Differences

This shows you the differences between two versions of the page.

Link to this comparison view

Both sides previous revision Previous revision
Next revision
Previous revision
en:guide:encrypted_installation [2017/11/17 22:10]
emulatorman
en:guide:encrypted_installation [2022/01/26 00:00] (current)
emulatorman
Line 91: Line 91:
  
 <code bash> <code bash>
-# cryptsetup -v --cipher serpent-xts-plain64 --key-size 512 --hash whirlpool ​>--iter-time 500 --use-random --verify-passphrase luksFormat /dev/sdXY+# cryptsetup -v --cipher serpent-xts-plain64 --key-size 512 --hash whirlpool --iter-time 500 --use-random --verify-passphrase luksFormat /dev/sdXY
 </​code>​ </​code>​
  
Line 242: Line 242:
   - Change the value of the uncommented <color #​620BB9/#​EEDDFF>​MODULES</​color>​ line to <color #​620BB9/#​EEDDFF>​i915</​color>​.   - Change the value of the uncommented <color #​620BB9/#​EEDDFF>​MODULES</​color>​ line to <color #​620BB9/#​EEDDFF>​i915</​color>​.
     * This forces the driver to load earlier, so that the console font you selected earlier isn’t wiped out after getting to login.     * This forces the driver to load earlier, so that the console font you selected earlier isn’t wiped out after getting to login.
 +    * Be aware, when you add i915 into the uncommented modules line, that you remove these **" ​  "​** **before you add i915**, otherwise, it will not boot and will drop to a shell. ​ When you install with **full disk encryption**,​ this is a **requirement**.
     * If you are using a **Macbook 2,1** you will also need to add <color #​620BB9/#​EEDDFF>​hid-generic</​color>,​ <color #​620BB9/#​EEDDFF>​hid</​color>,​ and <color #​620BB9/#​EEDDFF>​hid-apple</​color>​ inside the quotation marks, in order to have a working keyboard when asked to enter the LUKS password. Make sure to separate each module by one space.     * If you are using a **Macbook 2,1** you will also need to add <color #​620BB9/#​EEDDFF>​hid-generic</​color>,​ <color #​620BB9/#​EEDDFF>​hid</​color>,​ and <color #​620BB9/#​EEDDFF>​hid-apple</​color>​ inside the quotation marks, in order to have a working keyboard when asked to enter the LUKS password. Make sure to separate each module by one space.
   - Change the value of the uncommented <color #​620BB9/#​EEDDFF>​HOOKS</​color>​ line to the following: <code bash>   - Change the value of the uncommented <color #​620BB9/#​EEDDFF>​HOOKS</​color>​ line to the following: <code bash>
 # nano /​etc/​mkinitcpio.conf # nano /​etc/​mkinitcpio.conf
  
-base udev autodetect modconf block keyboard keymap consolefont encrypt lvm2 filesystems fsck shutdown+"base udev autodetect modconf block keyboard keymap consolefont encrypt lvm2 filesystems fsck shutdown"
 </​code>​ Here’s what each module does: </​code>​ Here’s what each module does:
     * <color #​620BB9/#​EEDDFF>​keymap</​color>​ adds to initramfs the keymap that you specified in <color #​0B71B9/#​DDF1FF>/​etc/​conf.d/​keymaps</​color>​     * <color #​620BB9/#​EEDDFF>​keymap</​color>​ adds to initramfs the keymap that you specified in <color #​0B71B9/#​DDF1FF>/​etc/​conf.d/​keymaps</​color>​
Line 287: Line 288:
 ==== Configure the network ==== ==== Configure the network ====
  
-Now that we have a hostname, we need to configure the settings for the rest of the network, we suggest use [[https://​www.hyperbola.info/​packages/?​q=netifrc|netifrc]] to set up your wired/​wireless connection.  ​Refer to the configuration section of the [[https://​wiki.gentoo.org/​wiki/​Netifrc#​Configuration|Gentoo ​wiki]].+Now that we have a hostname, we need to configure the settings for the rest of the network, we suggest use [[https://​www.hyperbola.info/​packages/?​q=netifrc|netifrc]] to set up your wired/​wireless connection.  ​See the [[https://​wiki.gentoo.org/​wiki/​Handbook:​X86/​Full/​Networking|Gentoo ​Handbook]] which explains netifrc scripts in a high level of detail.
  
 ==== Set the root password ==== ==== Set the root password ====
Line 354: Line 355:
  
 <code bash> <code bash>
-# grub-mkconfig /​boot/​grub/​grub.cfg+# grub-mkconfig ​-o /​boot/​grub/​grub.cfg
 </​code>​ </​code>​
  
Line 360: Line 361:
  
 <code bash> <code bash>
-# cd /bootln -s . boot+# cd /boot 
 +</​code>​ 
 + 
 +<code bash> 
 +ln -s . boot
 </​code>​ </​code>​
  
Line 367: Line 372:
 Congratulations! You have finished the installation of Hyperbola GNU/​Linux-libre. Now it is time to reboot the system, but first, there are several preliminary steps: Congratulations! You have finished the installation of Hyperbola GNU/​Linux-libre. Now it is time to reboot the system, but first, there are several preliminary steps:
  
 +Exit from <color #​620BB9/#​EEDDFF>​chroot</​color>,​ using the <color #​620BB9/#​EEDDFF>​exit</​color>​ command:
 +
 +<code bash>
 +# exit
 +</​code>​
 +
 +Unmount all of the partitions from <color #​0B71B9/#​DDF1FF>/​mnt</​color>,​ and “turn off” the swap volume:
 +
 +<code bash>
 +# umount -R /mnt
 +</​code>​
 +
 +<code bash>
 +# swapoff -a
 +</​code>​
 +
 +Deactivate the **rootvol** and **swapvol** logical volumes:
 +
 +<code bash>
 +# lvchange -an /​dev/​matrix/​rootvol
 +</​code>​
 +
 +<code bash>
 +# lvchange -an /​dev/​matrix/​swapvol
 +</​code>​
 +
 +Lock the encrypted partition (i.e., close it):
 +
 +<code bash>
 +# cryptsetup luksClose lvm
 +</​code>​
 +
 +Shutdown the machine:
 +
 +<code bash>
 +# openrc-shutdown -p now
 +</​code>​
 +
 +After the machine is off, remove the installation media, and turn it on.
 +
 +===== Booting the installation manually from GRUB =====
 +
 +When you forget to configure or misconfigure grub on your hdd, you have to manually boot the system by entering a series of commands into the GRUB command line.
 +
 +After the computer starts, Press **C** to bring up the GRUB command line. Here are the commands:
 +
 +<code bash>
 +grub> cryptomount -a
 +grub> set root='​lvm/​matrix-rootvol'​
 +grub> linux /​boot/​vmlinuz-linux-libre-lts root=/​dev/​matrix/​rootvol cryptdevice=/​dev/​sda1:​root
 +grub> initrd /​boot/​initramfs-linux-libre-lts.img
 +grub> boot
 +</​code>​
 +
 +<note important>​
 +On machines with native sata, during boot a (faulty) optical disc drive (like dvd) can cause the cryptomount -a command to fail/hang, as well as the error: <code bash>​AHCI transfer timed out</​code>​ The workaround was to remove the DVD drive.
 +</​note>​
 +
 +===== Configure pacman =====
 +
 +Edit <color #​0B71B9/#​DDF1FF>/​etc/​pacman.conf</​color>​ and configure pacman'​s options, also enabling the repositories you need.
 +
 +See [[https://​wiki.archlinux.org/​index.php/​Pacman|Pacman]] and [[en:​main:​Repositories]] for details.
 +
 +===== Update the system =====
 +
 +At this point you should update your system.
 +
 +See [[https://​wiki.archlinux.org/​index.php/​Pacman#​Upgrading packages|Upgrading packages]] for instructions.
 +
 +===== Add an user =====
 +
 +Finally, add a normal user as described in [[https://​wiki.archlinux.org/​index.php/​Users and Groups#User management|User management]].
 +
 +===== Service management =====
 +
 +Since Hyperbola [[https://​www.hyperbola.info/​news/​end-of-systemd-support/​|removed entire systemd support]], we suggest you read about [[https://​wiki.gentoo.org/​wiki/​OpenRC|OpenRC]] which is our main default init system.
 +
 +===== Conclusion =====
 +
 +Your new **Hyperbola GNU/​Linux-libre** base system is now a **functional GNU/Linux environment**.
 +
 +===== Licensing =====
 +
 +This wiki article is released under the [[https://​www.gnu.org/​copyleft/​fdl.html|GNU Free Documentation License 1.3]] with no invariant sections, no front cover texts, and no back cover texts.
 +
 +===== Acknowledgement =====
  
 +This wiki article is based on **[[https://​libreboot.org/​docs/​|Libreboot documentation]]**.