1 Topic by jim (edited by jim 2024-02-01 09:01:41)

  • jim
  • Guest

Topic: Install Hyperbola (GRUB on the USB) Libreboot T440P

Hi all . I continue to share my tests))

Don't use Luks1 it is not safe, use Luks2+argon2id today!
Since version 2.4.0 (released August 18, 2021), cryptsetup uses Argon2id by default. You can read why in detail in this article.
https://mjg59.dreamwidth.org/66429.html

Insert your USB from Hyperbola Media Live into your PC. Turn on your PC and press ESC until the menu appears,
press the number corresponding to your USB with Hyperbola Media Live, then you will be taken to Hyperbola Media Live

Enlarge the text to make it easier to see) 

root@hyperiso # cd /usr/share/consolefonts

root@hyperiso # setfonts sun12X22.psfu.gz

Now the font size is normal, you can move on))

# lsblk

use dd for erase data

# dd if=/dev/urandom  of=/dev/sdb bs=1M status=progress

Create partitions

cfdisk /dev/sdb
/dev/sdb  -> The rest of the disk (LVM) # To be encrypted 
now we have sdb1 

# lsblk (check)

Connect internet,

# ip -c a

# rc-service dcpcd start

# ip link set enp0s35 up

# dhcpd enp0s35

Let's set up encryption

# pacman -Syy cryptsetup 

# rc-update add lvm boot

# rc-update add dmcrypt boot 

# modprobe dm-mod

Configuring LUKS (luks2)

# cryptsetup --cipher aes-xts-plain64 --hash sha512 --iter-time 5000 --key-size 512 --pbkdf argon2id 
                                --use-urandom --verify-passphrase luksFormat --type luks2 /dev/sdb2

                               

Unlock the LUKS partition

# cryptsetup open /dev/sdb1 lvm

Create a physical volume on top of the opened LUKS container

# pvcreate /dev/mapper/lvm
# pvs  (check)

Create the volume group, adding the physical volume to it

# vgcreate  matrix /dev/mapper/lvm
# vgs (check)

Create logical volumes on the volume group (the size of the volumes are meant as examples)

# lvcreate -L 10G -n root  matrix
# lvcreate -l 100%FREE -n home  matrix

Format the filesystems on each logical volume

# mkfs.ext4 /dev/mapper/matrix-root
# mkfs.ext4 /dev/mapper/matrix-home


Mount the filesystems

# mount /dev/mapper/matrix-root /mnt
# mkdir /mnt/home
# mount /dev/mapper/matrix-home /mnt/home

Prepare the boot partition:
Insert USB into PC. (for me it's sdd)
use dd for erase data

# dd if=/dev/urandom  of=/dev/sdd bs=1M status=progress
# mkfs.ext2 /dev/sdd
# mkdir /mnt/boot
# mount  /dev/sdd /mnt/boot
# lsblk (check)

Select installation mirror by editing the mirrorlist

# nano /etc/pacman.d/mirrorlist

Install the base system using pacstrap

# pacstrap /mnt

Generate a fstab file

# genfstab -U -p /mnt >> /mnt/etc/fstab
# cat /mnt/etc/fstab  (check)

Enter the new system

# arch-chroot /mnt

or

# arch-chroot /mnt /bin/bash

Configure /etc/mkinitcpio.conf for encryption and LVM

# nano /etc/mkinitcpio.conf 

MODULES=i915

HOOKS="base udev autodetect modconf block keyboard keymap consolefont encrypt lvm2 filesystems fsck shutdown"

Update Kernel

# mkinitcpio -p linux-libre-lts

==>ERROR Hook 'encrypt'...
==>WARNING missing isci..

OK,

# pacman -S cryptsetup 
# pacman -S core/isci-lts-firmware
# mkinitcpio -p linux-libre-lts

Set the hostname

# echo "hyperbola" > /etc/hostname
# nano /etc/hosts

127.0.0.1   localhost.localdomain     localhost   hyperbola
::1              localhost.localdomain     localhost   hyperbola

Set password for root

# passwd

****************************
****************************

Install and configure GRUB

# pacman -S grub

Install GRUB on the USB drive:

# grub-install /dev/sdd --force

I received this warning:

grub-install: warning: File system `ext2' doesn't support embedding.
grub-install: warning: Embedding is not possible.  GRUB can only be installed in this setup by using blocklists.  However, blocklists are UNRELIABLE and their use is discouraged..

The Internet answers us)))) https://superuser.com/questions/936889/ … and-prompt

You are getting the warning because you are installing grub to a partition instead of the MBR. This means grub can not be embedded in the unused space between the MBR and the first partition. Instead it has to have the list of blocks that /boot/grub/core.img resides in placed into the MBR. This setup is subject to being broken by things like defrag and so is not recommended, hence the warning. Since it is only a warning, you can ignore it.


If you know a better solution on this issue, please post here.

All files are in place))))

# cd /boot

Generate grub.cfg

# grub-mkconfig -o /boot/grub/grub.cfg

# nano /boot/grub/grub.cfg  

You will find these two lines in the configuration file 
linux /vmlinuz-linux-libre-lts root=/dev/mapper/matrix-root rw quiet


This is what they should look like after correction:
linux /vmlinuz-linux-libre-lts root=/dev/mapper/matrix-root cryptdevice=/dev/sdb1:matrix rw quiet

Save.


Add a user

# useradd -m -g users -G wheel -s /bin/bash jim
# passwd jim

Unmount all partition and reboot 

# exit

# umount -R /mnt

# lvchange -an /dev/matrix/root
# lvchange -an /dev/matrix/home

# cryptsetup close lvm

# openrc-shutdown -p now 

or

# poweroff

Insert your USB with GRUB. Turn on your PC, press ESC, you will see a menu in which you need to select “Payload [grub2]” click on this number!
Next, select “Search for GRUB configuration on external media [s]” and press enter.
You will see Hyperbola GNU/Linex-libre, Liux-libre-lts kernel, press enter and your system will boot.

You can remove your USB from GRUB. After re-enabling, your GRUB will be on the flash drive.

After this, you will be asked to enter your password for the encrypted volume!

cat /proc/cmdline (check)

Use T400, it is freer than T440P))

2 Reply by throgh

  • throgh
  • throgh
  • Package Development and Community Coordinator
  • Offline
  • From: Planet Earth
  • Registered: 2017-12-28
  • Posts: 2,924

Re: Install Hyperbola (GRUB on the USB) Libreboot T440P

Why using lvm? Would it be possible to do that without?

Human being in favor with clear principles and so also for freedom in soft- and hardware!

Certainly anyone who has the power to make you believe absurdities has the power to make you commit injustices: For a life of every being full with peace and kindness, including diversity and freedom. Capitalism is destroying our minds, the planet itself and the universe in the end!

3 Reply by jim

  • jim
  • Guest

Re: Install Hyperbola (GRUB on the USB) Libreboot T440P

Hello . Which option after the encrypted /boot partition do you consider preferable? https://wiki.archlinux.org/title/Dm-cry … ire_system

#LUKS on a partition

#LUKS on a partition with TPM2 and Secure Boot

#LVM on LUKS

#LUKS on LVM

#LUKS on software RAID

#Plain dm-crypt

#Encrypted boot partition (GRUB)

#Root on ZFS    

I read a little about OpeBSD, there is no such complex boot system as in LInux, I mean:

The bootloader finds and starts the kernel, and the kernel starts the operating system, attaches device drivers to the hardware, and performs other operating system configurations. Finally, the kernel runs init(8), which starts various processes and includes user programs, network interfaces, daemons, etc.

For example, openbsd does not have a /boot partition, like Linux, and there is no initramfs. The kernel is located only in the root partition.

4 Reply by throgh

  • throgh
  • throgh
  • Package Development and Community Coordinator
  • Offline
  • From: Planet Earth
  • Registered: 2017-12-28
  • Posts: 2,924

Re: Install Hyperbola (GRUB on the USB) Libreboot T440P

What was asked is "Plain dm-crypt" in IRC also.

Human being in favor with clear principles and so also for freedom in soft- and hardware!

Certainly anyone who has the power to make you believe absurdities has the power to make you commit injustices: For a life of every being full with peace and kindness, including diversity and freedom. Capitalism is destroying our minds, the planet itself and the universe in the end!

5 Reply by jim

  • jim
  • Guest

Re: Install Hyperbola (GRUB on the USB) Libreboot T440P

Do you mean this option https://gist.github.com/ansulev/4e56401 … e886eb5838 ?

6 Reply by throgh

  • throgh
  • throgh
  • Package Development and Community Coordinator
  • Offline
  • From: Planet Earth
  • Registered: 2017-12-28
  • Posts: 2,924

Re: Install Hyperbola (GRUB on the USB) Libreboot T440P

Surely interesting thanks for the link, nevertheless the lvm-option was not that on my perspective as in IRC it was discussed other way. Personal it would make the guide sufficient when leaving the advantages for lvm-usage. So thank you for your engagement within this. smile

Human being in favor with clear principles and so also for freedom in soft- and hardware!

Certainly anyone who has the power to make you believe absurdities has the power to make you commit injustices: For a life of every being full with peace and kindness, including diversity and freedom. Capitalism is destroying our minds, the planet itself and the universe in the end!

7 Reply by jim

  • jim
  • Guest

Re: Install Hyperbola (GRUB on the USB) Libreboot T440P

Thank you also for your communication, I hope our community will grow, I will try to help as much as I can.