LinuxQuestions.org
Download your favorite Linux distribution at LQ ISO.
Go Back   LinuxQuestions.org > Forums > Linux Forums > Linux - Distributions > Gentoo
User Name
Password
Gentoo This forum is for the discussion of Gentoo Linux.

Notices


Reply
  Search this Thread
Old 03-16-2019, 09:09 PM   #1
FOSSilized_Daemon
LQ Newbie
 
Registered: Mar 2019
Posts: 10

Rep: Reputation: Disabled
[Gentoo] Advanced Partitioning


Hello everyone, I am working on my Gentoo installation and am currently setting up my partition scheme. My goal for this installation is to focus on security, privacy, minimalism and overall efficiency. I have been reading a lot of different material on partitioning, Gentoo Handbook, Archwiki and many different guides. I also watched a few different videos to see the different schemes people use and how they actually set them up. After watching Irish Luck's tutorial I went through and using his example wrote out a base for my partition scheme. A lot of it clicked really quick from back when I did my Void Linux, Arch Linux and other system installs. I, however, want to ask for some help doing a few things. The questions I have are as follows.

Is my current scheme correct? If not, what is incorrect and why?

How can I secure this more? What are more secure encryption options as well as partitioning schemes? (I have looked at the Gentoo Handbook page on dm-encrypt, but am just curious as to what you all recommed)

I really want to break this up more. For example, I want to move all root directories such as /etc/, /usr/ etc. to their own logical partition (using LVM). How would I do this? I have done this with /var/, /home/ and /swap/, but am not sure how to do it with all of these. I know /usr/ and /etc/ for example require more work than simply making them with LVM.

I am wanting to make a nice and secure system, I would love nothing more to have a setup where I do something like below.

Move the keys needed to boot to a boot partition stored on a USB, do the same LVM setup (with all directories setup as logical volumes) and still require a passphrase in order to finally decrypt the system.

The reason I can not to that is that I A) don't have a proper USB to dedicate to that and B) would like a more compact laptop before I do that (Also one without any closed source firmware such as IME, which sadley can't be removed from my T420 completly). Speaking of laptops, I should outline my setup a bit for better understanding. My main laptop is a Thinkpad T420 which currently runs OpenBSD and I have a spare laptop which is an OLD Toshiba. I am installing Gentoo to my old Toshiba right now as I need my T420 for work and school and am waiting to install Gentoo to my T420 unti I am more confident on it. With all this said here is my current partitioning scheme.

Code:
# start partitioning on /dev/sda:

	parted -a optimal /dev/sda

# use GPT for the partition table:

	mklabel gpt

# use mebibytes for unit size:

	unit mib

# create a new partition (primary):

	mkpart primary 1 3

# name partition 1 "bios_grub":

	name 1 bios_grub

# set partiton one on:

	set 1 bios_grub on

# create a new partition (primary):

	mkpart primary 3 515

# name partition 2 boot:

	name 2 boot

# set partition 2 on:

	set 2 BOOT on

# create a parition (primary):

	mkpart primary 515 -1

# name partition 3 "lvm":

	name 3 lvm

# set partition 3 on:

	set 3 lvm on

# print the partition scheme:

	print (make sure boot and esp is there)

# format partiton one in FAT32:

	mkfs.vfat /dev/sda1

# format partition two in ext2:

	mkfs.ext2 /dev/sda2

# encrypt partition three with luks:

	cryptsetup -v -y -c aes-xts-plain64 -s 512 -h sha512 -i 5000 --use-random luksFormat /dev/sda3

# verify the encryption:

	YES

# eneter decrypt passphrase:

	type in passphrase

# dump LUKS header to /dev/sda3:

	cryptsetup luksDump /dev/sda3

# initialize the volume set an initial key/passphrase:

	cryptsetup luksOpen /dev/sda3 gentoolv

# initialize partition for LVM:

	pvcreate /dev/mapper/gentoolv

# display attributes of the physical volume:

	pvdisplay

# create a volume group named "gentoovg":

	vgcreate gentoovg /dev/mapper/gentoolv

# display attributes of volume group "gentoovg":

	vgdisplay

## create logical volumes in existing group "gentoovg":

	# create logical volume swap:

		lvcreate -C y -L 4G gentoovg -n swap

	# create logical volume root:

		lvcreate -C y -L 70G gentoovg -n root

	# create logical volume var:

		lvcreate -C y -L 20G gentoovg -n var

	# create logical volume home:

		lvcreate -C y -L +100%FREE gentoovg -n home

# display attributes of a logical volumes:

		lvdisplay

# scan all disks for volume groups and rebuild caches:

	vgscan

# change attributes of a volume group and make the volume group known to the kernal:

	vgchange -ay

# set up a Linux swap area:

	mkswap /dev/mapper/gentoovg-swap

# enable device for paging and swapping:

	swapon /dev/mapper/gentoovg-swap

# display amount of free and used memory in the system in mebibytes:

	free -m

# format gentoovg-root in ext4:

	mkfs.ext4 /dev/mapper/gentoovg-root

# format gentoovg-var in ext4:

	mkfs.ext4 /dev/mapper/gentoovg-var

# format gentoovg-home in ext4:

	mkfs.ext4 /dev/mapper/gentoovg-home

# mount gentoovg-root to /mnt:

	mount /dev/mapper/gentoovg-root /mnt

# make boot directory on /mnt/gentoo:

	mkdir /mnt/gentoo/boot

# make home directory on /mnt/gentoo:

	mkdir /mnt/gentoo/home

# make var directory on /mnt/gentoo:

	mkdir /mnt/gentoo/var

# mount /dev/sda2 on /mnt/gentoo/boot:

	mount /dev/sda2 /mnt/gentoo/boot

# mount gentoovg-home on /mnt/gentoo/home:

	mount /dev/mapper/gentoovg-home /mnt/gentoo/home

# mount gentoovg-var on /mnt/gentoo/var:

	mount /dev/mapper/gentoovg-var /mnt/gentoo/var

# list block devices:

	lsblk
Let me explain some parts of this a bit more. I am using GPT as I want to get use to using GPT for when I get a bigger drive. The Toshiba system I am using to test out Gentoo and learn Gentoo does not support UEFI and only supports classic BIOS booting. I am using (or going to use) Grub2 as my bootloader and runit as my init system (only Grub2, no Plymoth and only runit no OpenRC). I am only wanting to ask about partitioning in this part however. Thank you all so much in advance, I am excited to get this partition scheme setup. I am also writting a little guide for myself as I work through the install. So far I only have setting up networking, looking forward to adding this. Thank you for reading.

EDIT: This has been solved on the official Gentoo forum.

EDIT II: Scratch that, this doesn't work. I goofed. The above questions still apply, but another issue has been found. Once I do mount /dev/mapper/gentoovg-root /mnt this breaks. I no longer have any commands except cd and can't finish my partitioning at all. Please help . I am just trying to get a good encrypted partition scheme that works, I am very bad at partitioning.

Last edited by FOSSilized_Daemon; 03-17-2019 at 05:38 PM.
 
Old 03-17-2019, 11:30 AM   #2
onebuck
Moderator
 
Registered: Jan 2005
Location: Summer Midwest USA, Central Illinois, Winter Central Florida
Distribution: SlackwareŽ
Posts: 13,344
Blog Entries: 30

Rep: Reputation: 2532Reputation: 2532Reputation: 2532Reputation: 2532Reputation: 2532Reputation: 2532Reputation: 2532Reputation: 2532Reputation: 2532Reputation: 2532Reputation: 2532
Moderator Response

It would be nice to have the solution here or at least a link to the solution.

Moved: This thread is more suitable in <Gentoo> and has been moved accordingly to help your thread/question get the exposure it deserves.
 
Old 03-17-2019, 03:47 PM   #3
FOSSilized_Daemon
LQ Newbie
 
Registered: Mar 2019
Posts: 10

Original Poster
Rep: Reputation: Disabled
Quote:
Originally Posted by onebuck View Post
It would be nice to have the solution here or at least a link to the solution.

Moved: This thread is more suitable in <Gentoo> and has been moved accordingly to help your thread/question get the exposure it deserves.
Apologies, I goofed and this is all wrong. I posted the new issue in an edit.
 
  


Reply


Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off



Similar Threads
Thread Thread Starter Forum Replies Last Post
Advanced format disks and partitioning msdobrescu Linux - Hardware 13 03-29-2017 12:10 PM
LXer: LinuxAndUbuntu Review Of Gentoo Linux - A Linux Distro For Advanced Users LXer Syndicated Linux News 0 10-25-2016 06:12 PM
Advanced(?) disk partitioning Edaph Linux - Hardware 1 11-29-2004 01:40 PM
Gentoo dual boot, fdisk partitioning. Nz_Boy_2004 Linux - Software 7 09-06-2004 02:13 AM
Better buying "advanced linux prog" or "unix advanced prog" Dominik Programming 3 12-31-2003 01:11 PM

LinuxQuestions.org > Forums > Linux Forums > Linux - Distributions > Gentoo

All times are GMT -5. The time now is 05:39 AM.

Main Menu
Advertisement
My LQ
Write for LQ
LinuxQuestions.org is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
Syndicate
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
Facebook: linuxquestions Google+: linuxquestions
Open Source Consulting | Domain Registration