Howto - Hybrid UEFI/Bios legacy Slackware 15.0 LVM - LUKS2 Full Disk Encryption (USB/minimal) installation
The following guide is a practical example on how to create a Hybrid UEFI/Bios legacy Slackware 15.0 LVM - LUKS2 Full Disk Encryption (USB drive) system using a bootstrap/network (minimal optional) installation.
That's a big mouth full, so what's available with this installation: - A bootstrap installation from an active Linux installation onto a new (USB) drive - It will use Full Disk Encryption using Luks 2 and Grub - There is an optional section on a multi tiered minimal Slackware installation - It will work out of the box on legacy bios and UEFI systems This will not generate a system that's bootable in a secure boot manner. Set secure boot to "Disabled/Other OS" to make this system start up and if you want or need to, re-enable it afterwards. Without further ado, let's get started! Create a directory for the Slackware bootstrap: mkdir slackware; cd slackwareFetch and extract Slackware's latest initrd image to acquire the minimal system: wget https://mirrors.slackware.com/slackw...nux/initrd.img -O - | xz -dc | cpio -idmvSet up the destination device (/dev/sdc in this case, adjust accordingly) correctly for all further intends and purposes: echo "export DUSB=/dev/sdc" > ./root/.bashrc; source ./root/.bashrcDouble check that you've entered the correct drive, because this drive will be completely formatted! Make sure the destination drive is not mounted at all: umount ${DUSB}*If you want you can wipe your drive in full, this may be beneficial to prevent old remnants interfering with the new system dd if=/dev/zero of=${DUSB} bs=4096 status=progressClear the destination drive. This can be omitted if you opted for the full wipe above. Be mindful and careful that you've entered the proper disk, don't wipe your system disk by mistake!: sgdisk -Z $DUSBCreate the neccesary partition table: sgdisk --clear \Reload and check the disk's partition setup: partprobe $DUSBFormat the Bios boot and EFI partition: mkdosfs -n MULTIBOOT ${DUSB}1Format and encrypt the main partition for LVM: cryptsetup -s 512 luksFormat --type luks2 --pbkdf pbkdf2 ${DUSB}4Configuring the physical volume (adjust the swap size to your liking): pvcreate /dev/mapper/slackpvPrepare for chroot: for d in dev sys proc; do mount --bind /$d ./$d; doneAnd chroot into the minimal Slackware system: chroot ./ /bin/bashStart the Slackware setup: setup- Pick /dev/slack/swap for your swap space - Pick /dev/slack/root for your root fs - Choose install from FTP/HTTP server Pick your favorite local mirror, I used: ftp://ftp.nluug.nl Fill out the proper source directory (check the url to see if it matches first): /pub/os/Linux/distr/slackware/slackware64-15.0/slackware64 Install Slackware as you see fit. Do make sure that Grub gets installed. [Optional minimal Slackware installation] Some users like to have their Linux installation be as mean and lean as possible. For Slackware it's much easier to just install the main categories in full and have a system that just works out of the box. As a little side project I've set up a quick and easy way to get a minimal installation that will give you the best of both worlds. If something isn't working down the line, run slackpkg file-search <missing file> to see what package is missing and subsequently install it. So, let's go Brandon, ehm, I meant, minimal install ;-): Only select the package series A and choose "menu" or "expert" option after that. Select only the packages that have "REQUIRED" at the end of the description and start the installation. Open a second root console and go to the slackware directory that you created in the beginning: cd slackware/mntCreate the following base installation file (feel free to add to these packages if you like): echo "# baseCreate this perl script to download the listed packages (adjust the mirror to suit your needs): echo '#!/usr/bin/perl -wMake this script executable: chmod +x smi.plAnd start it up: ./smi.plOnce the slackware installer is done with it's software and minimal configuration (do not exit it yet!), chroot into the newly installed system and let's supplement the installation with the downloaded packages (make sure you are still in the "slackware" directory): cd ..And install the packages: installpkg ./smi/*.txzRemove the files we just created/fetched: rm -rf smi* slackware-minimal.txtReturn to the regular Slackware installation program and choose "CONFIGURE" to reconfigure your Linux system after those packages where installed It's possible to get slackpkg up and update the system to the lastest packages right away: cp /etc/resolv.conf2 /etc/resolv.confUncomment your favorite mirror, save and exit, run: slackpkg updateUpgrade the packages to the latest iterations: slackpkg upgrade-allIf you want Network Manager functional in one go, run: slackpkg install NetworkManager nss libndp libgio glib2 icu4c nghttp2 sasl sqlite brotliFor more portability (Wi-Fi, full hardware support), this can be a USB drive installation after all, run: slackpkg install wpa_supplicant wireless_tools libnl3 newt pcre2 kernel-hugeThe NetworkManager applet in XFCE to connect to a wireless network will not prompt you for a password after clicking on the desired network with this basic installation. Right click on the applet and hit "edit connections", edit the Wi-Fi network you picked and after that fill out the password under the "Wi-Fi Security" tab. For a minimal X installation with XFCE to top it off (qt, kde and plasma items can be deselected): slackpkg install GConf Greybird ModemManager NetworkManager acl adwaita-icon-theme alsa-lib alsa-oss alsa-plugins at-spi2-atk at-spi2-core atk attr audiofile bash bin boost brotli bzip2 cairo coreutils cpio cups cups-filters cyrus-sasl dbus dbus-glib dbus-python dconf dconf-editor dcron dejavu-fonts-ttf desktop-file-utils devs dialog diffutils dmidecode dosfstools e2fsprogs egl-wayland elementary-xfce elogind etc eudev exfatprogs exo flac floppy font-alias font-misc-misc fontconfig freetype fribidi fuse fuse3 garcon gawk gcr gdk-pixbuf2 gdk-pixbuf2-xlib gegl gettext giflib glib glib-networking glib2 glibc glibc-i18n glibc-profile gnome-keyring gnome-themes-extra gnupg gnupg2 gnutls gptfdisk graphene graphite2 grep groff grub gsettings-desktop-schemas gtk+ gtk+2 gtk+3 gtk4 gtksourceview3 gtkspell gvfs gzip harfbuzz hicolor-icon-theme hostname hwdata iceauth icu4c infozip iproute2 iso-codes itstool jansson json-glib json-glib kernel-generic kernel-modules keybinder3 keyutils libICE libSM libX11 libXau libXaw libXcomposite libXcursor libXdamage libXdmcp libXext libXfixes libXfont2 libXft libXi libXinerama libXmu libXpm libXpresent libXrandr libXrender libXres libXt libXtst libXxf86vm libassuan libasyncns libdbusmenu libdbusmenu-qt libdrm libepoxy libevdev libexif libfontenc libgcrypt libglvnd libgnome-keyring libgpg-error libgphoto2 libinput libjpeg-turbo libmng libmnl libndp libnma libnotify libogg libpciaccess libpng libproxy librsvg libsecret libsndfile libsoup libtheora libtiff libtirpc libunistring libusb libusb-compat libvorbis libwacom libwebp libwnck libwnck3 libxcb libxfce4ui libxfce4util libxkbcommon libxkbfile libxklavier libxml2 libxshmfence libxslt libzip linuxdoc-tools lm_sensors logrotate lvm2 lz4 lzip m4 man-db man-pages mesa mkfontscale mlocate mousepad mozilla-nss mtdev nano nettle network-manager-applet network-scripts nghttp2 npth nss-pam-ldapd ntp openssh opus opus-tools orc p11-kit pam pango patch pavucontrol perl pixman pkgtools polkit polkit-gnome procps-ng pulseaudio rxvt-unicode sbc sdl sdparm sed setxkbmap shared-mime-info sharutils slackpkg smartmontools sound-theme-freedesktop speex speexdsp sqlite startup-notification sysvinit-scripts tango-icon-theme tango-icon-theme-extras tar texinfo upower utempter utf8proc util-linux vte wavpack wayland wayland-protocols x11-skel xauth xcb-util xcb-util-cursor xcb-util-errors xcb-util-image xcb-util-keysyms xcb-util-renderutil xcb-util-wm xf86-input-evdev xf86-input-libinput xfce xinit xkbcomp xkbevd xkeyboard-config xorg-server xorg-server-xephyr xorg-server-xnest xorg-server-xvfb xorg-server-xwayland xorgproto xrdb xtrans zlibTo get the audiomixer working in XFCE (pavucontrol) right off the bat, run: slackpkg install gtkmm3 atkmm glibmm pangomm cairomm libsigc libcanberraReconfigure your system one last time (in the main installation console) after installing these packages and move resolv2.conf over mv /etc/resolv.conf2 /etc/resolv.conf[/Optional minimal Slackware installation] Complete the setup without installing the (E)LILO bootloader. Upon exit select to *not* reboot and drop back to the root shell. Exit the initial chroot environment and chroot into the new installation (skip this and jump to crypt key file creation if you opted for the optional minimal installation): exitSet up and add a key file to cryptsetup for unlocking the drive during boot: dd bs=512 count=4 if=/dev/urandom of=/rei.keyPatch initrd to allow the key to become integrated into the initrd file: mkdir /tmp/initrd-tree wget https://gitlab.com/slackernetuk/slac...d_by_grub.diff patch init < key_file_in_the_initrd_and_drive_unlocked_by_grub.diffCreate a new initrd, capable of unlocking the drive with the generated keyfile: mkinitrd -c -k $(perl -e '(qx|ls /boot/vmlinuz-*|)[-1] =~/^.*-(\d\.\d+\.\d+).*$/; print $1;') -f ext4 -C "UUID=$(blkid -s UUID -o value ${DUSB}4)" -r /dev/slack/root -L -K /rei.key -h /dev/slack/swap -m usb-storage:xhci-hcd:xhci-pci:ohci-pci:ehci-pci:uhci-hcd:ehci-hcd:hid:usbhid:i2c-hid:hid_generic:hid-asus:hid-cherry:hid-logitech:hid-logitech-dj:hid-logitech-hidpp:hid-lenovo:hid-microsoft:hid_multitouch:jbd2:mbcache:crc32c_intel:crc32c_generic:ext4 -u -o /boot/initrd.gzAdd "-w 10" to the command above if you are installing this to a USB-drive [Sidenote] I find it convenient to have the command above in a file like initrd.sh and making it executable: printf "mkinitrd -c -k $(perl -e '(qx|ls /boot/vmlinuz-*|)[-1] =~/^.*-(\d\.\d+\.\d+).*$/; print $1;') -f ext4 -C "UUID=$(blkid -s UUID -o value ${DUSB}4)" -r /dev/slack/root -L -K /rei.key -h /dev/slack/swap -m usb-storage:xhci-hcd:xhci-pci:ohci-pci:ehci-pci:uhci-hcd:ehci-hcd:hid:usbhid:i2c-hid:hid_generic:hid-asus:hid-cherry:hid-logitech:hid-logitech-dj:hid-logitech-hidpp:hid-lenovo:hid-microsoft:hid_multitouch:jbd2:mbcache:crc32c_intel:crc32c_generic:ext4 -u -o /boot/initrd.gz" > /root/initrd.shChange the kernel version back to the perl command to obtain the latest kernel version: for instance "5.15.38" becomes "$(perl -e '(qx|ls /boot/vmlinuz-*|)[-1] =~/^.*-(\d\.\d+\.\d+).*$/; print $1;')" chmod +x /root/initrd.shRun that command manually or through that file. You should have a properly set up initial ramdisk now. After a kernel upgrade on the system you only have to run this command below. This is an example, don't run the grub command just yet!: /root/initrd.sh; grub-mkconfig -o /boot/grub/grub.cfg[/Sidenote] Edit /etc/default/grub and make the following changes, cryptdevice UUID comes from ${DUSB}4 (run: 'blkid -s UUID -o value ${DUSB}4' to get it): GRUB_CMDLINE_LINUX="cryptdevice=UUID=xxxxxxxx-xxxx-xxxx-xxxx-xxxxxxx:slackpv root=/dev/slack/root cryptkey=/rei.key resume=/dev/slack/swap" GRUB_ENABLE_CRYPTODISK=y If you are installing to a USB-drive, add this line: GRUB_DISABLE_OS_PROBER=true Uncomment to disable graphical terminal (needed for legacy bios grub loading the OS' grub.cfg without messing up the screen/fonts) GRUB_TERMINAL=console Generate the grub config file to boot the Slackware system grub-mkconfig -o /boot/grub/grub.cfgThe last bit of this installation is setting up grub for efi and legacy boot. Let's start by mounting the multiboot partition: mkdir /media/boot/Create the necessary subdirectories: mkdir -p /media/boot/boot/grubNext let's mount the efi partition: mkdir /boot/efiCreate the necessary subdirectories: mkdir -p /boot/efi/EFI/BOOTAdd a simple grub.cfg config file that hooks onto the main grub.cfg file and create the grub efi image: printf "cryptomount -u $(perl -e '$_ = qx|blkid -s UUID -o value \${DUSB}4|; s/-//g; print;')\nconfigfile (lvm/slack-root)/boot/grub/grub.cfg\n" > /media/boot/boot/grub/grub.cfgCopy the grub image to the multiboot partition: cp bootx64.efi /media/boot/EFI/BOOTInstallation for bios legacy boot: grub-install --target=i386-pc \We're pretty much done now: cd /Exit the chroot and start cleaning up: exitReboot and give your new system a whirl! Don't forget the cleanup after (as root and after cd'ing to the proper directerory) run: rm -rf slackwareAfter all of this you should have a robust hybrid BIOS/Legacy and UEFI Slackware installation up and running on this (USB) drive. Reboot your system and enjoy. This guide wouldn't have been possible without these amazing posts/guides: - https://blog.heckel.io/2017/05/28/cr...e-linux-system - https://gitlab.com/slackernetuk/slac.../luks-full.txt - https://www.normalesup.org/~george/c...ub_hybrid.html Further references: - https://www.linuxquestions.org/quest...sb-4175663008/ - https://www.gnu.org/software/grub/ma...iguration.html - https://bbs.archlinux.org/viewtopic.php?id=268460 |
All times are GMT -5. The time now is 11:53 PM. |