393 lines
21 KiB
HTML
393 lines
21 KiB
HTML
|
<!DOCTYPE html>
|
||
|
<html>
|
||
|
<head>
|
||
|
<title>Encrypted Gentoo install</title>
|
||
|
<link rel="stylesheet" href="../style.css">
|
||
|
<link rel="icon" type="image/x-icon" href="../../../assets/favicon.ico">
|
||
|
|
||
|
<meta charset="utf-8">
|
||
|
<meta name="description" content="My printer is Creality Ender 3 v2, I bought it because it is a classic well known printer brand and because
|
||
|
it is the newer and apperently better version of the good old Ender 3 which almost everyone has.">
|
||
|
<meta name="keywords" content="linux, free software, foss, 3d printing, free, open, furry, dragon, waffelo, heger, jakub, 3d printer">
|
||
|
<meta name="viewport" content="width=device-width, initial-scale=1, maximum-scale=1, user-scalable=0">
|
||
|
</head>
|
||
|
<body>
|
||
|
|
||
|
<div class="c-main">
|
||
|
<a href="/index.html">Return Home</a>
|
||
|
<h1 style="margin-bottom: 0px;">Encrypted Gentoo install on ThinkPad</h1>
|
||
|
<i>(6th June 2024)</i>
|
||
|
<br>
|
||
|
<p>
|
||
|
This is a small guide on how to do encrypted Gentoo install. This isn't really an all purpose article for all
|
||
|
cases, I just wrote this while I was installing Gentoo on my Thinkpad T430 laptop and wanted to make a article
|
||
|
that maybe could help someone a bit.
|
||
|
</p>
|
||
|
|
||
|
<br>
|
||
|
<h2>Preparing disks</h2>
|
||
|
<p>
|
||
|
First you will have to prepare your disk for the Gentoo installation. This will be the base for your entire system.
|
||
|
You will have to create four partitions <i>(bios boot, boot, swap and root)</i> using the program <span class="cdblk-m">gdisk</span>
|
||
|
and then use the <span class="cdblk-m">cryptsetup</span> command on the root partition to create encrypted luks container.
|
||
|
</p>
|
||
|
<br>
|
||
|
<h4>Creating an encrypted container</h4>
|
||
|
<p class="cdblk">cryptsetup -yv luksFormat /dev/sda4</p>
|
||
|
<br>
|
||
|
<h4>Opening the encrypted container</h4>
|
||
|
<p>Note that the pharse at the end of the command is the mapper name, you can choose any.</p>
|
||
|
<p class="cdblk">cryptsetup open /dev/sdb4 root</p>
|
||
|
<p>After opening the encrypted container, you can notice that it is located in the <span class="cdblk-m">/dev/mapper/root</span>.</p>
|
||
|
|
||
|
<br>
|
||
|
<h4>Formatting the partitions</h4>
|
||
|
<p>Now format the boot partition to ext4 and root to btrfs. And don't forget to format swap parition.</p>
|
||
|
<p class="cdblk">mkfs.ext4 /dev/sda2</p>
|
||
|
<p class="cdblk">mkfs.btrfs /dev/mapper/root</p>
|
||
|
<p class="cdblk">mkswap /dev/sda3</p>
|
||
|
|
||
|
<br>
|
||
|
<h2>Preparing the system</h2>
|
||
|
<p>
|
||
|
In this step you will need to download the stage3 tarball from the <a href="">Gentoo website</a> and extract it installation
|
||
|
<span class="cdblk-m">/mnt/gentoo/</span>. In my case <u>I will be using amd64 desktop profile with OpenRC</u>.
|
||
|
</p>
|
||
|
|
||
|
<h4>Mounting the disk</h4>
|
||
|
<p>
|
||
|
First you will need to create <span class="cdblk-m">/mnt/gentoo/</span> and <span class="cdblk-m">/mnt/gentoo/boot/</span>
|
||
|
</p>
|
||
|
<p class="cdblk">mkdir -p /mnt/gentoo/boot</p>
|
||
|
<p>And then mount the partitions</p>
|
||
|
<p class="cdblk">mount /dev/mapper/root /mnt/gentoo</p>
|
||
|
<p class="cdblk">mount /dev/sda2 /mnt/gentoo/boot</p>
|
||
|
<br>
|
||
|
<h4>Downloading and extracting the stage3 tarball</h4>
|
||
|
<p>
|
||
|
Go to the <a href="">Gentoo download website</a> and copy the download link of the selected tarball and download it into
|
||
|
<span class="cdblk-m">/mnt/gentoo/</span>.
|
||
|
</p>
|
||
|
<p class="cdblk">cd /mnt/gentoo</p>
|
||
|
<p class="cdblk">wget [tarball link]</p>
|
||
|
<p>After downloading the tarball, extract it using this command:</p>
|
||
|
<p class="cdblk">tar xpvf stage3-*.tar.xz --xattrs-include='*.*' --numeric-owner</p>
|
||
|
<p>After it is done extracting the tarball, you can delete the .tar.xz file.</p>
|
||
|
|
||
|
<br>
|
||
|
<h4>Configuring compile options</h4>
|
||
|
<p>
|
||
|
This is very important thing to set, most of your packages will be compiled with the settings you set in the
|
||
|
<span class="cdblk-m">/mnt/gentoo/etc/portage/make.conf</span>. I will show you some important things to set
|
||
|
for this guide. Use this <a href="https://wiki.gentoo.org/wiki//etc/portage/make.conf">wiki page</a>
|
||
|
for your invididual configuration as an help guide.
|
||
|
</p>
|
||
|
<br>
|
||
|
<p>
|
||
|
Most importantly don't forget to set your <span class="cdblk-m">-march=</span> to your CPU architecture. If you are
|
||
|
compiling on the computer that will the Gentoo used on then just set <span class="cdblk-m">-march=native</span> and
|
||
|
if not then go to this <a href="https://wiki.gentoo.org/wiki/Safe_CFLAGS">wiki page</a> and find the code for the CPU
|
||
|
that you will use this Gentoo installation on. In my case I will be setting <span class="cdblk-m">-march=westmere</span>.
|
||
|
</p>
|
||
|
<p>
|
||
|
You should also set your <span class="cdblk-m">CPU_FLAGS_X86</span> to your CPU flags. You can do it by booting into Gentoo
|
||
|
liveiso from an usb flash drive on the computer you will use this Gentoo installation on and running the
|
||
|
<span class="cdblk-m">cpuid2cpuflags</span> command to list all the tags.
|
||
|
</p>
|
||
|
<p>
|
||
|
Rust software is spreading like COVID-19 few years ago, so I would advise you to include
|
||
|
<span class="cdblk-m">RUSTFLAGS="${COMMON_FLAGS}"</span> in your make.conf.
|
||
|
</p>
|
||
|
<p>
|
||
|
You should also include this quality of life option that will automatically append these flags when you will go compile
|
||
|
something. <span class="cdblk-m">EMERGE_DEFAULT_OPTS="--ask --verbose"</span>
|
||
|
</p>
|
||
|
<p>
|
||
|
You will want to have faster downloads from the Gentoo mirrors. So you should set the <span class="cdblk-m">GENTOO_MIRRORS</span>
|
||
|
to the closest mirror there is to you. You can find mirrors by going to this <a href="https://www.gentoo.org/downloads/mirrors/">wiki page</a>.
|
||
|
</p>
|
||
|
<p>
|
||
|
You also will want to set the <span class="cdblk-m">VIDEO_CARD</span> option so your video drivers get compiled. I will use
|
||
|
the <span class="cdblk-m">VIDEO_CARDS="intel"</span> on my ThinkPad because it has an integeated GPU. If you don't know which
|
||
|
flag to set, go to this <a href="https://wiki.gentoo.org/wiki//etc/portage/make.conf#VIDEO_CARDS">wiki page</a> to find the
|
||
|
GPU flag you need.
|
||
|
</p>
|
||
|
<p>
|
||
|
For the Grub bootloader you will want to set <span class="cdblk-m">GRUB_PLATFORMS="pc"</span> since this guide is focused on
|
||
|
installation with legacy boot.
|
||
|
</p>
|
||
|
<p>
|
||
|
If you compile on a better CPU than the installation will be used on, you can set the <span>MAKE_OPTS="-j"</span> to the availabile
|
||
|
resources you have. I am compiling this installation on AMD Ryzen 7 so I will be using <span class="cdblk-m">MAKEOPTS="-j16"</span>.
|
||
|
Make sure you will adjust the -j number to the CPU your installation will be used on after you are done with installing Gentoo.
|
||
|
</p>
|
||
|
<p>
|
||
|
This is optional, but if you want to use only Free Software, you could opt to set <span class="cdblk-m">ACCEPT_LICENSE="-* @FREE"</span>.
|
||
|
I personally set this on all my machines.
|
||
|
</p>
|
||
|
<p>The last thing we will set are the USE flags. You can put there any compile options you want, but make sure you include these few
|
||
|
flags: <i>device-mapper, crypt, elogind</i>. You can add your flags that can be found on this
|
||
|
<a href="https://www.gentoo.org/support/use-flags/">wiki page</a>. </p>
|
||
|
<br>
|
||
|
<p>Here is an example of what I have:</p>
|
||
|
<pre style="white-space: pre-wrap;" class="cdblk">
|
||
|
COMMON_FLAGS="-O2 -march=westmere -pipe"
|
||
|
CFLAGS="${COMMON_FLAGS}"
|
||
|
CXXFLAGS="${COMMON_FLAGS}"
|
||
|
FCFLAGS="${COMMON_FLAGS}"
|
||
|
FFLAGS="${COMMON_FLAGS}"
|
||
|
RUSTFLAGS="${COMMON_FLAGS}"
|
||
|
CPU_FLAGS_X86="aes mmx mmxext pclmul popcnt sse sse2 sse3 sse3 sse4_1 sse4_2 ssse3"
|
||
|
|
||
|
EMERGE_DEFAULT_OPTS="--ask --verbose"
|
||
|
GENTOO_MIRRORS="https://mirror.wheel.sk/gentoo"
|
||
|
VIDEO_CARDS="intel"
|
||
|
GRUB_PLATFORMS="pc"
|
||
|
|
||
|
MAKEOPTS="-j16"
|
||
|
ACCEPT_LICENSE="-* @FREE"
|
||
|
USE="device-mapper crypt elogind eme-free bluetooth wifi X wayland pipewire sound-server pulseaudio screencast cdda dvd dvdr -ppp -systemd -telemetry -gnome"
|
||
|
|
||
|
LC_MESSAGES=C.utf8
|
||
|
</pre>
|
||
|
|
||
|
|
||
|
<br>
|
||
|
<h2>Installing the base system</h2>
|
||
|
<h4>Chrooting into the system</h4>
|
||
|
<p>Before chrooting into your system, you should copy the DNS info to your new installation so you can connect to internet.</p>
|
||
|
<p class="cdblk">cp --dereference /etc/resolv.conf /mnt/gentoo/etc/</p>
|
||
|
<p>Then create a temporary chrooting script <span class="cdblk-m">chroot.sh</span> which will contain these lines:</p>
|
||
|
|
||
|
<p class="cdblk">vim /mnt/gentoo/chroot.sh</p>
|
||
|
<pre class="cdblk">
|
||
|
mount --types proc /proc /mnt/gentoo/proc
|
||
|
mount --rbind /sys /mnt/gentoo/sys
|
||
|
mount --make-rslave /mnt/gentoo/sys
|
||
|
mount --rbind /dev /mnt/gentoo/dev
|
||
|
mount --make-rslave /mnt/gentoo/dev
|
||
|
mount --bind /run /mnt/gentoo/run
|
||
|
mount --make-slave /mnt/gentoo/run
|
||
|
|
||
|
# Uncomment three lines below if you are installing from non-gentoo installation media.
|
||
|
#test -L /dev/shm && rm /dev/shm && mkdir /dev/shm
|
||
|
#mount --types tmpfs --options nosuid,nodev,noexec shm /dev/shm
|
||
|
#chmod 1777 /dev/shm /run/shm
|
||
|
|
||
|
|
||
|
chroot /mnt/gentoo /bin/bash
|
||
|
source /etc/profile
|
||
|
export PS1="(chroot) ${PS1}"</pre>
|
||
|
|
||
|
<p>And run the script:</p>
|
||
|
<p class="cdblk">sh /mnt/gentoo/chroot.sh</p>
|
||
|
<p>After running this script, you should be chrooted in your new gentoo installation enviroment.</p>
|
||
|
<br>
|
||
|
<h4>Configuring portage</h4>
|
||
|
<p>We already have done some steps for configuring portage earlier, so we will skip them. Now, run these
|
||
|
two commands to configure the Gentoo ebuild repository:</p>
|
||
|
<p class="cdblk">mkdir --parents /etc/portage/repos.conf</p>
|
||
|
<p class="cdblk">cp /usr/share/portage/config/repos.conf /etc/portage/repos.conf/gentoo.conf</p>
|
||
|
<p>Now you have to download the Gentoo ebuild repository.</p>
|
||
|
<p class="cdblk">emerge-webrsync</p>
|
||
|
|
||
|
<br>
|
||
|
<h4>Selecting a profile</h4>
|
||
|
<p>
|
||
|
A profile is a set of specific use flags, variables and version ranges. You need to choose a profile that will
|
||
|
suit your use case. This installation is intended for desktop use, so I will select the
|
||
|
<span class="cdblk-m">default/linux/amd64/23.0/desktop</span> profile. To view profiles, you need to run this command:</p>
|
||
|
<p class="cdblk">eselect profile list</p>
|
||
|
<p>Output example: (my output)</p>
|
||
|
<pre class="cdblk">
|
||
|
[21] default/linux/amd64/23.0 (stable)
|
||
|
[22] default/linux/amd64/23.0/systemd (stable)
|
||
|
[23] default/linux/amd64/23.0/desktop (stable) *
|
||
|
[24] default/linux/amd64/23.0/desktop/systemd (stable)
|
||
|
[25] default/linux/amd64/23.0/desktop/gnome (stable)
|
||
|
</pre>
|
||
|
<p>It is most likely that the desktop profile is already selected if you have downloaded the desktop stage3 tarball.
|
||
|
If not, then run the command below with the option number at the end. Then the blue asterisk should move to your
|
||
|
selected option. For example, in my case I selected the number 23.</p>
|
||
|
<p class="cdblk">eselect profile set (your number)</p>
|
||
|
|
||
|
<br>
|
||
|
<h4>Updating the packages</h4>
|
||
|
<p>After doing changes to the use flags in make,conf, we will want to update our current packages so they are built in the
|
||
|
way we wanted to.</p>
|
||
|
<p class="cdblk">emerge --ask --verbose --update --deep --newuse @world</p>
|
||
|
<p>Now get rid of obsolete packages.</p>
|
||
|
<p class="cdblk">emerge --ask --depclean</p>
|
||
|
|
||
|
<br>
|
||
|
<h3>Setting the timezone</h3>
|
||
|
<p>If you want your system time to be correct, you should set your system's timezone. You can look at all the timezones availabile
|
||
|
by running this command:</p>
|
||
|
<p class="cdblk">ls -l /usr/share/zoneinfo</p>
|
||
|
<p>You can also ls deeper into the directory of your continent to see the availabile timezones.</p>
|
||
|
<p class="cdblk">ls -l /usr/share/zoneinfo/Europe</p>
|
||
|
<p>And then echo the timezone into the timezone file. For example, I will use <span class="cdblk-m">Europe/Bratislava</span>.</p>
|
||
|
<p class="cdblk">echo "(your timezone)" > /etc/timezone</p>
|
||
|
<p>And finally, finish it by emerging timezone-data.</p>
|
||
|
<p class="cdblk">emerge --config sys-libs/timezone-data</p>
|
||
|
|
||
|
<br>
|
||
|
<h3>Installing vim</h3>
|
||
|
<p>This is optional, but if you want to edit files using vim instead of nano, then emerge vim.</p>
|
||
|
<p class="cdblk">emerge vim</p>
|
||
|
|
||
|
<br>
|
||
|
<h3>Generating locale</h3>
|
||
|
<p>Now you will want to generate the locale by editing locale.gen. Just simply uncomment a line with your locale.</p>
|
||
|
<p class="cdblk">vim /etc/locale.gen</p>
|
||
|
<p>If you don't know how to type in locale code of your language, run this command to view supported locales:</p>
|
||
|
<p class="cdblk">less /usr/share/i18n/SUPPORTED</p>
|
||
|
<p>And now just generate the locale.</p>
|
||
|
<p class="cdblk">locale-gen</p>
|
||
|
|
||
|
<br>
|
||
|
<h3>Selecting locale</h3>
|
||
|
<p>Now list your locales with eselect. It is likely that your locale is already selected.</p>
|
||
|
<p class="cdblk">eselect locale list</p>
|
||
|
<p>And set your locale</p>
|
||
|
<p class="cdblk">eselect locale set (number of your option)</p>
|
||
|
<p>And now finally reload your enviroment using following command:</p>
|
||
|
<p class="cdblk">env-update && source /etc/profile && export PS1="(chroot) ${PS1}"</p>
|
||
|
|
||
|
<br>
|
||
|
<h2>Installing the kernel</h2>
|
||
|
<p>
|
||
|
Now it is time to install the core of the operating system, the kernel. It will have to be installed bit differently
|
||
|
than it is being done normally. You will have to use the <span class="cdblk-m">genkernel</span> command with few use
|
||
|
flags.<br>
|
||
|
You might want to use the <span class="cdblk-m">linux-firmware</span> package if you use proprietary drivers for wifi,
|
||
|
bluetooth, etc.. But even if you don't need it like me since I have atheros wifi card, you will need to set a
|
||
|
<span class="cdblk-m">-firmware</span> in the <span class="cdblk-m">/etc/portage/package.use/sys-kernel</span> file.
|
||
|
</p>
|
||
|
<br>
|
||
|
<h4>I need linux firmware</h4>
|
||
|
<p>If you use proprietary drivers, you will need the firmware. You need to add <span class="cdblk-m">~amd64</span>
|
||
|
keyword to the <span class="cdblk-m">package.accept_keywords</span> file. </p>
|
||
|
<p>Adding <span class="cdblk-m">~amd64</span> to the <span class="cdblk-m">/etc/portage/package.accept_keywords/sys-kernel</span> </p>
|
||
|
<p class="cdblk">echo "sys-kernel/linux-firmware ~amd64" >> /etc/portage/package.accept_keywords/sys-kernel</p>
|
||
|
|
||
|
<br>
|
||
|
<p><u>Only with @FREE ACCEPT_LICENSE option:</u> Adding license of the package to portage config. </p>
|
||
|
<p class="cdblk">echo "linux-fw-redistributable license(s)" >> /etc/portage/package.license/package.license</p>
|
||
|
<br>
|
||
|
<p>And then you just install the package.</p>
|
||
|
<p class="cdblk">emerge sys-kernel/linux-firmware</p>
|
||
|
|
||
|
<br>
|
||
|
<h4>I don't need linux firmware</h4>
|
||
|
<p>If you are based and you use devices with free drivers, then you will need to put <span class="cdblk-m">-firmware</span>
|
||
|
flag to the package.use. </p>
|
||
|
<p class="cdblk">echo "sys-kernel/genkernel -firmware" >> /etc/portage/package.use/sys-kernel</p>
|
||
|
|
||
|
<br>
|
||
|
<h4>Installing the kernel</h4>
|
||
|
<p>To install kernel, you will need to download two packages. The <span class="cdblk-m">genkernel</span> which is a tool
|
||
|
that automates building the kernel. And <span class="cdblk-m">gentoo-sources</span> which includes the kernel source.</p>
|
||
|
<p class="cdblk">emerge genkernel gentoo-sources</p>
|
||
|
<p>Before you can compile the kernel, you need to select it with the <span class="cdblk-m">eselect</span> command.
|
||
|
Do this command to list the availabile kernels:</p>
|
||
|
<p class="cdblk">eselect kernel list</p>
|
||
|
<p>And then select the kernel. In most cases it will be 1 in new installation.</p>
|
||
|
<p class="cdblk">eselect kernel set 1</p>
|
||
|
<p>After selecting the kernel, run this command that will start the compiltion of the kernel. The command contains
|
||
|
necessary flags for encrypted installation.<br><b>note:</b> this might take a long time.</p>
|
||
|
<p class="cdblk">genkernel --luks --lvm --busybox all</p>
|
||
|
|
||
|
<br>
|
||
|
<h2>Generating fstab</h2>
|
||
|
<p>All of your partitions that will be used in your system must be in the <span class="cdblk-m">/etc/fstab</span> file
|
||
|
where are all the mount points and options on how they should be mounted set.</p>
|
||
|
<p>Run the command <span class="cdblk-m">blkid</span> to find the UUIDs of your partitions.</p>
|
||
|
<p>Output example (my output):</p>
|
||
|
<pre class="cdblk" style="overflow-x: scroll;">
|
||
|
/dev/sdb4: UUID="52121e1c-c51c-4ffc-92bc-eb6423e736c8" TYPE="crypto_LUKS" PARTLABEL="Linux filesystem" PARTUUID="389956c6-89c7-4122-b45f-17e6256be3c9"
|
||
|
/dev/sdb2: UUID="8bee939e-50f2-41ba-b359-2070ec1511f1" BLOCK_SIZE="4096" TYPE="ext4" PARTLABEL="Linux filesystem" PARTUUID="eccfcd37-5a98-4e4b-ac18-f1194a9679b9"
|
||
|
/dev/sdb3: UUID="75fca4da-eb35-47f7-8696-ae9bbcf1c75c" TYPE="swap" PARTLABEL="Linux swap" PARTUUID="c99f141c-3cea-440c-beb6-cf7fa9c74a89"
|
||
|
/dev/sdb1: PARTLABEL="BIOS boot partition" PARTUUID="b1db83bd-94f0-452a-86bc-bf22a3277873"
|
||
|
/dev/mapper/root: UUID="1e0b2067-8937-47c0-9a5c-f200fe4607b8" UUID_SUB="1ff8b4f2-f1bb-4916-aea9-bdb7f0111584" BLOCK_SIZE="4096" TYPE="btrfs"
|
||
|
</pre>
|
||
|
<p>You will want to put your LUKS parition as root partition in the fstab, in my case it is <span class="cdblk-m">/dev/sdb4</span></p>
|
||
|
<p>Fill in the fstab file so it looks like the example below, just input your own UUIDs instead of the one shown in
|
||
|
example.</p>
|
||
|
<pre class="cdblk" style="overflow-x: scroll;">
|
||
|
# /dev/sdb4 (root)
|
||
|
UUID=52121e1c-c51c-4ffc-92bc-eb6423e736c8 / btrfs rw,relatime 0 0
|
||
|
|
||
|
# /dev/sdb2 (boot)
|
||
|
UUID=8bee939e-50f2-41ba-b359-2070ec1511f1 /boot ext4 rw,relatime 0 2
|
||
|
|
||
|
# Swap
|
||
|
UUID=75fca4da-eb35-47f7-8696-ae9bbcf1c75c none swap defaults 0 0
|
||
|
</pre>
|
||
|
<br>
|
||
|
<h2>Setting a hostname</h2>
|
||
|
<p>Setting a name of your device which is viewable on your local network.</p>
|
||
|
<p class="cdblk">echo ThinkPaw > /etc/hostname </p>
|
||
|
<br>
|
||
|
<h2>Installing DHCP</h2>
|
||
|
<p>If you want to use internet on your device, you will need to install this dhcp server and set startup of the
|
||
|
service on the system boot.</p>
|
||
|
<p class="cdblk">emerge --ask net-misc/dhcpcd</p>
|
||
|
<p class="cdblk">emerge --ask net-misc/dhcpcd</p>
|
||
|
<p class="cdblk">rc-service dhcpcd start</p>
|
||
|
<br>
|
||
|
<!-- hosts file here -->
|
||
|
<h2>Root password</h2>
|
||
|
<p>To set your root password, use the <span class="cdblk-m">passwd</span> command.</p>
|
||
|
<br>
|
||
|
<!-- rc config here -->
|
||
|
<h2>Installing useful tools</h2>
|
||
|
<p>You can skip this step, but it is pretty useful to install some of these packages. Especially these progs packages
|
||
|
</p>
|
||
|
<p class="cdblk">emerge --ask sys-fs/btrfs-progs sys-fs/e2fsprogs net-misc/chrony app-shells/bash-completion sys-apps/mlocate sys-process/dcron</p>
|
||
|
<p>Now enable the chrony service if you have installed it.</p>
|
||
|
<p class="cdblk">rc-update add chronyd default</p>
|
||
|
<p>If you want to use wifi on your computer, you should also install this package.</p>
|
||
|
<p class="cdblk">emerge --ask net-wireless/iw net-wireless/wpa_supplicant</p>
|
||
|
<br>
|
||
|
<h2>Installing bootloader</h2>
|
||
|
<p>After succesfuly finishing all the previous steps, you shall proceed to the installation of
|
||
|
grub. Grub is a software that helps you boot your system upon pressing the power button on your
|
||
|
pc.</p>
|
||
|
<p>Install the grub package and make sure you have <span class="cdblk-m">GRUB_PLATFORMS="pc"</span> in your
|
||
|
emerge configs.</p>
|
||
|
<p class="cdblk">emerge --ask --verbose sys-boot/grub</p>
|
||
|
<br>
|
||
|
<h4>Configuring grub</h4>
|
||
|
<p>Now you will need to configure your grub to work with encryption. You can find the configuration file at
|
||
|
<span class="cdblk-m">/etc/default/grub/grub</span>.</p>
|
||
|
<p>Your grub config should look something like this, change only the shown parameters. Make sure to put your LUKS partition instead of the one in my
|
||
|
example. It is the same UUID as in fstab root parition.</p>
|
||
|
<pre class="cdblk" style="overflow-x: scroll;">
|
||
|
...
|
||
|
GRUB_PRELOAD_MODULES='part_gpt part_msdos luks lvm'
|
||
|
GRUB_CMDLINE_LINUX='dolvm crypt_root=UUID=52121e1c-c51c-4ffc-92bc-eb6423e736c8 root_trim=yes rootfstype=btrfs'
|
||
|
GRUB_ENABLE_CRYPTODISK=y
|
||
|
...
|
||
|
</pre>
|
||
|
<p>Now generate grub config.</p>
|
||
|
<p class="cdblk">grub-mkconfig -o /boot/grub/grub.cfg</p>
|
||
|
<br>
|
||
|
<h2>Leaving the chroot</h2>
|
||
|
<p>Now that you are done, you will need to exit your installation enviroment safely.</p>
|
||
|
<p class="cdblk">exit</p>
|
||
|
<p class="cdblk">cd</p>
|
||
|
<p class="cdblk">umount -l /mnt/gentoo/dev{/shm,/pts,}</p>
|
||
|
<p class="cdblk">umount -R /mnt/gentoo</p>
|
||
|
<p>Now you can reboot your system.</p>
|
||
|
<p class="cdblk">reboot</p>
|
||
|
|
||
|
|
||
|
|
||
|
<center><h1>🚧UNDER CONSTRUCTION🚧</h1><p>The article is not finished</p></center>
|
||
|
|
||
|
|
||
|
</div> <!-- c-main end -->
|
||
|
</body>
|
||
|
</html>
|