Skip to content

Instantly share code, notes, and snippets.

@shizonic

shizonic/setup.md

Created November 24, 2019 07:25
Show Gist options
  • Save shizonic/a0c28ccd2996f554481aa3479e992363 to your computer and use it in GitHub Desktop.
Save shizonic/a0c28ccd2996f554481aa3479e992363 to your computer and use it in GitHub Desktop.
Download ZIP
Gentoo-BTRFS-LUKS
Raw
setup.md

http://www.ultrabug.fr/gentoo-linux-on-dell-xps-13-9350

https://wiki.gentoo.org/wiki/Dell_XPS_13_9360

https://wiki.gentoo.org/wiki/Full_Encrypted_Btrfs/Native_System_Root_Guide

https://wiki.gentoo.org/wiki/Handbook:AMD64

http://stafwag.github.io/blog/blog/2016/08/30/arch-on-an-encrypted-btrfs-partition

https://vanderzee.org/linux/gentoo-on-xps13-2016-9350-qhd-touchscreen

https://www.segfault.digital/it/hardware/notebook-dell-xps-13-9350-2015/

https://www.linuxserver.io/2016/02/04/installing-linux-on-the-dell-xps-13-2016-9350/

https://wiki.archlinux.org/index.php/Dell_XPS_13_(9350)

http://www.dell.com/support/home/us/en/19/product-support/product/xps-13-9350-laptop/drivers

https://wiki.gentoo.org/wiki/Sakaki%27s_EFI_Install_Guide

LAST TABS

http://stafwag.github.io/blog/blog/2016/08/30/arch-on-an-encrypted-btrfs-partition/ https://wiki.gentoo.org/wiki/Full_Encrypted_Btrfs/Native_System_Root_Guide#Dracut https://wiki.gentoo.org/wiki/Handbook:AMD64/Full/Installation https://gist.github.com/jirutka/990d25662e729669b3ce

========================

systemrescucd

  • startx
  • setup network
  • change root password --> passwd

installation

update package definitions

emerge-webrsync

REF: https://wiki.gentoo.org/wiki/Full_Encrypted_Btrfs/Native_System_Root_Guide

Preparing for encryption

  • generate a keyfile of 4096 random byte dd if=/dev/urandom bs=512 count=8 | pv | dd of=/root/secretkey chmod 0400 /root/secretkey

Partition the drive

cfdisk /dev/nvme0n1

  • 3 MB Bios partition
  • rest linux

Encrypt partition

#cryptsetup benchmark cryptsetup luksFormat -s 512 -c aes-xts-plain64 /dev/nvme0n1p2 cryptsetup luksAddKey /dev/nvme0n1p2 /root/secretkey cryptsetup open -d /root/secretkey /dev/nvme0n1p2 luks-1

Create filesystem, mountpoints and subvolumes

mkfs.btrfs -L GENROOT /dev/mapper/luks-1 mkdir /mnt/newgentoo mount -t btrfs -o defaults,discard,ssd,space_cache,noatime,compress=lzo,autodefrag,subvol=/ /dev/mapper/luks-1 /mnt/newgentoo btrfs subvol create /mnt/newgentoo/boot btrfs subvol create /mnt/newgentoo/home mount -t btrfs -o defaults,noatime,compress=lzo,autodefrag,subvol=home /dev/mapper/luks-1 /mnt/newgentoo/home mount -t btrfs -o defaults,noatime,subvol=boot /dev/mapper/luks-1 /mnt/newgentoo/boot sync cd /mnt/newgentoo btrfs filesystem show btrfs subvolume list -a .

stage 3

cd /mnt/newgentoo

http://ftp.snt.utwente.nl/pub/os/linux/gentoo/releases/amd64/autobuilds/current-stage3-amd64-systemd/stage3-amd64-systemd-20170403.tar.bz2

wget -c http://ftp.snt.utwente.nl/pub/os/linux/gentoo/releases/amd64/autobuilds/current-stage3-amd64/stage3-amd64-20170316.tar.bz2

tar xvjpf stage3-*.tar.bz2 --xattrs --numeric-owner

chroot

cp -L /etc/resolv.conf /mnt/newgentoo/etc/ mount -t proc proc /mnt/newgentoo/proc mount --rbind /sys /mnt/newgentoo/sys mount --rbind /dev /mnt/newgentoo/dev mount --make-rslave /mnt/newgentoo/sys mount --make-rslave /mnt/newgentoo/dev chroot /mnt/newgentoo /bin/bash env-update && source /etc/profile export PS1="(chroot) $PS1"

setup partitions

cat /etc/mtab

/dev/mapper/luks-1 / btrfs rw,noatime,compress=lzo,ssd,discard,space_cache,autodefrag,subvolid=5,subvol=/ 0 0

/dev/mapper/luks-1 /home btrfs rw,noatime,compress=lzo,ssd,discard,space_cache,autodefrag,subvolid=258,subvol=/home 0 0

/dev/mapper/luks-1 /boot btrfs rw,noatime,compress=lzo,ssd,discard,space_cache,autodefrag,subvolid=257,subvol=/boot 0 0

add to --> /etc/fstab

LABEL=GENROOT / btrfs defaults,ssd,discard,noatime,compress=lzo,autodefrag,subvol=/ 0 0

LABEL=GENROOT /home btrfs defaults,ssd,discard,noatime,compress=lzo,autodefrag,subvol=home 0 0

LABEL=GENROOT /boot btrfs defaults,ssd,discard,noatime,subvol=boot 0 0

install packages

emerge-webrsync emerge --sync --quiet emerge portage vim

echo "sys-boot/grub device-mapper" >> /etc/portage/package.use/grub echo "sys-fs/cryptsetup static kernel -gcrypt" >> /etc/portage/package.use/cryptsetup echo "sys-kernel/genkernel-next cryptsetup" >> /etc/portage/package.use/genkernel-next echo "sys-kernel/dracut device-mapper" >> /etc/portage/package.use/dracut

echo "sys-fs/btrfs-progs ~amd64" >> /etc/portage/package.keywords echo "sys-boot/grub:2 ~amd64" >> /etc/portage/package.keywords echo "sys-fs/cryptsetup ~amd64" >> /etc/portage/package.keywords echo "sys-kernel/genkernel-next ~amd64" >> /etc/portage/package.keywords echo "sys-kernel/gentoo-sources ~amd64" >> /etc/portage/package.keywords

cat /etc/portage/make.conf

CHOST="x86_64-pc-linux-gnu" USE="bindist" PORTDIR="/usr/portage" DISTDIR="${PORTDIR}/distfiles" PKGDIR="${PORTDIR}/packages" CFLAGS="-O2 -pipe -march=native" CXXFLAGS="${CFLAGS}" MAKEOPTS="-j8" CPU_FLAGS_X86="mmx sse sse2 mmxext" FEATURES="parallel-fetch" PORTAGE_NICENESS="19" INPUT_DRIVERS="evdev synaptics" VIDEO_CARDS="intel i965"

compile kernel

emerge --ask grub:2 cryptsetup genkernel-next btrfs-progs dracut gentoo-sources dispatch-conf genkernel --luks --btrfs --oldconfig --save-config --menuconfig --install --bootloader=grub2 --udev all dracut -f -I /root/secretkey

#emerge gentoolkit os-prober pciutils usbutils #emerge layman

grub

get uuid

blkid -o value -s UUID /dev/nvme0n1p2

cat /etc/crypttab

luks-1 UUID=8c86940b-0a17-4e71-928d-29abca1ddc26 /root/secretkey luks #luks-1.1 UUID=8c86940b-0a17-4e71-928d-29abca1ddc26 /root/secretkey luks #luks-1 UUID=8c86940b-0a17-4e71-928d-29abca1ddc26 /root/secretkey luks-1

add --> /etc/default/grub

GRUB_ENABLE_CRYPTODISK=y GRUB_CMDLINE_LINUX_DEFAULT="pcie_aspm=force i915.enable_fbc=1 i915.enable_rc6=7 rd.luks=1 rd.luks.key=/root/secretkey rd.luks.uuid=luks-8c86940b-0a17-4e71-928d-29abca1ddc26"

grub-install --target=i386-pc /dev/nvme0n1 grub-mkconfig -o /boot/grub/grub.cfg

??????????????

  • Required Kernel Parameters:
  • root=/dev/$ROOT

  • Where $ROOT is the device node for your root partition as the

  • one specified in /etc/fstab
  • If you require Genkernel's hardware detection features; you MUST
  • tell your bootloader to use the provided INITRAMFS file.

CHROOT

mkdir /mnt/newgentoo cryptsetup open -d /root/secretkey /dev/nvme0n1p2 luks-1

mount -t btrfs -o defaults,discard,ssd,space_cache,noatime,compress=lzo,autodefrag,subvol=/ /dev/mapper/luks-1 /mnt/newgentoo mount -t btrfs -o defaults,noatime,compress=lzo,autodefrag,subvol=home /dev/mapper/luks-1 /mnt/newgentoo/home mount -t btrfs -o defaults,noatime,subvol=boot /dev/mapper/luks-1 /mnt/newgentoo/boot sync btrfs filesystem show btrfs subvolume list -a . cd /mnt/newgentoo

cp -L /etc/resolv.conf /mnt/newgentoo/etc/ mount -t proc proc /mnt/newgentoo/proc mount --rbind /sys /mnt/newgentoo/sys mount --rbind /dev /mnt/newgentoo/dev mount --make-rslave /mnt/newgentoo/sys mount --make-rslave /mnt/newgentoo/dev chroot /mnt/newgentoo /bin/bash env-update && source /etc/profile export PS1="(chroot) $PS1"

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment