1 (edited by ΙΧΘΥΣ 2019-01-14 19:02:44)

Topic: Guide for an encrypted installation of Hyperbola (no boot). Newbies.

The steps listed bellow describes the installation of Hyperbola GNU/Linux-libre using a wired connection. The computer is a Thinkpad with a free initialization program (Libreboot). While it should be possible to boot from an encrypted partition using Libreboot this installation will create a small unencrypted boot partition.

Anytime I have tried to install Hyperbola using the full disk encryption method (with the boot included), I have found that at the end of the process I was not able to automatically initialize the system. In those cases, anytime I wanted to run the system I was forced to manually boot it by entering a series of commands into the GRUB command line. That is, after the computer started I had to Press C and write:

grub> cryptomount -a
grub> set root=’lvm/lvmvg-root’
grub> linux /boot/vmlinuz-linux-libre root=/dev/lvmvg/root cryptdevice=/dev/sda2:lvmvg
grub> initrd /boot/initramfs-linux-libre.img
grub> boot

Therefore, I felt that the benefits of trying to install Hyperbola with a full disk encryption were, in my case, not that important as when compared with the difficulties that always arised from it.

While I am conscious that the above mentioned problem could be avoided by modifying the Libreboot GRUB configuration file, I personally find that this later task may require a level of technical ability which might be out of my reach at the present moment. (https://libreboot.org/docs/gnulinux/grub_cbfs.html). 

This guide basically reproduces the information contained in other webs and adapt it to the case of a Hyperbola installation. Special reference will be made to the method described by Github contributor Psycosy for installing Parabola (https://gist.github.com/Psycosy/dbe9bcf … aa6a188e17). I have referenced all the websites that served me to ellaborate this guide at the bottom of this post.

This guide intends to serve other persons like me who have a limited computer knowledge for they to be able to easily install Hyperbola in an encrypted manner. It also intendes to set here notes that could serve myself as some reminders for a future reinstallation of Hyperbola.

Please, feel free to comment the errors that I could have made during the installation or the suggestions for improving it. I think in this way, people like me who are getting familiar with Hyperbola can learn in the process. Thanks for your help in that regard.

Sorry for the spelling errors and grammatical mistakes. English is not my mother tongue.




Verification:


1) Download the ISO image from: https://www.hyperbola.info/download/


2) Download the following four archives to verify the authenticity of the ISO:

hyperbola(...).iso.sha512
hyperbola(...).iso.512.sig
hyperbola(...).iso.whirlpool
hyperbola (...).iso.whirlpool.sig


3) Keep all the downloaded archives in a folder in my case (live_image).


4) Access the folder using the terminal:

cd live_image

5) Import Parabola singing key:

gpg --keyserver pgp.mit.edu --recv-key "C92B AA71 3B8D 53D3 CAE6 3FC9 E697 4752 F970 4456"

If you find some error with the previous command try instead:

gpg --keyserver pgp.mit.edu --recv-key F9704456

Now check the fingerprint of the imported key:

gpg --list-key --with-fingerprint F9704456

Check that the fingerprint matches "C92B AA71 3B8D 53D3 CAE6 3FC9 E697 4752 F970 4456".


6) Verify the signature of the shasum file:

gpg --verify hyperbola-milky-way-v0.2.5-dual.iso.sha512.sig hyperbola-milky-way-v0.2.5-dual.iso.sha512

You should be prompted with a "Good Signature" message.


7) Now verify the shasum of the iso agaisnt the one contained in the sha512 file. If your system has coreutils preinstalled just type:

sha512sum -c hyperbola-milky-way-v0.2.5-dual.iso.sha512

the result should be:

hyperbola-milky-way-v0.2.5-dual.iso: OK


8) You can also verify the authenticity and integrity of the ISO with the most secure hash WHIRLPOOL.

Having rhash preinstalled type:

gpg –-verify hyperbola-milky-way-v0.2.5-dual.iso.whirlpool.sig  hyperbola-milky-way-v0.2.5-dual.iso.whirlpool

You should be prompted again with the message "Good Signature”.

Then after, type:

whirlpool-hash -c hyperbola-milky-way-v0.2.5-dual.iso.whirlpool

You should see the message "Everything OK"


9) Now you can burn the ISO image to a CD or DVD and restart the computer where you want to install Hyperbola booting it from that CD/DVD.




Installation:


After having verified that the ISO is authentic and that it has not been tampered let us proceed with the proper installation.

1) Find out the device name where you want to install Hyperbola (in my case sda):

lsblk

2) Overwrite it with random data:

badblocks -c 10240 -s -w -t random -v /dev/sda

3) Start the creation of a partition table:

fdisk /dev/sda

4) Create a 1GB partition for the unencrypted boot:

Command (m for help): n
Partition type
   p   primary (0 primary, 0 extended, 4 free)
   e   extended (container for logical partitions)
Select (default p): p
Partition number (1-4, default 1): 
First sector (2048-224674127, default 2048): 
Last sector, +sectors or +size{K,M,G,T,P} (2048-224674127, default 224674127):+1G
Created a new partition 1 of type 'Linux' and of size 1 GiB.

5) Create a partition with the rest of the disk where to allocate the encrypted LUKS container:

Command (m for help):[b] n[/b]
Partition type
   p   primary (1 primary, 0 extended, 3 free)
   e   extended (container for logical partitions)
Select (default p):[b] p[/b]
Partition number (2-4, default 2): 
First sector (2099200-224674127, default 2099200): 
Last sector, +sectors or +size{K,M,G,T,P} (2099200-224674127, default 224674127): 

Created a new partition 2 of type 'Linux' and of size 106.1 GiB.

6) If you need it, you can check at this point the partition table that you are going to create with the command p:

Device     Boot   Start       End   Sectors   Size Id Type
/dev/sda1          2048   2099199   2097152     1G 83 Linux
/dev/sda2       2099200 224674127 222574928 106.1G 83 Linux

7) When you are ready to continue save the changes made with command w:

Command (m for help): w
The partition table has been altered.
Calling ioctl() to re-read partition table.
Syncing disks.

8) Encrypt the partition /dev/sda2 (after having decided which is the encryption hash that you prefer from out the results given to you by the performance test executed by the command   

cryptsetup benchmark

In my case I use:

cryptsetup --cipher serpent-xts-plain64 --key-size 512 --hash whirlpool --use-random luksFormat /dev/sda2

You will now be asked twice for a password for this LUKS partition.


9) Open the LUKS partition:

cryptsetup open /dev/sda2 lvm

10) Create the physical volume:

pvcreate /dev/mapper/lvm

11) Create the volume group:

vgcreate lvmvg /dev/mapper/lvm

12) Setup the logical volumes:

lvcreate -L 10G -n root lvmvg
lvcreate -L 8G -n swap lvmvg
lvcreate -l 100%FREE -n home lvmvg

I think it is not necessary nowadays but I will use choose double of my RAM memory for the swap logical volume. For checking how much RAM memory you have installed on your computer check the line “MemTotal” of the results given by the following command:

cat /proc/meminfo A

Alternatively these commands maybe be used for the same purpose: vmstat -s or vmstat -s. Other recommendations here: https://itsfoss.com/swap-size/


13) Format the filesystems of each logical volume:

mkfs.ext4 /dev/mapper/lvmvg-root
mkfs.ext4 /dev/mapper/lvmvg-home
mkswap /dev/mapper/lvmvg-swap

14) Mount the filesystems:

mount /dev/mapper/lvmvg-root /mnt
mkdir /mnt/home
mount /dev/mapper/lvmvg-home /mnt/home
swapon /dev/mapper/lvmvg-swap

15) Setup the boot partition:

mkfs.ext4 /dev/sda1
mkdir /mnt/boot
mount /dev/sda1 /mnt/boot

16) Install the base system:

pacstrap /mnt

17) Generate an fstab file, to define how disk partitions should be mounted into the filesystem:

genfstab -p /mnt >> /mnt/etc/fstab

18) Enter into the system to begin to configure it. This process is usually referred as “chrooting”. Chroot is short for change root. The idea is to change the root directory from / to a directory down the tree:

arch-chroot /mnt /bin/bash

19) Setting up language and adjusting clock to Coordinated Universal Time (UTC):

echo LANG=en_US.UTF-8 >> /etc/locale.conf
echo LANGUAGE=en_US >> /etc/locale.conf
echo LC_ALL=C >> /etc/locale.conf
ln -s /usr/share/zoneinfo/Europe/Copenhagen /etc/localtime
hwclock --systohc -–utc
nano /etc/locale.gen

Edit /etc/locale.gen and uncomment the language that you want your system to use. In this case I will uncomment en_US.UTF-8 UTF-8. (“uncomment” means removing the hash symbol from be line that you want to select).
Save and quit the file, and generate new location:

locale-gen
echo LANG=en_US.UTF-8 > /etc/locale.conf
echo LC_TIME=en_US.UTF-8 >> /etc/locale.conf
export LANG=en_US.UTF-8

20) Configure /etc/mkinitcpio.conf for encryption and LVM:

nano /etc/mkinitcpio.conf

Change the value of the uncommented HOOKS line to the following:

HOOKS="base udev autodetect modconf block encrypt lvm2 filesystems keyboard fsck"

21) Regenerate the linux initrd image:

mkinitcpio -p linux-libre-lts

22) Install and configure GRUB:

pacman -S grub-bios os-prober
grub-install /dev/sda
grub-mkconfig -o /boot/grub/grub.cfg
nano /boot/grub/grub.cfg

Add "cryptdevice=/dev/sda2:lvmvg" between "root=..." and "rw" in the line that starts with linux. This needs to be done for "linux-libre" and "linux-libre-fallback".


23) Set a password for your root:

passwd

24) Create an user and add it to the group of users “Wheel” In my case I choose the name “pc” but you can change to whatever you prefer:

useradd -m -g users -G wheel -s /bin/bash pc

25) Set a password for the user:

passwd pc

Change “pc” for whatever your username is.


26) For being able to occasionally give root priviledges to your user you need to instert it in to the list of sudoers.

First download the package sudo:

pacman -S sudo

Later edit the sudo configuration file: /etc/sudoers:

nano /etc/sudoers

Go to the uncommented line where it is written “root ALL=(ALL)” and under it add your user:

pc ALL=(ALL) ALL

Change “pc” with the name of your username.


27) Network configuration

Write your hostname to /etc/hostname. I choose “localhost”:

echo localhost > /etc/hostname

For a wired internet connection enable the dhcpcd service:

rc-update add dhcpcd default
rc-service dhcpcd start

For a wireless connection install the following packages:

pacman -S iw dialog networkmanager

28) Set up the graphical user interface.

First install the display server Xorg:

sudo pacman -S xorg-server

Install the video drivers:

pacman -S xf86-video-intel

Install the desktop environment. In my case I choose gnome:

pacman -Syy gnome

29) Enable the necessary services before leaving chroot. Try to add each of the services of the list posted below as it is recommended by Zapper and Aether (https://forums.hyperbola.info/viewtopic … d=203#p203):

rc-update add lvm boot
rc-update add dmcrypt boot
rc-update add mdraid boot
rc-update add cronie default
rc-update add elogind default
rc-update add alsasound default
rc-update add avahi-daemon default
rc-update add avahi-dnsconfd default
rc-update add ntpd default
rc-update add udev default
rc-update add dbus default
rc-update add fuse default
rc-update add lm_sensors default
rc-update add acpid default
rc-update add NetworkManager default
rc-update add libvirtd default

If some of those services are not present in the system for you to enable them just continue. In my case I could just enable: lvm, dmcrypt, mdraid, elogind, avahi-daemon, avahi-dnsconfd, udev, dbus, fuse and lm_sensors.


30) Exit chroot, unmount the partitions, turn off the swap, deactivate the logical volumes, deactivate the swap volume, close LUKS and restart the system:

exit
umount /mnt/boot
umount /mnt/home
umount /mnt

you can also umount the three partitions by using the sole command:

umount -R /mnt
swapoff -a
lvchange -an /dev/lvmvg/root
lvchange -an /dev/lvmvg/home
lvchange -an /dev/lvmvg/swap
cryptsetup close lvm
reboot

Restart your computer. Enter the password that you created for the encrypted partition before. When prompted with a black screen (tty1) introduce root as your username and latter your root password. When prompted with the root command line enter:

rc-update add gdm default

and after:

rc-service gdm start

That would initialize the gnome display manager and then you will be able to see “graphically” the Hyperbola system that you have installed.



References:


https://gist.github.com/Psycosy/dbe9bcf … aa6a188e17

https://wiki.parabola.nu/Installing_Par … ing_/boot)

https://libreboot.org/docs/gnulinux/enc … abola.html

https://libreboot.org/docs/gnulinux/con … abola.html

https://wiki.hyperbola.info/doku.php?id … :beginners

https://wiki.hyperbola.info/doku.php?id … stallation

https://wiki.hyperbola.info/doku.php?id … stallation

https://wiki.hyperbola.info/doku.php?id … ive_images

https://wiki.hyperbola.info/doku.php?id … redirect=1

https://stafwag.github.io/blog/blog/201 … al-volume/

https://lumidify.gitlab.io/articles/ins … abola.html

https://github.com/jieverson/dotfiles/w … or-dummies

https://wiki.gentoo.org/wiki/OpenRC_to_ … Cheatsheet

https://wiki.archlinux.org/index.php/Sudo

https://itsfoss.com/swap-size/

2 (edited by zapper 2019-01-30 18:33:47)

Re: Guide for an encrypted installation of Hyperbola (no boot). Newbies.

ΙΧΘΥΣ wrote:

The steps listed bellow describes the installation of Hyperbola GNU/Linux-libre using a wired connection. The computer is a Thinkpad with a free initialization program (Libreboot). While it should be possible to boot from an encrypted partition using Libreboot this installation will create a small unencrypted boot partition.

Anytime I have tried to install Hyperbola using the full disk encryption method (with the boot included), I have found that at the end of the process I was not able to automatically initialize the system. In those cases, anytime I wanted to run the system I was forced to manually boot it by entering a series of commands into the GRUB command line. That is, after the computer started I had to Press C and write:

grub> cryptomount -a
grub> set root=’lvm/lvmvg-root’
grub> linux /boot/vmlinuz-linux-libre root=/dev/lvmvg/root cryptdevice=/dev/sda2:lvmvg
grub> initrd /boot/initramfs-linux-libre.img
grub> boot

Therefore, I felt that the benefits of trying to install Hyperbola with a full disk encryption were, in my case, not that important as when compared with the difficulties that always arised from it.

While I am conscious that the above mentioned problem could be avoided by modifying the Libreboot GRUB configuration file, I personally find that this later task may require a level of technical ability which might be out of my reach at the present moment. (https://libreboot.org/docs/gnulinux/grub_cbfs.html). 

This guide basically reproduces the information contained in other webs and adapt it to the case of a Hyperbola installation. Special reference will be made to the method described by Github contributor Psycosy for installing Parabola (https://gist.github.com/Psycosy/dbe9bcf … aa6a188e17). I have referenced all the websites that served me to ellaborate this guide at the bottom of this post.

This guide intends to serve other persons like me who have a limited computer knowledge for they to be able to easily install Hyperbola in an encrypted manner. It also intendes to set here notes that could serve myself as some reminders for a future reinstallation of Hyperbola.

Please, feel free to comment the errors that I could have made during the installation or the suggestions for improving it. I think in this way, people like me who are getting familiar with Hyperbola can learn in the process. Thanks for your help in that regard.

Sorry for the spelling errors and grammatical mistakes. English is not my mother tongue.




Verification:


1) Download the ISO image from: https://www.hyperbola.info/download/


2) Download the following four archives to verify the authenticity of the ISO:

hyperbola(...).iso.sha512
hyperbola(...).iso.512.sig
hyperbola(...).iso.whirlpool
hyperbola (...).iso.whirlpool.sig


3) Keep all the downloaded archives in a folder in my case (live_image).


4) Access the folder using the terminal:

cd live_image

5) Import Parabola singing key:

gpg --keyserver pgp.mit.edu --recv-key "C92B AA71 3B8D 53D3 CAE6 3FC9 E697 4752 F970 4456"

If you find some error with the previous command try instead:

gpg --keyserver pgp.mit.edu --recv-key F9704456

Now check the fingerprint of the imported key:

gpg --list-key --with-fingerprint F9704456

Check that the fingerprint matches "C92B AA71 3B8D 53D3 CAE6 3FC9 E697 4752 F970 4456".


6) Verify the signature of the shasum file:

gpg --verify hyperbola-milky-way-v0.2.5-dual.iso.sha512.sig hyperbola-milky-way-v0.2.5-dual.iso.sha512

You should be prompted with a "Good Signature" message.


7) Now verify the shasum of the iso agaisnt the one contained in the sha512 file. If your system has coreutils preinstalled just type:

sha512sum -c hyperbola-milky-way-v0.2.5-dual.iso.sha512

the result should be:

hyperbola-milky-way-v0.2.5-dual.iso: OK


8) You can also verify the authenticity and integrity of the ISO with the most secure hash WHIRLPOOL.

Having rhash preinstalled type:

gpg –-verify hyperbola-milky-way-v0.2.5-dual.iso.whirlpool.sig  hyperbola-milky-way-v0.2.5-dual.iso.whirlpool

You should be prompted again with the message "Good Signature”.

Then after, type:

whirlpool-hash -c hyperbola-milky-way-v0.2.5-dual.iso.whirlpool

You should see the message "Everything OK"


9) Now you can burn the ISO image to a CD or DVD and restart the computer where you want to install Hyperbola booting it from that CD/DVD.




Installation:


After having verified that the ISO is authentic and that it has not been tampered let us proceed with the proper installation.

1) Find out the device name where you want to install Hyperbola (in my case sda):

lsblk

2) Overwrite it with random data:

badblocks -c 10240 -s -w -t random -v /dev/sda

3) Start the creation of a partition table:

fdisk /dev/sda

4) Create a 1GB partition for the unencrypted boot:

Command (m for help): n
Partition type
   p   primary (0 primary, 0 extended, 4 free)
   e   extended (container for logical partitions)
Select (default p): p
Partition number (1-4, default 1): 
First sector (2048-224674127, default 2048): 
Last sector, +sectors or +size{K,M,G,T,P} (2048-224674127, default 224674127):+1G
Created a new partition 1 of type 'Linux' and of size 1 GiB.

5) Create a partition with the rest of the disk where to allocate the encrypted LUKS container:

Command (m for help):[b] n[/b]
Partition type
   p   primary (1 primary, 0 extended, 3 free)
   e   extended (container for logical partitions)
Select (default p):[b] p[/b]
Partition number (2-4, default 2): 
First sector (2099200-224674127, default 2099200): 
Last sector, +sectors or +size{K,M,G,T,P} (2099200-224674127, default 224674127): 

Created a new partition 2 of type 'Linux' and of size 106.1 GiB.

6) If you need it, you can check at this point the partition table that you are going to create with the command p:

Device     Boot   Start       End   Sectors   Size Id Type
/dev/sda1          2048   2099199   2097152     1G 83 Linux
/dev/sda2       2099200 224674127 222574928 106.1G 83 Linux

7) When you are ready to continue save the changes made with command w:

Command (m for help): w
The partition table has been altered.
Calling ioctl() to re-read partition table.
Syncing disks.

8) Encrypt the partition /dev/sda2 (after having decided which is the encryption hash that you prefer from out the results given to you by the performance test executed by the command   

cryptsetup benchmark

In my case I use:

cryptsetup --cipher serpent-xts-plain64 --key-size 512 --hash whirlpool --use-random luksFormat /dev/sda2

You will now be asked twice for a password for this LUKS partition.


9) Open the LUKS partition:

cryptsetup open /dev/sda2 lvm

10) Create the physical volume:

pvcreate /dev/mapper/lvm

11) Create the volume group:

vgcreate lvmvg /dev/mapper/lvm

12) Setup the logical volumes:

lvcreate -L 10G -n root lvmvg
lvcreate -L 8G -n swap lvmvg
lvcreate -l 100%FREE -n home lvmvg

I think it is not necessary nowadays but I will use choose double of my RAM memory for the swap logical volume. For checking how much RAM memory you have installed on your computer check the line “MemTotal” of the results given by the following command:

cat /proc/meminfo A

Alternatively these commands maybe be used for the same purpose: vmstat -s or vmstat -s. Other recommendations here: https://itsfoss.com/swap-size/


13) Format the filesystems of each logical volume:

mkfs.ext4 /dev/mapper/lvmvg-root
mkfs.ext4 /dev/mapper/lvmvg-home
mkswap /dev/mapper/lvmvg-swap

14) Mount the filesystems:

mount /dev/mapper/lvmvg-root /mnt
mkdir /mnt/home
mount /dev/mapper/lvmvg-home /mnt/home
swapon /dev/mapper/lvmvg-swap

15) Setup the boot partition:

mkfs.ext4 /dev/sda1
mkdir /mnt/boot
mount /dev/sda1 /mnt/boot

16) Install the base system:

pacstrap /mnt

17) Generate an fstab file, to define how disk partitions should be mounted into the filesystem:

genfstab -p /mnt >> /mnt/etc/fstab

18) Enter into the system to begin to configure it. This process is usually referred as “chrooting”. Chroot is short for change root. The idea is to change the root directory from / to a directory down the tree:

arch-chroot /mnt /bin/bash

19) Setting up language and adjusting clock to Coordinated Universal Time (UTC):

echo LANG=en_US.UTF-8 >> /etc/locale.conf
echo LANGUAGE=en_US >> /etc/locale.conf
echo LC_ALL=C >> /etc/locale.conf
ln -s /usr/share/zoneinfo/Europe/Copenhagen /etc/localtime
hwclock --systohc -–utc
nano /etc/locale.gen

Edit /etc/locale.gen and uncomment the language that you want your system to use. In this case I will uncomment en_US.UTF-8 UTF-8. (“uncomment” means removing the hash symbol from be line that you want to select).
Save and quit the file, and generate new location:

locale-gen
echo LANG=en_US.UTF-8 > /etc/locale.conf
echo LC_TIME=en_US.UTF-8 >> /etc/locale.conf
export LANG=en_US.UTF-8

20) Configure /etc/mkinitcpio.conf for encryption and LVM:

nano /etc/mkinitcpio.conf

Change the value of the uncommented HOOKS line to the following:

HOOKS="base udev autodetect modconf block encrypt lvm2 filesystems keyboard fsck"

21) Regenerate the linux initrd image:

mkinitcpio -p linux-libre-lts

22) Install and configure GRUB:

pacman -S grub-bios os-prober
grub-install /dev/sda
grub-mkconfig -o /boot/grub/grub.cfg
nano /boot/grub/grub.cfg

Add "cryptdevice=/dev/sda2:lvmvg" between "root=..." and "rw" in the line that starts with linux. This needs to be done for "linux-libre" and "linux-libre-fallback".


23) Set a password for your root:

passwd

24) Create an user and add it to the group of users “Wheel” In my case I choose the name “pc” but you can change to whatever you prefer:

useradd -m -g users -G wheel -s /bin/bash pc

25) Set a password for the user:

passwd pc

Change “pc” for whatever your username is.


26) For being able to occasionally give root priviledges to your user you need to instert it in to the list of sudoers.

First download the package sudo:

pacman -S sudo

Later edit the sudo configuration file: /etc/sudoers:

nano /etc/sudoers

Go to the uncommented line where it is written “root ALL=(ALL)” and under it add your user:

pc ALL=(ALL) ALL

Change “pc” with the name of your username.


27) Network configuration

Write your hostname to /etc/hostname. I choose “localhost”:

echo localhost > /etc/hostname

For a wired internet connection enable the dhcpcd service:

rc-update add dhcpcd default
rc-service dhcpcd start

For a wireless connection install the following packages:

pacman -S iw dialog networkmanager

28) Set up the graphical user interface.

First install the display server Xorg:

sudo pacman -S xorg-server

Install the video drivers:

pacman -S xf86-video-intel

Install the desktop environment. In my case I choose gnome:

pacman -Syy gnome

29) Enable the necessary services before leaving chroot. Try to add each of the services of the list posted below as it is recommended by Zapper and Aether (https://forums.hyperbola.info/viewtopic … d=203#p203):

rc-update add lvm boot
rc-update add dmcrypt boot
rc-update add mdraid boot
rc-update add cronie default
rc-update add elogind default
rc-update add alsasound default
rc-update add avahi-daemon default
rc-update add avahi-dnsconfd default
rc-update add ntpd default
rc-update add udev default
rc-update add dbus default
rc-update add fuse default
rc-update add lm_sensors default
rc-update add acpid default
rc-update add NetworkManager default
rc-update add libvirtd default

If some of those services are not present in the system for you to enable them just continue. In my case I could just enable: lvm, dmcrypt, mdraid, elogind, avahi-daemon, avahi-dnsconfd, udev, dbus, fuse and lm_sensors.


30) Exit chroot, unmount the partitions, turn off the swap, deactivate the logical volumes, deactivate the swap volume, close LUKS and restart the system:

exit
umount /mnt/boot
umount /mnt/home
umount /mnt

you can also umount the three partitions by using the sole command:

umount -R /mnt
swapoff -a
lvchange -an /dev/lvmvg/root
lvchange -an /dev/lvmvg/home
lvchange -an /dev/lvmvg/swap
cryptsetup close lvm
reboot

Restart your computer. Enter the password that you created for the encrypted partition before. When prompted with a black screen (tty1) introduce root as your username and latter your root password. When prompted with the root command line enter:

rc-update add gdm default

and after:

rc-service gdm start

That would initialize the gnome display manager and then you will be able to see “graphically” the Hyperbola system that you have installed.



References:


https://gist.github.com/Psycosy/dbe9bcf … aa6a188e17

https://wiki.parabola.nu/Installing_Par … ing_/boot)

https://libreboot.org/docs/gnulinux/enc … abola.html

https://libreboot.org/docs/gnulinux/con … abola.html

https://wiki.hyperbola.info/doku.php?id … :beginners

https://wiki.hyperbola.info/doku.php?id … stallation

https://wiki.hyperbola.info/doku.php?id … stallation

https://wiki.hyperbola.info/doku.php?id … ive_images

https://wiki.hyperbola.info/doku.php?id … redirect=1

https://stafwag.github.io/blog/blog/201 … al-volume/

https://lumidify.gitlab.io/articles/ins … abola.html

https://github.com/jieverson/dotfiles/w … or-dummies

https://wiki.gentoo.org/wiki/OpenRC_to_ … Cheatsheet

https://wiki.archlinux.org/index.php/Sudo

https://itsfoss.com/swap-size/

Any update on how you are doing with regard to when you are making this guide? And also how about an FDE with /boot for coreboot. smile

A guide like that would be good for me for sure.

HyperbolaBSD: The Future of Secure Libre Lightweight Operating Systems!

3

Re: Guide for an encrypted installation of Hyperbola (no boot). Newbies.

Tried your guide just now, and something absolutely insane happened.

https://issues.hyperbola.info/index.php … sk_id=1373



Can you look at this error for me? It's a hella weird.

HyperbolaBSD: The Future of Secure Libre Lightweight Operating Systems!

4

Re: Guide for an encrypted installation of Hyperbola (no boot). Newbies.

winter(zapper) wrote:

The issue is attached within a picture.

What picture? I Don't see any hmm
If the problem is what I understand it is, then maybe it's the matter of changing a single option in gnome? Like here:
https://askubuntu.com/questions/1108204 … 04-desktop

5

Re: Guide for an encrypted installation of Hyperbola (no boot). Newbies.

koszko wrote:
winter(zapper) wrote:

The issue is attached within a picture.

What picture? I Don't see any hmm
If the problem is what I understand it is, then maybe it's the matter of changing a single option in gnome? Like here:
https://askubuntu.com/questions/1108204 … 04-desktop

hmm... I would have to email you, but no, several fake partitions are appearing on my desktop as if mounted.  I cannot explain much better without showing you via email. sadly...

HyperbolaBSD: The Future of Secure Libre Lightweight Operating Systems!

6

Re: Guide for an encrypted installation of Hyperbola (no boot). Newbies.

koszko wrote:
winter(zapper) wrote:

The issue is attached within a picture.

What picture? I Don't see any hmm
If the problem is what I understand it is, then maybe it's the matter of changing a single option in gnome? Like here:
https://askubuntu.com/questions/1108204 … 04-desktop

Nevermind, I reinstalled and got it to work.  Interesting fact btw, you can do this guide on a virtual machine too! cool right? smile

HyperbolaBSD: The Future of Secure Libre Lightweight Operating Systems!

7 (edited by zapper 2022-04-09 02:45:59)

Re: Guide for an encrypted installation of Hyperbola (no boot). Newbies.

Does this guide work for 0.4 isos?

Just want to know before I try to install it tomorrow, in case some irritating happens...

wink

Edit: To be more clear, if it doesn't work, can someone make a modification so it will work if it doesn't already, I want to wake up tomorrow with an answer if possible...

If not, meh, I will try anyways!

Via vm...

peace...

wink

HyperbolaBSD: The Future of Secure Libre Lightweight Operating Systems!

8

Re: Guide for an encrypted installation of Hyperbola (no boot). Newbies.

it works fine zapper wink

9

Re: Guide for an encrypted installation of Hyperbola (no boot). Newbies.

rachad wrote:

it works fine zapper wink

It does, as long as before this:

21) Regenerate the linux initrd image:
mkinitcpio -p linux-libre-lts

you do this:

pacman -S cryptsetup grub os-prober

Probably the grub and os-prober aren't needing to be installed then, but I just tried a 0.4 ISO, because I am going to migrate a computer off of a devuan based distro due to some irritating issues,  to Hyperbola 0.4

Until HyperbolaBSD can work on heads and/also/or  nitrokey-heads-build, etc...

that being said, the only problem I spotted initally was cryptsetup DID not, appear to be installed once I chrooted in...

weird stuff right?

I am puzzled as to why this happened...

By the way, what is the current recommended cipher now in 2022?

I somehow doubt its still Serpent-xts-plain64...

If anyone knows, let me know!

I am very curious to this and possibly other questions...

I very much hope once HyperbolaBSD 1.0 is out, that some people will flock here to support ARM-64, or ARM as a whole,

Not many libre operating systems support ARM...

Hell, not even many operating systems do, IN GENERAL!

Long winded rant = over wink

HyperbolaBSD: The Future of Secure Libre Lightweight Operating Systems!