Void GNU+Linux Installation on Libreboot

Oct 31, 7528 O.S
Nov 13, 2019 N.S.
Free Software GNU+Linux
Last modified: May 6, 2021

Preparing Disk

Create partition /dev/sda1

cfdisk /dev/sda

LUKS format it

cryptsetup -v --cipher serpent-xts-plain64 --key-size 512 --hash whirlpool --iter-time 500 --use-random --verify-passphrase --type luks1 luksFormat /dev/sda1

Open the LUKS partition

cryptsetup luksOpen /dev/sda1 lvm

Create the lvm physical volume

pvcreate /dev/mapper/lvm

Create the volume group

vgcreate matrix /dev/mapper/lvm

Create the logical volumes

lvcreate -L 16G matrix -n swapvol

lvcreate -l +100FREE matrix -n rootvol

If they were previously created then ensure they are active

lvscan
vgscan
vgchange -ay

Format the volumes

mkswap /dev/mapper/matrix-swapvol

mkfs.btrfs /dev/mapper/matrix-rootvol

Turn on swap

swapon /dev/matrix/swapvol

Mount the rootvol

mount -o noatime,nodiratime,compress=lzo,discard,ssd,defaults /dev/mapper/matrix-rootvol /mnt

Create the btrfs subvolumes

btrfs subvolume create /mnt/ROOT

btrfs subvolume create /mnt/home

Unmount the volume

umount /mnt

Remount the subvolumes

mount -o noatime,nodiratime,compress=lzo,discard,ssd,defaults,subvol=ROOT /dev/mapper/matrix-rootvol /mnt

mkdir /mnt/home

mount -o noatime,nodiratime,compress=lzo,discard,ssd,defaults,subvol=home /dev/mapper/matrix-rootvol /mnt/home

Installing the base system

Install base packages

xbps-install -Sy -R http://mirror.clarkson.edu/voidlinux/current -r /mnt base-voidstrap \
usbutils wpa_supplicant wifi-firmware ethtool acpid libgcc linux5.2 \
linux5.2-headers dracut grub grub-utils cryptsetup lvm2 btrfsprogs

Prepare to chroot into the system

for dir in dev proc sys; do
mount --rbind /$dir /mnt/$dir
done

Chroot into the system

chroot /mnt /bin/bash

Basic system setup

Set root account password

passwd root

Set ownership and permissions for the root directory

chown root:root /
chmod 755 /

Set the hostname

echo <your-hostname> > /etc/hostname

Add your user account

useradd -m -G <additional_groups> -s <login_shell> <username>

e.g.

useradd -m -G wheel,floppy,audio,video,cdrom,optical,kvm,xbuilder -s /bin/bash chris

Add a password

passwd <username>

Allow wheel group to use sudo

visudo

uncomment the following line

%wheel ALL=(ALL) ALL

Optionally uncomment the following line instead to allow the wheel group to use sudo without a password

%wheel ALL=(ALL) NOPASSWD:ALL

Set timezone, keymap, and hardwareclock in /etc/rc.conf

vi /etc/rc.conf

For example, add

HARDWARECLOCK="UTC"
TIMEZONE="America/New_York"
KEYMAP="us"

Set up locales

echo "LANG=en_US.UTF-8" > /etc/locale.conf
echo "en_US.UTF-8 UTF-8" >> /etc/default/libc-locales
xbps-reconfigure -f glibc-locales

Add your partitions to /etc/fstab

vi /etc/fstab

For example:

# <file system> <dir>   <type>  <options>		<dump>  <pass>
# Root
/dev/mapper/matrix-rootvol	/	btrfs	noatime,nodiratime,compress=lzo,space_cache,discard,ssd,defaults,subvol=ROOT	0	0
# /home
/dev/mapper/matrix-rootvol	/home	btrfs	noatime,nodiratime,compress=lzo,space_cache,discard,ssd,defaults,subvol=home	0	0
# Swap
/dev/mapper/matrix-swapvol	none	swap	defaults	0	0

If you are installing grub on the harddisk

for LUKS support append

rd.auto=1

and if you are using a keyfile append

rd.luks.key=/<key-file>

GRUB_CMDLINE_LINUX_DEFAULT

in /etc/default/grub

then install grub

grub-install /dev/sda

make a configuration

grub-mkconfig -o /boot/grub/grub.cfg

Add dracut modules for LUKS, lvm, and btrfs

LUKS

echo 'add_dracutmodules+=" crypt "' > /etc/dracut.conf.d/dracutmodules.conf

lvm

echo 'add_dracutmodules+=" lvm "' >> /etc/dracut.conf.d/dracutmodules.conf

btrfs

echo 'add_dracutmodules+=" btrfs "' >> /etc/dracut.conf.d/dracutmodules.conf

Also add the following, for dracut to only load the required config, but remove if it breaks the installation

echo 'hostonly=yes' > /etc/dracut.conf.d/hostonly.conf

Setup initrd, replacing with the version of the linux kernel installed earlier

xbps-reconfigure -f linux5.3

Exiting the chroot and rebooting

Exit the chroot

exit

Unmount the volumes

umount -R /mnt

Turn swap off

swapoff -a

Inactivate the logical volumes

vgchange -an

Close the LUKS device

cryptsetup luksClose lvm

Turn off

poweroff

Boot to grub commandline

Enter the following to attempt booting

cryptomount -a
set root=(lvm/matrix-rootvol)
linux /ROOT/boot/vmlinuz-5.3.10_1 rootflags=subvol=ROOT cryptdevice=/dev/sda1:root
initrd /ROOT/boot/initramfs-5.3.10_1.img
boot

Post-installation Configuration

Adding a keyfile for entering passphrase only once

Generate the keyfile

sudo dd if=/dev/urandom of=/etc/keyfile bs=1024 count=4

Make it read only for root

sudo chmod 0400 /etc/keyfile

Add the keyfile to LUKS

sudo cryptsetup luksAddKey /dev/sda1 /etc/keyfile

Include the keyfile in dracut initrd

echo 'install_items+=" /etc/keyfile "' > /etc/dracut.conf.d/dracutinstall.conf
xbps-reconfigure -f linux5.3

Create an entry in /etc/crypttab

# <name>	<device>	<password>	<options>
lvm	/dev/sda1	/etc/keyfile	luks

Include this keyfile in dracut initrd

echo 'install_items+=" /etc/crypttab "' >> /etc/dracut.conf.d/dracutinstall.conf
xbps-reconfigure -f linux5.3

Ensure rd.luks.crypttab is set in /etc/default/grub as above

Append

rd.luks.crypttab=1

GRUB_CMDLINE_LINUX_DEFAULT

Boot from grub commandline using the following

cryptomount -a
set root=(lvm/matrix-rootvol)
linux /ROOT/boot/vmlinuz-5.3.10_1 rootflags=subvol=ROOT rd.luks.crypttab=1
initrd /ROOT/boot/initramfs-5.3.10_1.img
boot