Void GNU+Linux Installation on Libreboot
Oct 31, 7528 O.SN.S.
Free Software GNU+Linux
Last modified: May 6, 2021
Preparing Disk
Create partition /dev/sda1
cfdisk /dev/sda
LUKS format it
cryptsetup -v --cipher serpent-xts-plain64 --key-size 512 --hash whirlpool --iter-time 500 --use-random --verify-passphrase --type luks1 luksFormat /dev/sda1
Open the LUKS partition
cryptsetup luksOpen /dev/sda1 lvm
Create the lvm physical volume
pvcreate /dev/mapper/lvm
Create the volume group
vgcreate matrix /dev/mapper/lvm
Create the logical volumes
lvcreate -L 16G matrix -n swapvol
lvcreate -l +100FREE matrix -n rootvol
If they were previously created then ensure they are active
lvscan
vgscan
vgchange -ay
Format the volumes
mkswap /dev/mapper/matrix-swapvol
mkfs.btrfs /dev/mapper/matrix-rootvol
Turn on swap
swapon /dev/matrix/swapvol
Mount the rootvol
mount -o noatime,nodiratime,compress=lzo,discard,ssd,defaults /dev/mapper/matrix-rootvol /mnt
Create the btrfs subvolumes
btrfs subvolume create /mnt/ROOT
btrfs subvolume create /mnt/home
Unmount the volume
umount /mnt
Remount the subvolumes
mount -o noatime,nodiratime,compress=lzo,discard,ssd,defaults,subvol=ROOT /dev/mapper/matrix-rootvol /mnt
mkdir /mnt/home
mount -o noatime,nodiratime,compress=lzo,discard,ssd,defaults,subvol=home /dev/mapper/matrix-rootvol /mnt/home
Installing the base system
Install base packages
xbps-install -Sy -R http://mirror.clarkson.edu/voidlinux/current -r /mnt base-voidstrap \
usbutils wpa_supplicant wifi-firmware ethtool acpid libgcc linux5.2 \
linux5.2-headers dracut grub grub-utils cryptsetup lvm2 btrfsprogs
Prepare to chroot into the system
for dir in dev proc sys; do
mount --rbind /$dir /mnt/$dir
done
Chroot into the system
chroot /mnt /bin/bash
Basic system setup
Set root account password
passwd root
Set ownership and permissions for the root directory
chown root:root /
chmod 755 /
Set the hostname
echo <your-hostname> > /etc/hostname
Add your user account
useradd -m -G <additional_groups> -s <login_shell> <username>
e.g.
useradd -m -G wheel,floppy,audio,video,cdrom,optical,kvm,xbuilder -s /bin/bash chris
Add a password
passwd <username>
Allow wheel group to use sudo
visudo
uncomment the following line
%wheel ALL=(ALL) ALL
Optionally uncomment the following line instead to allow the wheel group to use sudo without a password
%wheel ALL=(ALL) NOPASSWD:ALL
Set timezone, keymap, and hardwareclock in /etc/rc.conf
vi /etc/rc.conf
For example, add
HARDWARECLOCK="UTC"
TIMEZONE="America/New_York"
KEYMAP="us"
Set up locales
echo "LANG=en_US.UTF-8" > /etc/locale.conf
echo "en_US.UTF-8 UTF-8" >> /etc/default/libc-locales
xbps-reconfigure -f glibc-locales
Add your partitions to /etc/fstab
vi /etc/fstab
For example:
# <file system> <dir>   <type>  <options>		<dump>  <pass>
# Root
/dev/mapper/matrix-rootvol	/	btrfs	noatime,nodiratime,compress=lzo,space_cache,discard,ssd,defaults,subvol=ROOT	0	0
# /home
/dev/mapper/matrix-rootvol	/home	btrfs	noatime,nodiratime,compress=lzo,space_cache,discard,ssd,defaults,subvol=home	0	0
# Swap
/dev/mapper/matrix-swapvol	none	swap	defaults	0	0
If you are installing grub on the harddisk
for LUKS support append
rd.auto=1
and if you are using a keyfile append
rd.luks.key=/<key-file>
to
GRUB_CMDLINE_LINUX_DEFAULT
in /etc/default/grub
then install grub
grub-install /dev/sda
make a configuration
grub-mkconfig -o /boot/grub/grub.cfg
Add dracut modules for LUKS, lvm, and btrfs
LUKS
echo 'add_dracutmodules+=" crypt "' > /etc/dracut.conf.d/dracutmodules.conf
lvm
echo 'add_dracutmodules+=" lvm "' >> /etc/dracut.conf.d/dracutmodules.conf
btrfs
echo 'add_dracutmodules+=" btrfs "' >> /etc/dracut.conf.d/dracutmodules.conf
Also add the following, for dracut to only load the required config, but remove if it breaks the installation
echo 'hostonly=yes' > /etc/dracut.conf.d/hostonly.conf
Setup initrd, replacing with the version of the linux kernel installed earlier
xbps-reconfigure -f linux5.3
Exiting the chroot and rebooting
Exit the chroot
exit
Unmount the volumes
umount -R /mnt
Turn swap off
swapoff -a
Inactivate the logical volumes
vgchange -an
Close the LUKS device
cryptsetup luksClose lvm
Turn off
poweroff
Boot to grub commandline
Enter the following to attempt booting
cryptomount -a
set root=(lvm/matrix-rootvol)
linux /ROOT/boot/vmlinuz-5.3.10_1 rootflags=subvol=ROOT cryptdevice=/dev/sda1:root
initrd /ROOT/boot/initramfs-5.3.10_1.img
boot
Post-installation Configuration
Adding a keyfile for entering passphrase only once
Generate the keyfile
sudo dd if=/dev/urandom of=/etc/keyfile bs=1024 count=4
Make it read only for root
sudo chmod 0400 /etc/keyfile
Add the keyfile to LUKS
sudo cryptsetup luksAddKey /dev/sda1 /etc/keyfile
Include the keyfile in dracut initrd
echo 'install_items+=" /etc/keyfile "' > /etc/dracut.conf.d/dracutinstall.conf
xbps-reconfigure -f linux5.3
Create an entry in /etc/crypttab
# <name>	<device>	<password>	<options>
lvm	/dev/sda1	/etc/keyfile	luks
Include this keyfile in dracut initrd
echo 'install_items+=" /etc/crypttab "' >> /etc/dracut.conf.d/dracutinstall.conf
xbps-reconfigure -f linux5.3
Ensure rd.luks.crypttab is set in /etc/default/grub as above
Append
rd.luks.crypttab=1
to
GRUB_CMDLINE_LINUX_DEFAULT
Boot from grub commandline using the following
cryptomount -a
set root=(lvm/matrix-rootvol)
linux /ROOT/boot/vmlinuz-5.3.10_1 rootflags=subvol=ROOT rd.luks.crypttab=1
initrd /ROOT/boot/initramfs-5.3.10_1.img
boot