Install Void Linux with LUKS/LVM/EFISTUB

void-luks-lvm-efistub.md

Install Void Linux with LUKS/LVM/EFISTUB

This guide is not very thorough because if it was it would be way to long. I am using the musl version of Void Linux for this install, but it's also possible with glibc, but some parts need to changed.

Disclaimer

I am not responsible for any actions you take!

License

This document is licensed under CC BY 4.0.

Guide

I will be using a laptop with one SSD.

Partitioning the drive(s)

You probably know how to. A root partition and an EFI partition is required. Please format the EFI partition with fat32.

$ mkfs -t vfat /dev/sda1

I will use LUKS and LVM, we will start with LUKS.

LUKS

1. Format partition

$ cryptsetup \
  --cipher aes-xts-plain64 \
  --key-size 256 \
  --hash sha256 \
  --iter-time 5000 \
  --use-random \
  --type luks2 \
  luksFormat /dev/sda2

2. Open partition

$ cryptsetup \
  --type luks2 \
  open /dev/sda2 cryptroot

LVM

LVM will sit on top of LUKS. I will only create a root partition, but you are welcome to create more partitions.

$ vgcreate voidvm /dev/mapper/cryptroot
$ lvcreate --name root -l 100%FREE voidvm
$ mkfs -t ext4 /dev/voidvm/root

Mounting & installing

Let's now mount all partitions.

$ mount /dev/voidvm/root /mnt
$ for dir in dev proc sys run; do mkdir -p /mnt/$dir ; mount --rbind /$dir /mnt/$dir ; mount --make-rslave /mnt/$dir ; done
$ mkdir -p /mnt/boot
$ mount /dev/sda1 /mnt/boot

Now that we have mounted all partitions, we install the base-system package.

$ xbps-install -Sy -R https://alpha.de.repo.voidlinux.org/current/musl -r /mnt \
  base-system cryptsetup lvm2 efibootmgr

Configuring

Now that the system has been installed it's time to configure it. Here are some basic settings that need to be set. I will use # to show that we are inside the chroot. this step is different on musl/glibc

$ chroot /mnt
# chown root:root /
# chmod 755 /
# passwd root
# echo myhostname > /etc/hostname
# vi /etc/locale.conf # Change if you need to

fstab

Just add your partitions to your /etc/fstab. Here is my fstab:

# <file system>         <dir>           <type>  <options>               <dump>  <pass>
tmpfs                   /tmp            tmpfs   defaults,nosuid,nodev   0       0
/dev/voidvm/root        /               ext4    defaults,noatime        0       0
/dev/sda1               /boot           vfat    defaults                0       0

Dracut

Create a new file /etc/dracut.conf.d/override.conf, add hostonly=yes.

# /etc/dracut.conf.d/override.conf
hostonly=yes

efibootmgr

This is the most complex part. Void Linux comes with a hook for setting up the EFI entry, but it doesn't work on all computers, some require vmlinuz to end with .efi, we will edit the hook for this purpose. There is currently an opened issue about this. I have also create a pull request fixing this, and another bug. Please do try installing without editing the hook. Before we maybe edit the hook we will need to edit the hook options. Please open /etc/default/efibootmgr-kernel-hook, you need to mount efivarfs before opening. mount -t efivarfs none /sys/firmware/efi/efivars

# Options for the kernel hook script installed by the efibootmgr package.
MODIFY_EFI_ENTRIES=1
# To allow efibootmgr to modify boot entries, set
# MODIFY_EFI_ENTRIES=1
# Kernel command-line options.  Example:
OPTIONS="loglevel=4 rd.luks.name=<LUKS root UUID>=cryptroot rd.lvm.vg=voidvm root=/dev/voidvm/root"
# Disk where EFI Partition is.  Default is /dev/sda
DISK="/dev/sda"
# Partition number of EFI Partition.  Default is 1
PART=1

Editing the hook

If you need to edit, please open /etc/kernel.d/post-install/50-efibootmgr in an editor. Right before "create the new entry" add a new line:

[ -f /boot/vmlinuz-${VERSION} ] && mv /boot/vmlinuz-${VERSION} /boot/vmlinuz-${VERSION}.efi
# create the new entry
efibootmgr -qc $args -L "Void Linux with kernel ${major_version}" -l /vmlinuz-${VERSION}.efi -u "${OPTIONS}"

The line up above is also edited. /vmlinuz-${VERSION} -> /vmlinuz-${VERSION}.efi

Avoiding the bug

There is currently broken "restore" logic in the hook, the bug invalidates the boot order, you vill need to check it and correct it.
View: efibootmgr
Edit: efibootmgr -o xxxx,xxxx,xxxx

Final steps

Now we just generate the kernel and efi entry:

$ xbps-reconfigure -f linuxY.X

Done

You should now be done

Great guide, thanks.

I noticed an error, it should be rd.luks.name=<LUKS root UUID>=cryptroot instead of rd.luks.name=<LUKS root UUID>:cryptroot (replace : with =).

[ -f /boot/vmlinuz-${VERSION} ] && mv /boot/vmlinuz-${VERSION} /boot/vmlinuz-${VERSION}.efi
this line creates errors when updating the kernel. and doesn't automatically rename vmlinuz* to vmlinuz*.efi, thus requiring a chroot from liveusb to fix.

@raspbeguy
You're probably right, but could you link to some documentation? (remember that there are differences between dracut and mkinitcpio)

@ted1922
As far as my testing goes, it works. Could you explain what goes wrong?

I currently don't have access to any machine to test theese issues, and VirtualBox doesn't have proper EFI support.

@ted1922 Here.

Thank you.

@dko1905
Sorry, I thought i had an error message saved - I clearly didn't. My recollection is that the [-f "xxx"] posts an error (I assume the test fails with the {$version} and thus doesn't modify the file name on the post-install hook when updating.

Running xbps-reconfigure -f linux... does work and succcesfully changes the file name to a .efi.

I wouldn't rule out user error in this, but it does seem that the first test doesn't work.

void linux censors packages they don't politically agree with
void-linux/void-packages#44422

Okay?