This is a guide for installing Void Linux on an EFI system with non encrypted boot and encrypted root. The guide is based on practical paranoid article and official Void Linux article.
I wrote this guide to help myself installing Void Linux w/o encrypted boot. I haven't checked it for grammar errors, so there might be some. I hope it will help you, and good luck. And I know that I use way to many pictures/terminal copy paste.
I am not responsible for any actions you take! This guide was written 2/7/2020, so the info may be outdated. Please remember to use your own computer's partition names.
You need to have a computer with safe boot disabled and a live copy of Void Linux, ether by live USB or CD. I am using the Cinnamon version of Void Linux for installing it, this is so I don't need to setup WIFI, nor use the TTY directly.
After you have booted a live USB/CD, you open a terminal.
The first step is setting the partitions up. I will be using a tool called cfdisk for this. You can start cfdisk by running cfdisk (<device path>) in the terminal, you may need to use sudo. Normally you don't need to specify the device, but if the size seems wrong you should specify it. You can get a list of devices by writing lsblk in your terminal.
My output:
NAME MAJ:MIN RM SIZE RO TYPE MOUNTPOINT
loop0 7:0 0 801M 1 loop /run/initramfs/live
loop1 7:1 0 704.7M 1 loop
loop2 7:2 0 2.3G 1 loop
├─live-rw 254:0 0 2.3G 0 dm /
└─live-base 254:1 0 2.3G 1 dm
loop3 7:3 0 32G 0 loop
└─live-rw 254:0 0 2.3G 0 dm /
sda 8:0 1 28.9G 0 disk
├─sda1 8:1 1 1M 0 part
├─sda2 8:2 1 50M 0 part
└─sda3 8:3 1 28G 0 part /run/initramfs/isoscan
sdb 8:16 1 29.3G 0 disk
├─sdb1 8:17 1 29.3G 0 part
└─sdb2 8:18 1 512K 0 part /run/media/anon/UEFI_NTFS
nvme0n1 259:0 0 953.9G 0 disk
├─nvme0n1p1 259:1 0 512M 0 part
├─nvme0n1p2 259:2 0 9.3G 0 part
└─nvme0n1p3 259:3 0 944.1G 0 part
I know that my SSD is 1TB, so the device name is nvme0n1, the path is /dev/, so my device path is /dev/nvme0n1. After launching cfdisk, your interface should look a bit like this:
Disk: /dev/nvme0n1
Size: 953.89 GiB, 1024209543168 bytes, 2000409264 sectors
Label: gpt, identifier: C798685E-B053-4677-8B55-69FD721B9271
Device Start End Sectors Size Type
>> /dev/nvme0n1p1 2048 1050623 1048576 512M EFI System
/dev/nvme0n1p2 1050624 20582399 19531776 9.3G Linux filesystem
/dev/nvme0n1p3 20582400 2000408575 1979826176 944.1G Linux filesystem
┌────────────────────────────────────────────────────────────────────────────┐
│ Partition name: EFI System Partition │
│ Partition UUID: 07FD5BA4-DF63-45BA-A409-897C38D0C089 │
│ Partition type: EFI System (C12A7328-F81F-11D2-BA4B-00A0C93EC93B) │
│Filesystem UUID: 72BA-9490 │
│ Filesystem: vfat │
└────────────────────────────────────────────────────────────────────────────┘
[ Delete ] [ Resize ] [ Quit ] [ Type ] [ Help ] [ Write ]
[ Dump ]
The first step is to delete all the partitions, and then creating a new partition:
Disk: /dev/nvme0n1
Size: 953.89 GiB, 1024209543168 bytes, 2000409264 sectors
Label: gpt, identifier: C798685E-B053-4677-8B55-69FD721B9271
Device Start End Sectors Size Type
>> Free space 2048 2000409230 2000407183 953.9G
┌────────────────────────────────────────────────────────────────────────────┐
│Filesystem UUID: 72BA-9490 │
│ Filesystem: vfat │
└────────────────────────────────────────────────────────────────────────────┘
[ New ] [ Quit ] [ Help ] [ Write ] [ Dump ]
The partition should be 1G, which is more than enough.
Disk: /dev/nvme0n1
Size: 953.89 GiB, 1024209543168 bytes, 2000409264 sectors
Label: gpt, identifier: C798685E-B053-4677-8B55-69FD721B9271
Device Start End Sectors Size Type
>> Free space 2048 2000409230 2000407183 953.9G
┌────────────────────────────────────────────────────────────────────────────┐
│Filesystem UUID: 72BA-9490 │
│ Filesystem: vfat │
└────────────────────────────────────────────────────────────────────────────┘
Partition size: 1G
May be followed by M for MiB, G for GiB, T for TiB, or S for sectors.
You should then change the type to EFI, by selecting it with the >> and then pressing enter on [ Type ], you should then navigate you pointer up to the top, where EFI System is written, and then press enter.
┌ Select partition type ───────┐
│ EFI System │
│ MBR partition scheme │
│ Intel Fast Flash │
│ BIOS boot │
│ Sony boot partition │
│ Lenovo boot partition │
│ PowerPC PReP boot │
│ ONIE boot │
│ ONIE config │
│ Microsoft reserved │
│ Microsoft basic data │
│ Microsoft LDM metadata │
│ Microsoft LDM data │
│ Windows recovery environment │
│ IBM General Parallel Fs │
│ Microsoft Storage Spaces │
│ HP-UX data │
│ HP-UX service │
│ Linux swap │
│ Linux filesystem │
└────────────────────────────↓─┘
C12A7328-F81F-11D2-BA4B-00A0C93EC93B
The next partition we create, is the boot partition. The boot partition should be 10G, which is also more than enough. The new partition should already have the default type of Linux Filesystem.
The last partition, is the root partition, we will give it the rest of the space.
When you are finished, it should look something like this:
Disk: /dev/nvme0n1
Size: 953.89 GiB, 1024209543168 bytes, 2000409264 sectors
Label: gpt, identifier: C798685E-B053-4677-8B55-69FD721B9271
Device Start End Sectors Size Type
/dev/nvme0n1p1 2048 2099199 2097152 1G EFI System
/dev/nvme0n1p2 2099200 23070719 20971520 10G Linux filesystem
>> /dev/nvme0n1p3 23070720 2000409230 1977338511 942.9G Linux filesystem
┌────────────────────────────────────────────────────────────────────────────┐
│Partition UUID: 78D36147-ED9B-BB4B-8F96-6DFD28536D23 │
│Partition type: Linux filesystem (0FC63DAF-8483-4772-8E79-3D69D8477DE4) │
└────────────────────────────────────────────────────────────────────────────┘
[ Delete ] [ Resize ] [ Quit ] [ Type ] [ Help ] [ Write ]
[ Dump ]
You are now done with creating the partitions, and can now press [ Write ] and then [ Quit ].
In this step we will create our luks partition and mount it.
We first format the partition and create a key. In this example we use 512 bit AES keys, and sha512, this is more secure, but could be slower (I have not tested other sizes). Please replace /dev/nvme0n1p3 with your root partition.
cryptsetup \
--cipher aes-xts-plain64 \
--key-size 512 \
--hash sha512 \
--iter-time 5000 \
--use-random \
luksFormat /dev/nvme0n1p3
You can then open the LUKS device. You can replace cryptroot with another name.
cryptsetup luksOpen /dev/nvme0n1p3 cryptroot
In my setup I create a 20GB swap and the rest is root. First thing is the volume group. LUKS is mounted under /dev/mapper/. You can rename voidvm to anything you want.
vgcreate voidvm /dev/mapper/cryptroot
I then create a swap partition, named swap.
lvcreate --name swap -L 20G voidvm
And then root with the rest of the space.
lvcreate --name root -l 100%FREE voidvm
I will be using vfat on efi, ext4 on boot, and f2fs for root. f2fs is only for flash drives, so please use ext4 or another filesystem if you are on HDDs. Here I format my EFI, boot and root.
mkfs.vfat /dev/nvme0n1p1
mkfs.ext4 /dev/nvme0n1p2
mkfs.f2fs /dev/voidvm/root
We then create our swap:
mkswap /dev/voidvm/swap
We then mount all the partitions and some extra bits.
$ mount /dev/voidvm/root /mnt # Mount root
$ for dir in dev proc sys run; do mkdir -p /mnt/$dir ; mount --rbind /$dir /mnt/$dir ; mount --make-rslave /mnt/$dir ; done # Some extra bit from the official guide
$ mkdir -p /mnt/boot # Create mount point for boot
$ mount /dev/nvme0n1p2 /mnt/boot # Mount boot
$ mkdir -p /mnt/boot/efi # Create EFI mount point
$ mount /dev/nvme0n1p1 /mnt/boot/efi/ # Mount EFI
We then install the base system, this may take some time:
$ xbps-install -Sy -R https://alpha.de.repo.voidlinux.org/current -r /mnt base-system cryptsetup grub-x86_64-efi lvm2
When it's done, we can enter the chroot and finish up the configuration.
$ chroot /mnt
$ chown root:root /
$ chmod 755 /
$ passwd root
$ echo voidvm > /etc/hostname
$ echo "LANG=en_US.UTF-8" > /etc/locale.conf
$ echo "en_US.UTF-8 UTF-8" >> /etc/default/libc-locales
$ xbps-reconfigure -f glibc-locales
$ chsh -s /bin/bash
We can then add a user, replace zerocool with your username:
useradd \
--create-home \
--groups wheel,users,audio,video,storage,cdrom,input \
--shell /bin/bash \
zerocool
Fire the visudo command and uncomment the following line to allow sudo access to users in the wheel group.
%wheel ALL=(ALL) ALL
Now this is the most dangerus part. You need to open fstab, and add some lines at the bottom, please use tabs, I don't know if it make a difference to use tabs. You can use the vi editor to open the file, remember to search how to use the vi editor online, if you don't know. Your fstab should look a bit like this:
#
# See fstab(5).
#
# <file system> <dir> <type> <options> <dump> <pass>
tmpfs /tmp tmpfs defaults,nosuid,nodev 0 0
/dev/voidvm/root / f2fs defaults,noatime 0 0
/dev/nvme0n1p2 /boot ext4 defaults,noatime,discard 0 2
/dev/nvme0n1p1 /boot/efi vfat defaults 0 0
/dev/voidvm/swap swap swap defaults 0 0
This is another part of another guide that I don't know what does, but it works with it.
# create a new file in /etc/dracut.conf.d/override.conf
# containing the following line
hostonly=yes
You should now edit /etc/default/grub, add rd.auto=1 rd.lvm .vg=voidvm rd.luks.allow-discards to GRUB_CMDLINE_LINUX_DEFAULT, the line should look like this.
GRUB_CMDLINE_LINUX_DEFAULT="loglevel=4 slub_debug=P page_poison=1 rd.auto=1 rd.lvm
.vg=voidvm rd.luks.allow-discards"
You can now install grub.
$ grub-install \
--target=x86_64-efi \
--efi-directory=/boot/efi \
--boot-directory=/boot
Installing for x86_64-efi platform.
Installation finished. No error reported.
And then generate grub config.
$grub-mkconfig -o /boot/grub/grub.cfg
Generating grub configuration file ...
Found linux image: /boot/vmlinuz-5.7.12_1
Found initrd image: /boot/initramfs-5.7.12_1.img
done
Last step is to generate initramfs.
#
# you can find it in the output
# of the grub command above
xbps-reconfigure -f linux5.4
All done, we are now ready to reboot into void linux.
# exit the chroot
$ exit
# unmount recursively from /mnt
$ umount -R /mnt
$ reboot