-
-
Save jasonwryan/4618490 to your computer and use it in GitHub Desktop.
# Notes for installing on Samsung Series 9 | |
# UEFI boot: LVM on LUKS | |
# | |
# See the full blog post: | |
# http://jasonwryan.com/blog/2013/01/25/uefi/ | |
# check you are booted in uefi | |
modprobe efivars | |
ls /sys/firmware/efi/vars | |
# zero the drive | |
dd if=/dev/urandom of=/dev/sda | |
# Create partition table: GPT | |
install gptfdisk | |
sgdisk -Z /dev/sda | |
sgdisk -a 2048 -o /dev/sda | |
sgdisk -n 1:0:+200M /dev/sda | |
sgdisk -n 2:0:0 /dev/sda | |
sgdisk -t 1:ef00 /dev/sda | |
sgdisk -t 2:8300 /dev/sda | |
sgdisk -c 1:bootefi /dev/sda | |
sgdisk -c 2:root /dev/sda | |
# encrypt sda2 | |
modprobe dm-crypt | |
cryptsetup --cipher aes-xts-plain64 --key-size 512 --hash sha512\ | |
--iter-time 5000 --use-random --verify-passphrase luksFormat /dev/sda2 | |
cryptsetup luksOpen /dev/sda2 cryptdisk | |
# setup logical volumes | |
pvcreate /dev/mapper/cryptdisk | |
pvdisplay | |
vgcreate vgroup /dev/mapper/cryptdisk | |
vgdisplay | |
lvcreate --size 30G --name lvroot vgroup | |
lvcreate --extents +100%FREE --name lvhome vgroup | |
lvdisplay | |
# create filesystem | |
mkfs.vfat -F32 /dev/sda1 | |
mkfs.ext4 /dev/mapper/vgroup-lvroot | |
mkfs.ext4 /dev/mapper/vgroup-lvhome | |
# Mount the partitions | |
mnt /dev/mapper/vgroup-lvroot /mnt | |
mkdir -p /mnt/boot/efi | |
mount -t vfat /dev/sda1 /mnt/boot/efi | |
mkdir /mnt/home | |
mount /dev/mapper/vgroup-lvhome /mnt/home | |
### install base system ### | |
select a mirror | |
pacstrap -i /mnt base base-devel | |
genfstab -U -p /mnt >> /mnt/etc/fstab | |
vi /mnt/etc/fstab | |
# chroot time… | |
arch-chroot /mnt | |
# other modifications | |
# vi /etc/mkinitcpio.conf | |
# hooks | |
…encrypt lvm2 filesystems… shutdown… | |
# modules | |
vfat ext4 dm_mod dm_crypt aes_x86_64 i915 | |
# add options to /etc/lvm/lvm.conf | |
issue_discards 1 | |
# blacklist samsung module to prevent kernel panics | |
# bug: https://bugzilla.kernel.org/show_bug.cgi?id=47121 | |
# /etc/modprobe.d/samsung_module.conf | |
blacklist samsung_laptop | |
### bootloader ### | |
pacman -S gummiboot-efi | |
mkdir -p /boot/efi/EFI/gummiboot | |
cp /usr/lib/gummiboot/gummibootx64.efi /boot/efi/EFI/gummiboot/gummiboot.efi | |
efibootmgr -c -d /dev/sda -p 1 -w -L "Gummiboot" -l '\EFI\gummiboot\gummiboot.efi' | |
# copy files across | |
mkdir /boot/efi/arch | |
cp /boot/vmlinuz-linux /boot/efi/EFI/arch/vmlinuz-linux.efi | |
cp /boot/initramfs-linux.img /boot/efi/EFI/arch/initramfs-linux.img | |
cp /boot/initramfs-linux-fallback.img /boot/efi/EFI/arch/initramfs-linux-fallback.img | |
# create conf | |
# /boot/efi/loader/loader.conf | |
default arch | |
timeout 5 | |
# create /boot/efi/loader/entries/arch.conf | |
title Arch Linux | |
efi \EFI\arch\vmlinuz-linux.efi | |
options initrd=\EFI\arch\initramfs-linux.img cryptdevice=/dev/sda2:vgroup root=/dev/mapper/vgroup-lvroot ro | |
# after successfully rebooting, create service files to update gummiboot path | |
https://wiki.archlinux.org/index.php/Gummiboot#Automatic_copy_on_update |
As @jasonwryan informed me in the Arch Linux Forums, Gummiboot now allows /boot
to be used as the mountpoint. It's simpler and safer, since the kernel doesn't need to be moved.
In case you get the following error:
efibootmgr: command not found
A pacman -S efibootmgr
should fix the issue.
Also mkdir /boot/efi/arch
becomes mkdir /boot/efi/EFI/arch
Thanks for the guide! Exactly what I was looking for. Is there anything else needed for swap and hibernation/suspend to disk? I think the Arch wiki mentioned something about it in the page for dm-crypt.
For some reason, mkinitcpio was failing for me because the build directory of the modules was messed up. To fix it, I just reinstalled the kernel with pacman, it has the same effect and fixed everything.
I'm getting a "File system /boot is not a FAT EFI System partition" I know for a fact that I made it i mkfs.vfat -F32 /dev/sda1 and I just quit chroot, unmounted /mnt/boot/efi redid the format, remounted, went back in to chroot, and its still crying.
I fixed that, the gummiboot needs to be installed as gummiboot --path=/boot/efi/ install
but now I'm getting "cannot create regular file "......." :no such file or directory for these commands
mkdir /boot/efi/arch
cp /boot/vmlinuz-linux /boot/efi/EFI/arch/vmlinuz-linux.efi
cp /boot/initramfs-linux.img /boot/efi/EFI/arch/initramfs-linux.img
cp /boot/initramfs-linux-fallback.img /boot/efi/EFI/arch/initramfs-linux-fallback.img
Got those also, your mkdir was wrong.
What do you mean with the periods in
…encrypt lvm2 filesystems… shutdown…
Also, if I'm also using a /usr partition, where should I put usr in the hooks?
Proper change of alignment:
sgdisk -a 2048 -n 1:0:+200M /dev/sda
2048 is default, though.
Line 53 should be
mount
instead ofmnt
. Should be obvious, but... you know :)Also line 92 should be
mkdir /boot/efi/EFI/arch
And one more pitfall, after line 74, make sure to actually run
mkinitcpio
to generate new images.