Skip to content

Instantly share code, notes, and snippets.

@0x00dec0de

0x00dec0de/gentoo_uefi_fde.md

Forked from MoritzMaxeiner/gentoo_uefi_fde.md
Created November 20, 2024 22:38
Show Gist options
  • Save 0x00dec0de/dcf3b75b9b292d47975e9736c04b8aed to your computer and use it in GitHub Desktop.
Save 0x00dec0de/dcf3b75b9b292d47975e9736c04b8aed to your computer and use it in GitHub Desktop.
Download ZIP
Short guide on how to setup Gentoo with full disk encryption on a UEFI system using Gummiboot
Raw
gentoo_uefi_fde.md

Preface

This is an as-short-as-sensible guide of the minimum necessary steps to setup Gentoo with LVM, LUKS, and UEFI booting using Gummiboot. It assumes you are already familiar with the subject of setting up GNU/Linux distributions and would like to know only what is specific to Gentoo for the abovementioned. This is most definitely not the only way, but it is the shortest I - as a current Gentoo newbie - was able to determine.

Requirements

  • target box: This is the UEFI computer where Gentoo is supposed to be installed.
  • helper box: This is some computer running some GNU/Linux distribution
  • usb stick: This is the USB stick onto which the UEFI bootable live system will go

Preparation

First we shall create the usb stick running Arch Linux - it was chosen because it is very easy to set up and has everything required out of the box.

The latest ISO for Arch Linux can be grabbed from here; at the time of writing this, "archlinux-2014.08.01-dual.iso" is the latest available image and also what was used in the making of this guide.

After grabbing the image, copy it with dd onto the usb stick using your helper box.

Now boot the target box from the usb stick in UEFI mode. If you have your target box connected via LAN, Arch Linux is likely to have set it up corretly for you already; if you are connected via WLAN, call "wifi-menu" to set it up.

Installation

  1. Prepare your disks. This is a minimal example of a layout your target block device could have:

    NAME                  TYPE  FSTYPE      MOUNTPOINT  SIZE UUID
sdb                   disk                         59.6G
├─sdb1                part  vfat        /mnt/boot   500M 1A6E-374D
└─sdb2                part  crypto_LUKS            59.1G d580e705-e714-4af4-a48b-f5e71bb622be
  └─luks_container    crypt LVM2_member            59.1G 8yHuxc-f6ZU-xkdU-l6dY-dVpE-50oT-2rLAzz
    ├─partitions-swap lvm   swap        [SWAP]        2G 81172beb-590c-411d-bd74-2bb0266544b9
    └─partitions-root lvm   ext4        /mnt       57.1G 17c87950-4471-4a4c-a703-aabdf937a7e0

    Note: All commands below referencing a block device do so with regards to the above example layout! You need to adjust any such command to your own layout!

  2. Follow chapter 5 of the Gentoo handbook.

    Note: We're on Arch Linux here, so keep in mind that /mnt/gentoo is /mnt for us.

  3. Follow chapter 6 of the Gentoo handbook.

    Notes:

    • There's no "mirrorselect" on Arch Linux, you will need to do its part manually

    • Do the chroot like this (Arch Linux specific):

      archiso ~ # PATH="$PATH:/bin:/sbin:/usr/sbin" arch-chroot /mnt /bin/bash

  4. Follow chapter 7 of the Gentoo handbook

    Notes:

    • Choose to do 7.b "Manual Configuration"

    • You will need to enable the kernel options for EFI stub support, dm-crypt, and crypto functions (determined by how you setup your luks device)

    • Choose to do the step "(Optional) Building an Initramfs", but do it like this:

      (chroot) archiso ~ # echo "sys-kernel/genkernel cryptsetup" >> /etc/portage/package.use
(chroot) archiso ~ # emerge genkernel
(chroot) archiso ~ # genkernel --install initramfs --luks --lvm --disklabel

  5. Install Gummiboot like this:

    (chroot) archiso ~ # emerge gummiboot --autounmask-write
(chroot) archiso ~ # dispatch-conf
(chroot) archiso ~ # emerge gummiboot

    Get Gummiboot on your /boot (replace kernel versions with yours):

    (chroot) archiso ~ # mkdir -p /boot/EFI/gummiboot
(chroot) archiso ~ # mkdir -p /boot/EFI/gentoo   
(chroot) archiso ~ # mkdir -p /boot/loader/entries
(chroot) archiso ~ # cp /boot/vmlinuz-3.14.14-gentoo /boot/EFI/gentoo/vmlinuz-linux.efi
(chroot) archiso ~ # cp /boot/initramfs-genkernel-x86_64-3.14.14-gentoo /boot/EFI/gentoo/initramfs-linux.img
(chroot) archiso / # cp /usr/lib/gummiboot/gummibootx64.efi /boot/EFI/gummiboot/gummiboot.efi

  6. Configure Gummiboot and your /etc/fstab like shown below:

    (chroot) archiso ~ # cat > /boot/loader/loader.conf <<EOF
> default gentoo
> timeout 3
> EOF
    (chroot) archiso ~ # cat > /boot/loader/entries/gentoo.conf <<EOF
> title Gentoo
> efi \EFI\gentoo\vmlinuz-linux.efi
> options initrd=\EFI\gentoo\initramfs-linux.img crypt_root=UUID=d580e705-e714-4af4-a48b-f5e71bb622be root=/dev/mapper/partitions-root ro dolvm
> EOF

    Note: If are installing Gentoo onto a USB device, add scandelay=X with X >= 1 to the kernel options line.

    (chroot) archiso ~ # cat >> /etc/fstab <<EOF
> UUID=1A6E-374D              /boot       vfat    defaults  0 2
> /dev/mapper/partitions-root /           ext4    defaults  0 1
> /dev/mapper/partitions-swap none        swap    defaults  0 0
> EOF

    Note: Do not forget to clean your /etc/fstab after this step from whatever initial configuration was in there

  7. Follow the rest of the Gentoo handbook (but do not reboot yet)

  8. After leaving the chroot, do the following:

      archiso ~ # efibootmgr -c -d /dev/sdb -p 1 -w -L "Gummiboot" -l '\EFI\gummiboot\gummiboot.efi'

  9. Reboot into your new Gentoo

Sources

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment