BIOS: InsydeH2O GFW30 03.07 (originally 03.02) Processor: 11th Gen Intel(R) Core(TM) i5-1135G7 @ 2.40 GHz System Bus: 100 MHz System Memory: 3200 MT/s Cache RAM: 5120 MB Total Memory: 16384 MB Controller0 Channel0 SODIMM0: 8192 MB Controller0 Channel0 S CPUID: 0x806C1 (TigerLake ULT) CPU Speed: 2400 MHz CPU Stepping: 806C1 (B0 Stepping) L1 Data Cache: 48 KB X 4 L1 Instruction Cache: 32 KB x 4 L2 Cache: 1280 KB x 4 L3 Cache: 8 MB Number of Processors: 4 Core(s) / 8 Thread(s) Microcode Rev: 00000086 GT Info: 0x9A49 SMX/TXT: Un-Supported PCH Rev/SKU: 20 (B0 Stepping) / TGL PCH-LP U Premium GOP Ver: 17.0.1059 EC Ver: hx20_v0.0.1-369d3c3 PD Controller 1 Ver: 3.4.0.2570 PD Controller 2 Ver: 3.4.0.2570 FAB ID: 0 Intel ME Version / SKU: 15.0.23.1706 / CONSUMER
- Ethernet cable to the LAN
- Ethernet adapter (I have a USB-C-based one)
- USB Drive (I used an old Staples 8GB USB Drive)
q.v. https://wiki.gentoo.org/wiki/Framework_Laptop#Installation q.v. https://community.frame.work/t/public-beta-test-bios-v3-06-driver-bundle-2021-10-29/10167 q.v. https://knowledgebase.frame.work/en_us/framework-laptop-bios-releases-S1dMQt6F
- Download BIOS 3.07 EFI Shell update
- Extract contents of zip folder to a FAT32 formatted USB drive.
- Disable secure boot in BIOS (tap F2 while booting, navigate to Security -> Secure Boot, and set Enforce Secure Boot to Disabled. Press F10 to save and exit.)
- With power plugged in, boot your system while tapping F12, and select the USB drive. NOTE: The F12 setup menu will only show devices that have a valid EFI boot partitions.
- Let startup.nsh run automatically.
- System will reboot, and you can unplug the USB drive.
q.v. https://wiki.gentoo.org/wiki/Handbook:AMD64/Installation/Media#Downloading
Note: I'm starting from an install of Elementary OS which I originally got running on this same Framework computer.
- Visit https://www.gentoo.org/downloads/
- Find amd64
- Download "Minimal Installation CD"
- https://bouncer.gentoo.org/fetch/root/all/releases/amd64/autobuilds/20220612T170541Z/install-amd64-minimal-20220612T170541Z.iso
- Insert a USB drive
- Wait a few seconds
- Get the device name used by the USB drive
$ dmesg | grep "blocks:" | tail -1
[ 322.110100] sd 0:0:0:0 [sda] 15663104 512-byte logical blocks: (8.02 GB / 7.47 GiB)
Note: Size is 8.02 GB which matches that of my target USB drive, so sda is my value for $USB_DEVICE in next step.
- Burn the image to the USB drive
$ dd if=/path/to/install-amd64-minimal-20220612T170541Z.iso of=/dev/$USB_DEVICE bs=8192k
- Shutdown
q.v. https://wiki.gentoo.org/wiki/Handbook:AMD64/Installation/Media#Booting
- Plug in ethernet cable
- Tap F12 when booting to enter Boot Option Menu
- Select EFI USB Device (SMI USB DISK)
- Select Boot LiveCD (kernel: gentoo)
- At prompt about keymap enter 43 for US. (default is azerty which is probably fine if you miss it).
q.v. https://wiki.gentoo.org/wiki/Handbook:AMD64/Installation/Networking
- If ethernet is wired at boot time, networking should work
$ ping -c3 www.gentoo.org
PING dualstack.k.sni.global.fastly.net (151.101.2.137) 56(84) data bytes of data.
64 bytes from 151.101.2.137 (151.101.2.137): icmp_seq=0 ttl=58 time=26.102 ms
64 bytes from 151.101.2.137 (151.101.2.137): icmp_seq=1 ttl=58 time=16.225 ms
64 bytes from 151.101.2.137 (151.101.2.137): icmp_seq=2 ttl=58 time=19.776 ms
--- dualstack.k.sni.global.fastly.net ping statistics ---
3 packets transmitted, 3 packets received, 0.0% packet loss, time 2003ms
rt min/avg/max/mdev = 16.225/19.776/26.102/4.401 ms
q.v. https://wiki.gentoo.org/wiki/Handbook:AMD64/Installation/Disks q.v. https://wiki.gentoo.org/wiki/Full_Disk_Encryption_From_Scratch_Simplified
parted -a opt /dev/nvme0n1
(parted)rm 3
(parted)rm 2
(parted)rm 1
(parted)unit mib
#Create a GPT partition table:
(parted)mklabel gpt
#Create the BIOS partition:
(parted)mkpart primary 1 3
(parted)name 1 grub
(parted)set 1 bios_grub on
#Create boot partition. This partition will contain GRUB files, plain (unencrypted) kernel and kernel initrd:
(parted)mkpart primary fat32 3 515
(parted)name 2 boot
(parted)set 2 BOOT on
(parted)mkpart primary 515 -1
(parted)name 3 lvm
(parted)set 3 lvm on
#Everything is done, exit parted:
(parted)quit
mkfs.vfat -c -v -F32 /dev/nvme0n1p2
cryptsetup -v luksFormat /dev/nvme0n1p3
Are you sure? (Type `yes` in capital letters): YES
Enter passphrase for /dev/nvme0n1p3: *******************
Verify passphrase: *******************
Key slot 0 created.
Command successful.
root@localhost #cryptsetup luksOpen /dev/nvme0n1p3 lvm Note For more information about LVM see the dedicated article.
Create LVM structure for partition mapping (/root, /var, and /home):
Crypt physical volume group: root@localhost #lvm pvcreate /dev/mapper/lvm
Create volume group vg0: root@localhost #vgcreate vg0 /dev/mapper/lvm
Create logical volume for /root filesystem: root@localhost #lvcreate -L 25G -n root vg0
Create logical volume for /var filesystem: root@localhost #lvcreate -L 40G -n var vg0
Create a contiguous logical volume for swap lvcreate -C y -L 32G -n swap vg0
Create logical volume for /home filesystem: root@localhost #lvcreate -l 100%FREE -n home vg0
Build ext4 filesystem on each logical volume: root@localhost #mkfs.ext4 /dev/mapper/vg0-root root@localhost #mkfs.ext4 /dev/mapper/vg0-var root@localhost #mkfs.ext4 /dev/mapper/vg0-home
root@localhost #mkswap /dev/mapper/vg0-swap root@localhost #swapon /dev/mapper/vg0-swap
Create mount point for permanent Gentoo: root@localhost #mkdir /mnt/gentoo
Mount the root filesystem from the encrypted LVM partition: root@localhost #mount /dev/mapper/vg0-root /mnt/gentoo
Create mount point for permanent Gentoo /var: root@localhost #mkdir /mnt/gentoo/var
Mount var from encrypted LVM partition: root@localhost #mount /dev/mapper/vg0-var /mnt/gentoo/var
Mount home from encrypted LVM partition: root@localhost #mount /dev/mapper/vg0-home /mnt/gentoo/home
mkdir -p /mnt/gentoo/tmp mkdir -p /mnt/gentoo/var/tmp chmod 1777 /mnt/gentoo/tmp chmod 1777 /mnt/gentoo/var/tmp
And switch into /mnt/gentoo: root@localhost #cd /mnt/gentoo
q.v. https://wiki.gentoo.org/wiki/Handbook:AMD64/Installation/Stage q.v. https://wiki.gentoo.org/wiki/Full_Disk_Encryption_From_Scratch_Simplified#rootfs_install
links https://www.gentoo.org/downloads/mirrors/
Downloads
stage3-amd64-nomultilib-openrc-20220612T170441Z.tar.xz
$ tar xpvf stage3-*.tar.xz --xattrs-include='*.*' --numeric-owner
q.v. https://wiki.gentoo.org/wiki/Handbook:AMD64/Installation/Stage#Configuring_compile_options
$ cp /mnt/gentoo/usr/share/portage/config/make.conf.example /mnt/gentoo/etc/portage/make.conf
$ vi /mnt/gentoo/etc/portage/make.conf
$ grep -E "^[A-Z]" /mnt/gentoo/etc/portage/make.conf
CHOST="x86_64-pc-linux-gnu"
COMMON_FLAGS="-march=native -O2 -pipe"
CFLAGS="${COMMON_FLAGS}"
CXXFLAGS="${COMMON_FLAGS}"
MAKEOPTS="-j4"
q.v. https://wiki.gentoo.org/wiki/Handbook:AMD64/Installation/Base
$ mirrorselect -i -o >> /mnt/gentoo/etc/portage/make.conf $ mkdir --parents /mnt/gentoo/etc/portage/repos.conf $ cp /mnt/gentoo/usr/share/portage/config/repos.conf /mnt/gentoo/etc/portage/repos.conf/gentoo.conf
$ cp --dereference /etc/resolv.conf /mnt/gentoo/etc/
root #mount --types proc /proc /mnt/gentoo/proc root #mount --rbind /sys /mnt/gentoo/sys root #mount --make-rslave /mnt/gentoo/sys root #mount --rbind /dev /mnt/gentoo/dev root #mount --make-rslave /mnt/gentoo/dev root #mount --bind /run /mnt/gentoo/run root #mount --make-slave /mnt/gentoo/run
root #chroot /mnt/gentoo /bin/bash
root #source /etc/profile
root #export PS1="(chroot) ${PS1}"
mount /dev/nvme0np2 /boot
$ emerge-webrsync $ eselect profile set <default/linux/amd64/17.1/no-multilib (stable)
Shows the flags used to make the USB boot env $ emerge --info | grep -Eo "^USE="[^\"]+"" USE_FLAGS="acl amd64 bzip2 cli crypt dri fortran gdbm iconv ipv6 libglvnd libtirpc ncurses nls nptl openmp pam pcre readline seccomp split-usr ssl unicode xattr zlip"
$ emerge --ask app-portage/cpuid2cpuflags
echo "UTC" > /etc/timezone
$ echo "sys-kernel/linux-firmware @BINARY-REDISTRIBUTABLE" | tee -a /etc/portage/package.license $ emerge --ask sys-kernel/linux-firmware
* Messages for package sys-kernel/linux-firmware-20220610:
* Your configuration for sys-kernel/linux-firmware-20220610 has been saved in
* "/etc/portage/savedconfig/sys-kernel/linux-firmware-20220610" for your editing pleasure.
* You can edit these files by hand and remerge this package with
* USE=savedconfig to customise the configuration.
* You can rename this file/directory to one of the following for
* its configuration to apply to multiple versions:
* ${PORTAGE_CONFIGROOT}/etc/portage/savedconfig/
* [${CTARGET}|${CHOST}|""]/${CATEGORY}/[${PF}|${P}|${PN}]
* If you are only interested in particular firmware files, edit the saved
* configfile and remove those that you do not want.
>>> Auto-cleaning packages...
emerge --ask sys-kernel/gentoo-sources eselect kernel list eselect kernel set 1 emerge --ask sys-apps/pciutils
(chroot) livecd / # lspci
00:00.0 Host bridge: Intel Corporation 11th Gen Core Processor Host Bridge/DRAM Registers (rev 01)
00:02.0 VGA compatible controller: Intel Corporation TigerLake-LP GT2 [Iris Xe Graphics] (rev 01)
00:04.0 Signal processing controller: Intel Corporation TigerLake-LP Dynamic Tuning Processor Participant (rev 01)
00:06.0 PCI bridge: Intel Corporation 11th Gen Core Processor PCIe Controller (rev 01)
00:07.0 PCI bridge: Intel Corporation Tiger Lake-LP Thunderbolt 4 PCI Express Root Port #0 (rev 01)
00:07.1 PCI bridge: Intel Corporation Tiger Lake-LP Thunderbolt 4 PCI Express Root Port #1 (rev 01)
00:07.2 PCI bridge: Intel Corporation Tiger Lake-LP Thunderbolt 4 PCI Express Root Port #2 (rev 01)
00:07.3 PCI bridge: Intel Corporation Tiger Lake-LP Thunderbolt 4 PCI Express Root Port #3 (rev 01)
00:08.0 System peripheral: Intel Corporation GNA Scoring Accelerator module (rev 01)
00:0a.0 Signal processing controller: Intel Corporation Tigerlake Telemetry Aggregator Driver (rev 01)
00:0d.0 USB controller: Intel Corporation Tiger Lake-LP Thunderbolt 4 USB Controller (rev 01)
00:0d.2 USB controller: Intel Corporation Tiger Lake-LP Thunderbolt 4 NHI #0 (rev 01)
00:0d.3 USB controller: Intel Corporation Tiger Lake-LP Thunderbolt 4 NHI #1 (rev 01)
00:12.0 Serial controller: Intel Corporation Tiger Lake-LP Integrated Sensor Hub (rev 20)
00:14.0 USB controller: Intel Corporation Tiger Lake-LP USB 3.2 Gen 2x1 xHCI Host Controller (rev 20)
00:14.2 RAM memory: Intel Corporation Tiger Lake-LP Shared SRAM (rev 20)
00:15.0 Serial bus controller: Intel Corporation Tiger Lake-LP Serial IO I2C Controller #0 (rev 20)
00:15.1 Serial bus controller: Intel Corporation Tiger Lake-LP Serial IO I2C Controller #1 (rev 20)
00:15.3 Serial bus controller: Intel Corporation Tiger Lake-LP Serial IO I2C Controller #3 (rev 20)
00:16.0 Communication controller: Intel Corporation Tiger Lake-LP Management Engine Interface (rev 20)
00:1d.0 PCI bridge: Intel Corporation Device a0b1 (rev 20)
00:1f.0 ISA bridge: Intel Corporation Tiger Lake-LP LPC Controller (rev 20)
00:1f.3 Audio device: Intel Corporation Tiger Lake-LP Smart Sound Technology Audio Controller (rev 20)
00:1f.4 SMBus: Intel Corporation Tiger Lake-LP SMBus Controller (rev 20)
00:1f.5 Serial bus controller: Intel Corporation Tiger Lake-LP SPI Controller (rev 20)
01:00.0 Non-Volatile memory controller: Sandisk Corp WD PC SN810 / Black SN850 NVMe SSD (rev 01)
aa:00.0 Network controller: Intel Corporation Wi-Fi 6 AX210/AX211/AX411 160MHz (rev 1a)
(chroot) livecd / # lsmod
Module Size Used by
dm_crypt 40960 1
8021q 28672 0
ipv6 397312 28
fan 16384 0
snd_hda_codec_hdmi 49152 0
ee1004 16384 0
i2c_designware_platform 16384 0
i2c_designware_core 24576 1 i2c_designware_platform
wmi_bmof 16384 0
snd_hda_codec_realtek 110592 1
snd_hda_codec_generic 61440 1 snd_hda_codec_realtek
ledtrig_audio 16384 1 snd_hda_codec_generic
x86_pkg_temp_thermal 16384 0
kvm_intel 225280 0
snd_hda_intel 32768 0
snd_intel_dspcfg 16384 1 snd_hda_intel
kvm 704512 1 kvm_intel
snd_hda_codec 94208 4 snd_hda_codec_generic,snd_hda_codec_hdmi,snd_hda_intel,snd_hda_codec_realtek
iwlwifi 315392 0
snd_hda_core 65536 5 snd_hda_codec_generic,snd_hda_codec_hdmi,snd_hda_intel,snd_hda_codec,snd_hda_codec_realtek
irqbypass 16384 1 kvm
crct10dif_pclmul 16384 1
cfg80211 684032 1 iwlwifi
snd_pcm 94208 4 snd_hda_codec_hdmi,snd_hda_intel,snd_hda_codec,snd_hda_core
i2c_i801 24576 0
i2c_smbus 16384 1 i2c_i801
i2c_core 61440 5 i2c_designware_platform,i2c_designware_core,ee1004,i2c_smbus,i2c_i801
dm_multipath 28672 0
snd_timer 32768 1 snd_pcm
dm_mod 106496 20 dm_crypt,dm_multipath
snd 73728 6 snd_hda_codec_generic,snd_hda_codec_hdmi,snd_hda_intel,snd_hda_codec,snd_timer,snd_pcm
intel_lpss_pci 28672 0
soundcore 16384 1 snd
dax 32768 1 dm_mod
cdc_ether 16384 0
rfkill 24576 1 cfg80211
intel_lpss 16384 1 intel_lpss_pci
usbnet 28672 1 cdc_ether
mfd_core 16384 1 intel_lpss
video 49152 0
thermal 20480 0
wmi 24576 1 wmi_bmof
backlight 16384 1 video
button 20480 0
ac 16384 0
battery 20480 0
acpi_pad 16384 0
efivarfs 16384 1
usb_storage 61440 1
crc32c_intel 24576 6
aesni_intel 380928 2
crypto_simd 16384 1 aesni_intel
cryptd 16384 2 crypto_simd
xhci_pci 16384 0
nvme 32768 2
xhci_hcd 196608 1 xhci_pci
nvme_core 86016 3 nvme
emerge app-editors/neovim
emerge sys-kernel/genkernel
emerge sys-fs/cryptsetup
emerge --ask sys-kernel/dracut
dracut --kver=5.15.41-gentoo
$ blkid | sort
/dev/loop0: TYPE="squashfs"
/dev/mapper/lvm: UUID="JhFlBo-e3x5-OUW4-32h0-qRQq-0MvE-Qbwe5V" TYPE="LVM2_member"
/dev/mapper/vg0-home: UUID="bb5ab4c9-048a-4550-b115-50044de47cad" BLOCK_SIZE="4096" TYPE="ext4"
/dev/mapper/vg0-root: UUID="e00b65e2-9c41-448c-b680-d44f959c9bd3" BLOCK_SIZE="4096" TYPE="ext4"
/dev/mapper/vg0-swap: UUID="b32b3b5a-3ffd-4a19-b2b6-00e6d36a7f81" TYPE="swap"
/dev/mapper/vg0-var: UUID="373c24f1-fd52-49b1-8979-ce9ee4ff5a23" BLOCK_SIZE="4096" TYPE="ext4"
/dev/nvme0n1p1: PARTLABEL="grub" PARTUUID="5cea4a9e-a4b5-432b-b3fd-0b2798cb9191"
/dev/nvme0n1p2: UUID="3F89-5549" BLOCK_SIZE="512" TYPE="vfat" PARTLABEL="boot" PARTUUID="6ef86592-e9ef-4857-a4b1-3fe4ff213ad8"
/dev/nvme0n1p3: UUID="b93f9c08-2ee1-4cbd-a875-7903cadc9db1" TYPE="crypto_LUKS" PARTLABEL="lvm" PARTUUID="0e4e70d0-2650-4522-88c2-42f979cb4a86"
/dev/sda1: BLOCK_SIZE="2048" UUID="2022-06-12-18-24-39-95" LABEL="Gentoo amd64 20220612T170541Z" TYPE="iso9660" PTUUID="7e01c5f2" PTTYPE="dos" PARTUUID="7e01c5f2-01"
/dev/sda2: SEC_TYPE="msdos" LABEL_FATBOOT="GENTOOLIVE" LABEL="GENTOOLIVE" UUID="F67C-E9D9" BLOCK_SIZE="512" TYPE="vfat" PARTUUID="7e01c5f2-02"
/etc/fstab
UUID=3F89-5549 /boot vfat noauto,noatime 1 2
UUID=e00b65e2-9c41-448c-b680-d44f959c9bd3 / ext4 defaults 0 1
UUID=373c24f1-fd52-49b1-8979-ce9ee4ff5a23 /var ext4 defaults 0 1
UUID=bb5ab4c9-048a-4550-b115-50044de47cad /home ext4 defaults 0 1
# encrypted swap
UUID=b32b3b5a-3ffd-4a19-b2b6-00e6d36a7f81 none swap sw 0 0
# tmps
tmpfs /tmp tmpfs size=4G 0 0
emerge net-misc/dhcpcd
echo "sys-boot/grub:2 device-mapper" >> /etc/portage/package.use/sys-boot
/etc/default/grub
GRUB_CMDLINE_LINUX="dolvm crypt_root=UUID=b93f9c08-2ee1-4cbd-a875-7903cadc9db1"
grub-install --target=x86_64-efi --efi-directory=/boot grub-mkconfig -o /boot/grub/grub.cfg rc-update add lvm default
https://unix.stackexchange.com/questions/252428/how-do-i-apply-multiple-profiles-at-once-on-gentoo