | # pvcreate /dev/mapper/crypt | |
| + | # vgcreate void /dev/mapper/crypt | ||
| + | # lvcreate -C y -L 2G -n swap void (optional) | ||
| + | # lvcreate -L 20G -n root void | ||
| + | # lvcreate -l 100%FREE -n home void | ||
| − | + | ===Creating filesystems and mounting the partitions=== | |
| − | + | The ESP '''must''' be formatted in {{ic|FAT32}}. The root and home partitions are formatted using the {{ic|ext4}} filesystem. | |
| − | + | The root partition is mounted on {{ic|/mnt}}, while the ESP is on {{ic|/mnt/boot}}. | |
| − | |||
| − | |||
| − | |||
| − | |||
| − | |||
| − | |||
| − | + | # mkfs.fat -F32 /dev/sda1 | |
| + | # mkfs.ext4 /dev/mapper/void-root | ||
| + | # mkfs.ext4 /dev/mapper/void-home | ||
| + | # mount /dev/mapper/void-root /mnt | ||
| + | # mkdir /mnt/boot | ||
| + | # mount /dev/sda1 /mnt/boot | ||
| − | + | If you have created a swap partition, then you have to format and activate it: | |
| − | |||
| − | |||
| − | + | # mkswap /dev/mapper/void-swap | |
| + | # swapon /dev/mapper/void-swap | ||
| − | + | ===Install the base system=== | |
| − | + | ====If doing this from a Void live CD or any Void system==== | |
| − | |||
| − | < | + | # xbps-install -S --repository=<nowiki>http://repo.voidlinux.eu/current</nowiki> -r /mnt base-system lvm2 cryptsetup grub-x86_64-efi |
| − | + | ====From any other Linux==== | |
| − | |||
| − | |||
| − | |||
| − | < | + | # wget <nowiki>http://repo.voidlinux.eu/static/xbps-static-latest.x86_64-musl.tar.xz</nowiki> |
| + | # tar xf xbps-static-latest.x86_64-musl.tar.xz -C /mnt | ||
| + | # /mnt/usr/bin/xbps-install -S --repository=<nowiki>http://repo.voidlinux.eu/current</nowiki> -r /mnt base-system lvm2 cryptsetup grub-x86_64-efi | ||
| − | + | ===Chroot into Void=== | |
| − | + | Now that the base system is installed, it's time to enter our new Void Linux environment by chrooting into it: | |
| − | |||
| − | |||
| − | |||
| − | |||
| − | |||
| − | + | # mkdir /mnt/{dev,proc,sys} | |
| + | # mount -t proc /proc /mnt/proc | ||
| + | # mount --rbind /dev /mnt/dev | ||
| + | # mount --rbind /sys /mnt/sys | ||
| + | # chroot /mnt /bin/bash | ||
| − | + | ===Configure the base system=== | |
| − | + | In this step, we will set the root password, edit the mandatory configuration files and install the bootloader (GRUB). | |
| − | |||
| − | |||
| − | |||
| − | |||
| − | |||
| − | |||
| − | |||
| − | |||
| − | |||
| − | + | # passwd root | |
| − | + | # chown root:root / | |
| − | + | # chmod 755 / | |
| + | # vi /etc/rc.conf | ||
| + | # blkid | grep void-root | cut -f2 -d\" >> /etc/fstab | ||
| + | # vi /etc/fstab | ||
| + | # echo myhostname > /etc/hostname | ||
| + | # grub-mkconfig -o /boot/grub/grub.cfg | ||
| + | # grub-install --target=x86_64-efi --efi-directory=/boot --bootloader-id="Void Linux [GRUB]" --recheck | ||
| − | + | {{Warning|Add {{ic|1=hostonly=yes}} in {{path|/etc/dracut.conf.d/hostonly.conf}}. Also, in {{path|/etc/default/grub}} you must add {{ic|1=rd.auto=1}} to the line {{ic|1=GRUB_CMDLINE_LINUX_DEFAULT="..."}}.}} | |
| − | + | ==Configure glibc locale== | |
| − | + | Uncomment your preferred locales in {{path|/etc/default/libc-locales}}. | |
| − | |||
| − | + | # xbps-reconfigure -f glibc-locales | |
| − | + | Then, configure dracut and finally force update of dracut with: | |
| − | + | # xbps-reconfigure -f linux4.xx | |
| − | |||
| − | + | ===Exit chroot, unmount the partitions and reboot=== | |
| − | + | # exit | |
| − | # umount -R /mnt | + | # umount -R /mnt |
| − | # reboot | + | # reboot |
| − | |||
| − | + | If this fails to boot, see [[Installation on UEFI, via chroot#If GRUB cannot be found (a note about UEFI)|this note about UEFI]]. | |
| − | + | Note that we used /boot and not /boot/efi, so you need to drop the ../efi/.. and then run: | |
| − | + | # mkdir /boot/EFI/BOOT | |
| − | cp -p /boot/EFI/GRUB/grubx64.efi /boot/EFI/BOOT/bootx64.efi | + | # cp -p /boot/EFI/GRUB/grubx64.efi /boot/EFI/BOOT/bootx64.efi |
| − | |||
| − | |||
| − | |||
| + | Enjoy, and welcome to the Void! | ||
[[Category:Guides]] | [[Category:Guides]] | ||
[[Category:Installation]] | [[Category:Installation]] | ||
Revision as of 10:31, 20 December 2017
This guide describes how to install Void Linux on a UEFI system with root over encrypted LVM.
Contents
Introduction
Warning: If you do not boot from UEFI mode, the bootloader installation will fail!
To follow this guide, first you need to boot from a Linux live CD/USB of your choice in UEFI mode.
For UEFI boot, the disk needs to be GPT partitioned and an EFI System Partition (ESP) must be present. The size of the ESP must be at least 260M or more, type EF00, and formatted with FAT32.
This partition will serve as your /boot filesystem as well as the partition that the UEFI firmware can read to load the bootloader.
From now on, /dev/sda1 will be the ESP (/boot) and /dev/sda2 will be the encrypted partition with LVM.
Installation
Preparing the installer
Make sure the local install media is up to date before starting:
# xbps-install -Su
Preparing the disk
The first step is to use gdisk (or cgdisk) to create the GPT partitions:
# gdisk /dev/sda
Note: You can also use
fdisk or cfdisk (needs util-linux 2.25 or newer)Encrypting the partition
We will encrypt the entire /dev/sda2 partition and then unlock the container to start setting up LVM:
# cryptsetup luksFormat /dev/sda2 # cryptsetup luksOpen /dev/sda2 crypt
The decrypted container will be now available at /dev/mapper/crypt.
Warning: The default keyboard layout is
us. If you enter the passphrase using a different keymap, you likely won't be able to unlock your crypted volume.Creating logical volumes
First, we will create a physical volume on top of the opened LUKS container and a volume group, named void. Then, we will setup the logical volumes on the volume group. The partition scheme is defined as follows:
| swap | 2G (optional) |
| / | 20G |
| /home | the remaining free space |
Note: The above partitioning scheme is an example. Please, change it to suit your needs.
# pvcreate /dev/mapper/crypt # vgcreate void /dev/mapper/crypt # lvcreate -C y -L 2G -n swap void (optional) # lvcreate -L 20G -n root void # lvcreate -l 100%FREE -n home void
Creating filesystems and mounting the partitions
The ESP must be formatted in FAT32. The root and home partitions are formatted using the ext4 filesystem.
The root partition is mounted on /mnt, while the ESP is on /mnt/boot.
# mkfs.fat -F32 /dev/sda1 # mkfs.ext4 /dev/mapper/void-root # mkfs.ext4 /dev/mapper/void-home # mount /dev/mapper/void-root /mnt # mkdir /mnt/boot # mount /dev/sda1 /mnt/boot
If you have created a swap partition, then you have to format and activate it:
# mkswap /dev/mapper/void-swap # swapon /dev/mapper/void-swap
Install the base system
If doing this from a Void live CD or any Void system
# xbps-install -S --repository=http://repo.voidlinux.eu/current -r /mnt base-system lvm2 cryptsetup grub-x86_64-efi
From any other Linux
# wget http://repo.voidlinux.eu/static/xbps-static-latest.x86_64-musl.tar.xz # tar xf xbps-static-latest.x86_64-musl.tar.xz -C /mnt # /mnt/usr/bin/xbps-install -S --repository=http://repo.voidlinux.eu/current -r /mnt base-system lvm2 cryptsetup grub-x86_64-efi
Chroot into Void
Now that the base system is installed, it's time to enter our new Void Linux environment by chrooting into it:
# mkdir /mnt/{dev,proc,sys}
# mount -t proc /proc /mnt/proc
# mount --rbind /dev /mnt/dev
# mount --rbind /sys /mnt/sys
# chroot /mnt /bin/bash
Configure the base system
In this step, we will set the root password, edit the mandatory configuration files and install the bootloader (GRUB).
# passwd root # chown root:root / # chmod 755 / # vi /etc/rc.conf # blkid | grep void-root | cut -f2 -d\" >> /etc/fstab # vi /etc/fstab # echo myhostname > /etc/hostname # grub-mkconfig -o /boot/grub/grub.cfg # grub-install --target=x86_64-efi --efi-directory=/boot --bootloader-id="Void Linux [GRUB]" --recheck
Warning: Add
hostonly=yes in /etc/dracut.conf.d/hostonly.conf. Also, in /etc/default/grub you must add rd.auto=1 to the line GRUB_CMDLINE_LINUX_DEFAULT="...".Configure glibc locale
Uncomment your preferred locales in /etc/default/libc-locales.
# xbps-reconfigure -f glibc-locales
Then, configure dracut and finally force update of dracut with:
# xbps-reconfigure -f linux4.xx
Exit chroot, unmount the partitions and reboot
# exit # umount -R /mnt # reboot
If this fails to boot, see this note about UEFI.
Note that we used /boot and not /boot/efi, so you need to drop the ../efi/.. and then run:
# mkdir /boot/EFI/BOOT # cp -p /boot/EFI/GRUB/grubx64.efi /boot/EFI/BOOT/bootx64.efi
Enjoy, and welcome to the Void!
