libreboot

Unnamed repository; edit this file 'description' to name the repository.
Log | Files | Refs | README

commit f31da43b40c6b51d3e54395ca5c6c94a28b1ea8f
parent 12588eaadcc964d7afeebebbb98e116d4090f945
Author: Leah Rowe <info@minifree.org>
Date:   Wed, 14 Jun 2017 11:39:25 +0000

Merge branch 'master' of esmith1412/libreboot into master

Diffstat:
docs/gnulinux/configuring_parabola.md | 356+++++++++++++++++++++++++++++++++----------------------------------------------
docs/gnulinux/encrypted_parabola.md | 513++++++++++++++++++++++++++++++++++---------------------------------------------
docs/gnulinux/grub_boot_installer.md | 211++++++++++++++++++++++++++++++++++---------------------------------------------
docs/gnulinux/grub_cbfs.md | 346+++++++++++++++++++++++++++++++++++--------------------------------------------
docs/gnulinux/index.md | 17+++++++----------
5 files changed, 614 insertions(+), 829 deletions(-)

diff --git a/docs/gnulinux/configuring_parabola.md b/docs/gnulinux/configuring_parabola.md @@ -1,29 +1,7 @@ -#Configuring Parabola (Post-Install) - -[**Edit this Page**](https://libreboot.org/git.html#editing-the-website-and-documentation-wiki-style) -- [Back to Previous Index](https://libreboot.org/docs/gnulinux/) - -* [Configure pacman](#configure_pacman) -* [Updating Parabola](#updating_parabola) -* [Maintaining Parabola](#maintaining_parabola) - * [Cleaning the Package Cache](#cleaning_cache) - * [pacman Command Equivalents](#command_equivalents) -* [your-freedom](#your_freedom) -* [Add a User](#add_user) - * [Configure sudo](#configure_sudo) -* [systemd](#systemd) -* [Interesting Repositories](#interesting_repositories) -* [Set Up a Network Connection in Parabola](#set_network_connection) - * [Set Hostname](#set_hostname) - * [Network Status](#network_status) - * [Network Device Names](#device_names) - * [Network Setup](#network_setup) -* [Configuring the Graphical Desktop Environment](#configure_desktop) - * [Installing Xorg](#installing_xorg) - * [Xorg keyboard layout](#xorg_layout) - * [Installing MATE](#installing_mate) - * [Configuring Network Manager in MATE](#mate_network_manager) - --- +title: Configuring Parabola (Post-Install) +x-toc-enable: true +... This is the guide for setting up Parabola GNU+Linux-Libre, after completing the installation steps outlined in [Installing Parabola or Arch GNU+Linux-Libre with Full-Disk Encryption (including /boot)](encrypted_parabola.md). @@ -52,8 +30,8 @@ also tell you to read wiki articles, other pages, manuals, and so on. In general, it tries to cherry-pick the most useful information, but nonetheless, you are encouraged to learn as much as possible. ->**NOTE: It might take you a few days to fully install your system how you like, ->depending on how much you need to read. Patience is key, especially for new users.** +**NOTE: It might take you a few days to fully install your system how you like, +depending on how much you need to read. Patience is key, especially for new users.** The Arch wiki will sometimes use bad language, such as calling the whole system Linux, using the term **open-source**/**closed-source**, @@ -65,53 +43,47 @@ for setting up the system (I'll go into networking later), just connect your system to a router, via an ethernet cable, and run the following command: -> # systemctl start dhcpcd.service + # systemctl start dhcpcd.service -You can stop it later (if needed), by using systemd's **`stop`** option: +You can stop it later (if needed), by using systemd's `stop` option: -> # systemctl stop dhcpcd.service + # systemctl stop dhcpcd.service For most people, this should be enough, but if you don't have DHCP enabled on your network, then you should setup your network connection first: [Set Up Network Connection in Parabola](#network). ---- - -##Configure pacman <a name="configure_pacman"></a> - -**`pacman`** (*pac*kage *man*ager) is the name of the package management system +## Configure pacman +`pacman` (*pac*kage *man*ager) is the name of the package management system in Arch, which Parabola (as a deblobbed, parallel effort) also uses. -Like with **`apt-get`** on Trisquel, Debian, or Devuan, this can be used to +Like with `apt-get` on Trisquel, Debian, or Devuan, this can be used to add, remove, and update the software on your computer. -For more information related to **`pacman`**, review the following articles on the Arch Wiki: +For more information related to `pacman`, review the following articles on the Arch Wiki: * [Configuring pacman](https://wiki.parabolagnulinux.org/Installation_Guide#Configure_pacman) * [Using pacman](https://wiki.archlinux.org/index.php/Pacman) * [Additional Repositories](https://wiki.parabolagnulinux.org/Official_Repositories>) ---- - -##Updating Parabola <a name="updating_parabola"></a> - -Parabola is kept up-to-date, using **`pacman`**. When you are updating Parabola, +## Updating Parabola +Parabola is kept up-to-date, using `pacman`. When you are updating Parabola, make sure to refresh the package list, *before* installing any new updates: -> # pacman -Syy + # pacman -Syy ->NOTE: According to the Wiki, **`-Syy`** is better than **`-Sy`**, because it refreshes ->the package list (even if it appears to be up-to-date), which can be useful ->when switching to another mirror. +**NOTE: According to the Wiki,** `-Syy` **is better than** `-Sy` **, because it refreshes +the package list (even if it appears to be up-to-date), which can be useful +when switching to another mirror.** Then, actually update the system: -> # pacman -Syu + # pacman -Syu -**NOTE: Before installing packages with** `pacman -S`, **always update first, +**NOTE: Before installing packages with** `pacman -S`**, always update first, using the two commands above.** Keep an eye out on the output, or read it in **/var/log/pacman.log**. -Sometimes, **`pacman`** will show messages about maintenance steps that you +Sometimes, `pacman` will show messages about maintenance steps that you will need to perform with certain files (typically configurations) after the update. Also, you should check both the [Parabola home page](https://www.parabola.nu/) and [Arch home page](https://www.archlinux.org/), to see if they mention any issues. If a new kernel is installed, you should also @@ -141,10 +113,7 @@ stable and trouble-free, so long as you are aware of how to check for issues, and are willing to spend some time fixing issues, in the rare event that they do occur (this is why Arch/Parabola provide such extensive documenatation). ---- - -##Maintaining Parabola <a name='maintaining_parabola'></a> - +## Maintaining Parabola Parabola is a very simple distro, in the sense that you are in full control, and everything is made transparent to you. One consequence is that you also need to know what you are doing, and what you have done @@ -156,22 +125,21 @@ You should also read the Arch wiki article on [System Maintenance](https://wiki. before continuing. Also, read their article on [enhancing system stability](https://wiki.archlinux.org/index.php/Enhance_system_stability). This is important, so make sure to read them both!* -Install **`smartmontools`**; it can be used to check smart data. HDDs use +Install `smartmontools`; it can be used to check smart data. HDDs use non-free firmware inside; it's transparent to you, but the smart data comes from it. Therefore, don't rely on it too much), and then read the Arch wiki [article](https://wiki.archlinux.org/index.php/S.M.A.R.T.) on it, to learn how to use it: -> # pacman -S smartmontools - -###Cleaning the Package Cache <a name=cleaning_cache'></a> + # pacman -S smartmontools +### Cleaning the Package Cache *This section provides a brief overview of how to manage the directory that stores a cache of all downloaded packages. For more information, check out the Arch Wiki guide for [Cleaning the Package Cache](https://wiki.archlinux.org/index.php/Pacman#Cleaning_the_package_cache).* -To clean out all old packages that are cached: +Here's how to use `pacman`, to clean out all old packages that are cached: -> # pacman -Sc + # pacman -Sc The Wiki cautions that this should be used with care. For example, since older packages are deleted from the repository, if you encounter issues @@ -181,36 +149,29 @@ caches available. Only do this ,if you are sure that you won't need it. The Wiki also mentions this method for removing everything from the cache, including currently installed packages that are cached: -> # pacman -Scc + # pacman -Scc This is inadvisable, since it means re-downloading the package again, if you wanted to quickly re-install it. This should only be used when disk space is at a premium. -###pacman Command Equivalents <a name='command_equivalents'></a> - +### pacman Command Equivalents If you are coming from another GNU+Linux distribution, you probably want to know -the command equivalents for the various **`apt-get`**-related commands that you often use. +the command equivalents for the various `apt-get`-related commands that you often use. For that information, refer to [Pacman/Rosetta](https://wiki.archlinux.org/index.php/Pacman/Rosetta), so named, because it serves as a Rosetta Stone to the esoteric pacman language. ---- - -##your-freedom <a name='your_freedom'></a> - -**`your-freedom`** is a package specific to Parabola, and it is installed by +## your-freedom +`your-freedom` is a package specific to Parabola, and it is installed by default. What it does is conflict with packages from Arch that are known to be non-free (proprietary) software. When migrating from Arch (there is a guide on the Parabola wiki for migrating (i.e,. converting) an existing Arch system to a Parabola system), installing it will also fail, if these packages are installed, citing them as conflicts; the recommended solution is then to delete the offending packages, and -continue installing **`your-freedom`**. - ---- - -##Add a User <a name='add_user'></a> +continue installing `your-freedom`. +## Add a User This is based on the Arch Wiki guide to [Users and Groups](https://wiki.archlinux.org/index.php/Users_and_Groups). It is important (for security reasons) to create and use a non-root @@ -220,56 +181,52 @@ access to the entire operating system. Read the entire document linked to above, and then continue. -Add your user with the **`useradd`** command (self explanatory): +Add your user with the `useradd` command (self explanatory): -> # useradd -m -G wheel -s /bin/bash *your_user_name* + # useradd -m -G wheel -s /bin/bash *your_user_name* -Set a password, using **`passwd`**: +Set a password, using `passwd`: -> # passwd *your_user_name* + # passwd *your_user_name* Like with the installation of Parabola, use of the [*diceware method*](http://world.std.com/~reinhold/diceware.html) is recommended, for generating secure passphrases. -###Configure sudo <a name='configure_sudo'></a> - -Now that we have a normal user account, we'll want to configure **`sudo`**, +### Configure sudo +Now that we have a normal user account, we'll want to configure `sudo`, so that user is able to run commands as **root** (e.g., installing software); this will be necessary to flash the ROM later on. Refer to the Arch wiki's [sudo](https://wiki.archlinux.org/index.php/Sudo) documentation. -The first step is to install the **`sudo`** package: +The first step is to install the `sudo` package: -> # pacman -S sudo + # pacman -S sudo After installation, we must configure it. To do so, we must modify **/etc/sudoers**. -This file must *always* be modified with the **`visudo`** command. **`visudo`** can be -difficult for beginners to use, so we'll want to edit the file with **`nano`**, +This file must *always* be modified with the `visudo` command. `visudo` can be +difficult for beginners to use, so we'll want to edit the file with `nano`, but the trick is that we just can't do this: -> # nano /etc/sudoers + # nano /etc/sudoers Because, this will cause us to edit the file directly, which is not the way it was designed to be edited, and could lead to problems with the system. -Instead, to temporarily allow us to use **`nano`** to edit the file, +Instead, to temporarily allow us to use `nano` to edit the file, we need to type this into the terminal: -> # EDITOR=nano visudo + # EDITOR=nano visudo -This will open the **/etc/sudoers** file in **`nano`**, and we can now safely make changes to it. +This will open the **/etc/sudoers** file in `nano`, and we can now safely make changes to it. -To give the user we created earlier to ability to use **`sudo`**, we need to navigate +To give the user we created earlier to ability to use `sudo`, we need to navigate to the end of the file, and add this line on the end: -> your_username ALL=(ALL) ALL + your_username ALL=(ALL) ALL Obviously, type in the name of the user you created, instead of **your_username**. -Save the file, and exit **`nano`**; your user now has the ability to use **`sudo`**. - ---- +Save the file, and exit `nano`; your user now has the ability to use `sudo`. -##systemd <a name='systemd'></a> - -**`systemd`** is the name of the program for managing services in Parabola; +## systemd +`systemd` is the name of the program for managing services in Parabola; It is a good idea to become familiar with it. Read the Arch Wiki article on [systemd](https://wiki.archlinux.org/index.php/systemd), as well as their [Basic systemctl usage](https://wiki.archlinux.org/index.php/systemd#Basic_systemctl_usage) article, to gain a full understanding. *This is very important! Make sure to read them.* @@ -280,16 +237,16 @@ a sound manager (to make sure you can hear sound through speakers or headphones) or DHCP (which allows you to get an IP address, to connect to the internet). These are just a few examples; there are countless others. -**`systemd`** is a controversial init system; [here](https://bbs.archlinux.org/viewtopic.php?pid=1149530#p1149530) +`systemd` is a controversial init system; [here](https://bbs.archlinux.org/viewtopic.php?pid=1149530#p1149530) is an explanation behind the Arch development team's decision to use it. The **manpage** should also help: -> # man systemd + # man systemd The section on **unit types** is especially useful. -According to the wiki, **`systemd's`** journal keeps logs of a size up to 10% of the +According to the wiki, `systemd's` journal keeps logs of a size up to 10% of the total size that your root partition takes up. On a 60GB root, this would mean 6GB. That's not exactly practical, and can have performance implications later, when the log gets too big. Based on instructions from the wiki, @@ -297,30 +254,30 @@ I will reduce the total size of the journal to 50MiB (that's what the wiki recom Open **/etc/systemd/journald.conf**, and find this line: -> #SystemMaxUse= + #SystemMaxUse= Change it to this: -> SystemMaxUse=50M + SystemMaxUse=50M -Restart **`journald`**: +Restart `journald`: -> # systemctl restart systemd-journald + # systemctl restart systemd-journald The wiki recommends that if the journal gets too large, you can also -simply delete (**`rm -Rf`**) everything inside **/var/log/journald**, but +simply delete (`rm -Rf`) everything inside **/var/log/journald**, but recommends backing it up. This shouldn't be necessary, since you -already set the size limit above, and **`systemd`** will automatically start +already set the size limit above, and `systemd` will automatically start to delete older records, when the journal size reaches it's limit (according to systemd developers). Finally, the wiki mentions **temporary files**, and the utility for managing them. -> # man systemd-tmpfiles + # man systemd-tmpfiles -To delete the temporary files, you can use the **`clean`** option: +To delete the temporary files, you can use the `clean` option: -> # systemd-tmpfiles --clean + # systemd-tmpfiles --clean According to the **manpage**, this *"cleans all files and directories with an age parameter"*. According to the Arch wiki, this reads information @@ -331,103 +288,94 @@ I looked in **/etc/tmpfiles.d/** and found that it was empty on my system. However, **/usr/lib/tmpfiles.d** contained some files. The first one was **etc.conf**, containing information and a reference to this **manpage**: -> # man tmpfiles.d + # man tmpfiles.d Read that **manpage**, and then continue studying all the files. -The **`systemd`** developers tell me that it isn't usually necessary -to manually touch the **`systemd-tmpfiles utility`**, at all. - ---- - -##Interesting Repositories <a name='interesting_repositories'></a> +The `systemd` developers tell me that it isn't usually necessary +to manually touch the `systemd-tmpfiles utility`, at all. +## Interesting Repositories In their [kernels](https://wiki.parabolagnulinux.org/Repositories#kernels) article, -the Parabola wiki mentions a repository called **`\[kernels\]`**, for custom kernels -that aren't in the default **`base`**. It might be worth looking into what is available there, +the Parabola wiki mentions a repository called `\[kernels\]`, for custom kernels +that aren't in the default **base**. It might be worth looking into what is available there, depending on your use case. I enabled it on my system, to see what was in it. Edit **/etc/pacman.conf**, -and below the **`extra`** section add: +and below the **extra** section add: -> [kernels] -> Include = /etc/pacman.d/mirrorlist* + [kernels] + Include = /etc/pacman.d/mirrorlist* Now, sync with the newly-added repository: -> # pacman -Syy + # pacman -Syy Lastly, list all available packages in this repository: -> # pacman -Sl kernels + # pacman -Sl kernels In the end, I decided not to install anything from it, but I kept the repository enabled regardless. ---- - -##Setup a Network Connection in Parabola <a name='set_network_connection'></a> - +## Setup a Network Connection in Parabola Read the Arch wiki guide to [Configuring the Network](https://wiki.archlinux.org/index.php/Configuring_Network). -###Set the Hostname <a name='set_hostname'></a> - +### Set the Hostname This should be the same as the hostname that you set in **/etc/hostname**, -when installing Parabola. You should also do it with **`systemd`**. +when installing Parabola. You should also do it with `systemd`. If you chose the hostname *parabola*, do it this way: -> # hostnamectl set-hostname parabola + # hostnamectl set-hostname parabola This writes the specified hostname to **/etc/hostname**. More information can be found in these **manpages**: -> # man hostname -> # info hostname -> # man hostnamectl + # man hostname + # info hostname + # man hostnamectl Check **/etc/hosts**, to make sure that the hostname that you put in there during installation is still on each line: -> 127.0.0.1 localhost.localdomain localhost parabola -> ::1 localhost.localdomain localhost parabola + 127.0.0.1 localhost.localdomain localhost parabola + ::1 localhost.localdomain localhost parabola You'll note that I set both lines; the second line is for IPv6. Since more and more ISPs are providing this now, it's good to be have it enabled, just in case. -The **`hostname`** utility is part of the **`inetutils`** package, and is in the **`core`** repository, -installed by default (as part of the **`base`** package). - -###Network Status <a name='network_status'></a> +The `hostname` utility is part of the `inetutils` package, and is in the **core** repository, +installed by default (as part of the **base** package). +### Network Status According to the Arch wiki, [udev](https://wiki.archlinux.org/index.php/Udev) should already detect the ethernet chipset, and automatically load the driver for it at boot time. -You can check this in the **`Ethernet controller`** section, when running the **`lspci`** command: +You can check this in the **Ethernet controller** section, when running the `lspci` command: -> # lspci -v + # lspci -v -Look at the remaining sections **`Kernel driver in use`** and **`Kernel modules`**. +Look at the remaining sections **Kernel driver in use** and **Kernel modules**. In my case, it was as follows: -> Kernel driver in use: e1000e -> Kernel modules: e1000e + Kernel driver in use: e1000e + Kernel modules: e1000e -Check that the driver was loaded, by issuing **`dmesg | grep module_name`**. +Check that the driver was loaded, by issuing `dmesg | grep module_name`. In my case, I did: -> # dmesg | grep e1000e - -###Network Device Names <a name='device_names'></a> + # dmesg | grep e1000e +### Network Device Names According to the Arch wiki guide on [Configuring Network Device Names](https://wiki.archlinux.org/index.php/Configuring_Network#Device_names), it is important to note that the old interface names that you might be used to -(e.g., **`eth0`**, **`wlan0`**, **`wwan0`**, etc.), if you come from a distribution like Debian or Trisquel, -are no longer applicable. Instead, **`systemd`** creates device names -starting with **`en`** (for ethernet), **`wl`** (for wi-fi), and **`ww`** (for wwan), +(e.g., `eth0`, `wlan0`, `wwan0`, etc.), if you come from a distribution like Debian or Trisquel, +are no longer applicable. Instead, `systemd` creates device names +starting with `en` (for ethernet), `wl` (for wi-fi), and `ww` (for wwan), with a fixed identifier that it automatically generates. -An example device name for your ethernet chipset would be **`enp0s25`**, +An example device name for your ethernet chipset would be `enp0s25`, and is never supposed to change. -If you want to enable the old names, the Arch wiki recommends adding **`net.ifnames=0`** +If you want to enable the old names, the Arch wiki recommends adding `net.ifnames=0` to your kernel parameters (in Libreboot context, this would be accomplished by following the instructions in [How to replace the default GRUB configuration file](grub_cbfs.md)). @@ -435,152 +383,143 @@ For background information, read [Predictable Network Interface Names](http://ww To show what the device names are for your system, run the following command: -> # ls /sys/class/net + # ls /sys/class/net [Changing the device names](https://wiki.archlinux.org/index.php/Configuring_Network#Change_device_name) is possible, but for the purposes of this guide, there is no reason to do it. -###Network Setup <a name='network_setup'></a> - +### Network Setup Aside from the steps mentioned above, I choose to ignore most of Networking section on the wiki; this is because I will be installing the *MATE Desktop Environment*, and thus will -be using the **`NetworkManger`** client (with its accompanying applet) to manage the network. +be using the `NetworkManger` client (with its accompanying applet) to manage the network. If you wish to choose a different program, here are some other [network manager options](https://wiki.archlinux.org/index.php/List_of_applications/Internet#Network_managers) that you could use. ---- - -##Configuring the Graphical Desktop Environment <a name='configure_desktop'></a> - +## Configuring the Graphical Desktop Environment Since we are going with the *MATE Desktop Environment*, we will primarily be following the instructions on the [Arch Linux Package Repository](https://wiki.mate-desktop.org/archlinux_custom_repo) page, but will also refer to the [General Recommendations](https://wiki.archlinux.org/index.php/General_recommendations#Graphical_user_interface) on the Arch wiki. -###Installing Xorg <a name='installing_xorg'></a> - +### Installing Xorg The first step is to install [**Xorg**](https://wiki.archlinux.org/index.php/Xorg); -this provides an implementation of the **`X Window System`**, which is used to provide +this provides an implementation of the `X Window System`, which is used to provide a graphical intefrace in GNU+Linux: -> # pacman -S xorg-server + # pacman -S xorg-server We also need to install the driver for our hardware. Since I am using a Thinkpad X200, -I will use **`xf86-video-intel`**; it should be the same on the other Thinkpads, +I will use `xf86-video-intel`; it should be the same on the other Thinkpads, as well as the Macbook 1,1 and 2,1. -> # pacman -S xf86-video-intel + # pacman -S xf86-video-intel For other systems, you can try: -> # pacman -Ss xf86-video- | less + # pacman -Ss xf86-video- | less -When this is combined with looking at your **`lspci`** output, you can determine which -driver is needed. By default, **`Xorg`** will revert to **`xf86-video-vesa`**, +When this is combined with looking at your `lspci` output, you can determine which +driver is needed. By default, `Xorg` will revert to `xf86-video-vesa`, which is a generic driver, and doesn't provide true hardware acceleration. -Other drivers (not just video) can be found by looking at the **`xorg-drivers`** group: - -> # pacman -Sg xorg-drivers +Other drivers (not just video) can be found by looking at the `xorg-drivers` group: -###Xorg Keyboard Layout <a name='xorg_layout'></a> + # pacman -Sg xorg-drivers -**`xorg`** uses a different configuration method for keyboard layouts than Parabola, +### Xorg Keyboard Layout +`xorg` uses a different configuration method for keyboard layouts than Parabola, so you will notice that the layout you set in **/etc/vconsole.conf** earlier might -not actually be the same in **`xorg`**. +not actually be the same in `xorg`. Check the Arch wiki's article on [Xorg's keyboard configuration](https://wiki.archlinux.org/index.php/Keyboard_configuration_in_Xorg), for more information. -To see what layout you currently use, try this on a terminal emulator in **`xorg`**: +To see what layout you currently use, try this on a terminal emulator in `xorg`: -> # setxkbmap -print -verbose 10 + # setxkbmap -print -verbose 10 I'm simply using the default Qwerty (US) keyboard, so there isn't anything I need to change here; if you do need to make any changes, the Arch wiki recommends two ways of doing it: manually updating [configuration files](https://wiki.archlinux.org/index.php/Keyboard_configuration_in_Xorg#Using_X_configuration_files) or using the [localectl](https://wiki.archlinux.org/index.php/Keyboard_configuration_in_Xorg#Using_localectl) command. -###Installing MATE <a name='installing_mate'></a> +### Installing MATE Now we have to install the desktop environment itself. According to the Arch Linux Package Repository, if we want all of the MATE Desktop, we need to install two packages: -> # pacman -Syy mate mate-extra + # pacman -Syy mate mate-extra -The last step is to install a Display Manager; for MATE, we will be using **`lightdm`** +The last step is to install a Display Manager; for MATE, we will be using `lightdm` (it's the recommended Display Manager for the MATE Desktop); for this, we'll follow the insructions [here](https://wiki.mate-desktop.org/archlinux_custom_repo#display_manager_recommended), -with one small change: the **`lightdm-gtk3-greeter`** package doesn't exist in Parabola's repositories. -So, instead we will install the **`lightdm-gtk-greeter`** package; it performs the same function. +with one small change: the `lightdm-gtk3-greeter` package doesn't exist in Parabola's repositories. +So, instead we will install the `lightdm-gtk-greeter` package; it performs the same function. -We'll also need the **`accountsservice`** package, which gives us the login window itself: +We'll also need the `accountsservice` package, which gives us the login window itself: -> # pacman -Syy lightdm-gtk3-greeter accountsservice + # pacman -Syy lightdm-gtk3-greeter accountsservice After installing all the required packages, we need to make it so that the MATE Desktop Environment -will start automatically, whenever we boot our computer; to do this, we have to enable the display manager, **`lightdm`**, -as well as the service that will prompt us with a login window, **`accounts-daemon`**: +will start automatically, whenever we boot our computer; to do this, we have to enable the display manager, `lightdm`, +as well as the service that will prompt us with a login window, `accounts-daemon`: -> # systemctl enable lightdm -> # systemctl enable accounts-daemon + # systemctl enable lightdm + # systemctl enable accounts-daemon Now you have installed the *MATE Desktop Environment*,If you wanted to install another desktop environment, check out some [other options](https://wiki.archlinux.org/index.php/Desktop_environment) on the the Arch wiki. -###Configuring Network Manager in MATE <a name='mate_network_manager'></a> +### Configuring Network Manager in MATE Now that we have installed the Mate Desktop environment, and booted into it, we need to set up the network configuration in our graphical environment. The MATE Desktop wiki recommends that we use Network Manager; the Arch wiki article about it can be found [here](https://wiki.archlinux.org/index.php/NetworkManager). -We need to install the Network Manager packages: +We need to install the NetworkManager package: -> # pacman -S networkmanager + # pacman -S networkmanager We will also need the Network Manager applet, which will allow us to manage our networks from the system tray: -> # pacman -S network-manager-applet + # pacman -S network-manager-applet Finally, we need to start the service (if we want to use it now), or enable it, (so that it will activate automatically, at startup). -> # systemctl enable NetworkManager.service + # systemctl enable NetworkManager.service -If you need VPN support, you will also want to install the **`networkmanager-openvpn`** package. +If you need VPN support, you will also want to install the `networkmanager-openvpn` package. ->**NOTE: You do not want multiple networking services running at the same time; ->they will conflict, so, if using Network Manager, you want to stop/disable any ->others from running. Examples of other services that will probably intefere ->with Network Manager are** `dhcpcd` **and** `wifi-menu`**.** +**NOTE: You do not want multiple networking services running at the same time; +they will conflict, so, if using Network Manager, you want to stop/disable any +others from running. Examples of other services that will probably intefere +with Network Manager are** `dhcpcd` **and** `wifi-menu`**.** You can see all currently-running services with this command: -> # systemctl --type=service + # systemctl --type=service And you can stop them using this command: -> # systemctl stop service_name.service + # systemctl stop service_name.service If you want to disable those services, meaning that you no longer want them to start -when the computer boots up, you will need to use **`systemctl's`** **`disable`** option, -instead of **`stop`**. +when the computer boots up, you will need to use `systemctl's` `disable` option, +instead of `stop`. Now you have a fully-functional graphical environment for your Parabola installation, including networking. All you have to do is reboot, and you will be prompted to log in, with a familiar graphical login prompt. You can also now, more easily [modify the GRUB configuration](grub_cbfs.md), install new applications, and/or make whatever other changes you want to your system. ---- - Copyright © 2014, 2015 Leah Rowe <info@minifree.org> Copyright © 2017 Elijah Smith <esmith1412@posteo.net> ---- - Permission is granted to copy, distribute and/or modify this document under the terms of the GNU Free Documentation License Version 1.3 or any later version published by the Free Software Foundation with no Invariant Sections, no Front Cover Texts, and no Back Cover Texts. -A copy of this license is found in [../fdl-1.3.md](../fdl-1.3.md)- \ No newline at end of file +A copy of this license is found in [../fdl-1.3.md](../fdl-1.3.md) + diff --git a/docs/gnulinux/encrypted_parabola.md b/docs/gnulinux/encrypted_parabola.md @@ -1,45 +1,11 @@ -# Installing Parabola or Arch GNU+Linux-Libre, with Full-Disk Encryption (including /boot) - --- +title: Installing Parabola or Arch GNU+Linux-Libre, with Full-Disk Encryption (including /boot) +x-toc-enable: true +... + -[**Edit this Page**](https://libreboot.org/git.html#editing-the-website-and-documentation-wiki-style) -- [Back to Previous Index](https://libreboot.org/docs/gnulinux/) - -1. [Minimum system requirements](#minumum_requirements) -2. [Preparation](#preparation) - * [Download the Parabola ISO](#download_iso) - * [Choose Installation Device](#installation_device) - * [Boot Parabola's Installation Environment](#boot_install_environment) -3. [Setting Up Keyboard Layout](#setting_keyboard_layout) -4. [Establish an Internet Connection](#establish_internet_connection) -5. [Prepare the Storage Device for Installation](#prepare_device) - * [Wipe Storage Device](#wipe_device) - * [Formatting the Storage Device](#format_device) - * [Create LUKS Partition](#create_luks_partition) - * [Create the Volume Group and Logical Volumes](#create_logical_volumes) - * [Make the root and swap Partitions Ready for Installation](#make_root_and_swap) - * [Create the /boot and /home Directories](#create_boot_and_home) -6. [Select a Mirror](#select_mirror) -7. [Install the Base System](#install_base_system) -8. [Generate an fstab](#generate_fstab) -9. [Chroot into and Configure the System](#chroot_and_configure) - * [Setting up the Locale](#locale) - * [Setting up the Consolefont and Keymap](#consolefont_keymap) - * [Setting up the Time Zone](#time_zone) - * [Setting up the Hardware Clock](#hardware_clock) - * [Setting up the Kernel Modules](#kernel_modules) - * [Setting up the Hostname](#set_up_hostname) - * [Configure the Network](#configure_network) - * [Set the root Password](#root_password) - * [Extra Security Tweaks](#security_tweaks) - * [Key Strengthening](#key_strengthening) - * [Restrict Access to Important Directories](#restrict_directory_access) - * [Lockout User After Three Failed Login Attempts](#lockout_user) -10. [Unmount All Partitions and Reboot](#unmount_reboot) -11. [Booting the New Installation, from GRUB](#grub_boot) -12. [Follow-Up Tutorial: Configuring Parabola](#follow_up) - -This guide covers how to install Parabola GNU+Linux-Libre, with full disk encryption -(including the boot directory): **/boot**. On most systems, **/boot** has +This guide covers how to install Parabola GNU+Linux-Libre, with full disk encryption, +including **/boot** (the boot directory). On most systems, **/boot** has to be left unencrypted, while the other partition(s) are encrypted. This is so that GRUB (and therefore the kernel) can be loaded and executed, because most firmware can’t open a LUKS volume; however, with libreboot, @@ -47,25 +13,18 @@ GRUB is already included as a [payload](http://www.coreboot.org/Payloads#GRUB_2) so even **/boot** can be encrypted; this protects **/boot** from tampering by someone with physical access to the system. ->**NOTE: This guide is *only* for the GRUB payload. ->If you use the depthcharge payload, ignore this section entirely.** +**NOTE: This guide is *only* for the GRUB payload. +If you use the depthcharge payload, ignore this section entirely.** This guide borrows heavily from the Parabola wiki, and will constantly link to it. For those new to Parabola GNU+Linux-Libre, check their [Beginner section](https://wiki.parabola.nu/Beginners%27_guide#Beginners) for an overview. ---- - - - -## Minumum Requirements <a name="minumum_requirements"></a> +## Minumum Requirements You can find the minimum requirements to run Parabola GNU+Linux [here](https://wiki.parabola.nu/Beginners%27_guide#Minimum_system_requirements). ---- +## Preparation - -## Preparation <a name="preparation"></a> - -###Download the latest ISO <a name="download_iso"></a> +### Download the latest ISO For this guide, I used the *2016.11.03* ISO; the most current image is available [here](https://wiki.parabola.nu/Get_Parabola#Main_live_ISO). If you are a complete beginner with GNU+Linux, choose the *Mate Desktop ISO*. @@ -73,23 +32,23 @@ it is easier to install Parabola with this version, because it allows you access to a web browser, so you can copy and paste commands right into the terminal, without worrying about typos. ->**NOTE: You should never blindly copy-and-paste any commands. In this guide, ->copying and pasting is to ensure that no errors are made when entering the commands, ->so that you don't effectively "brick" your installation, and have to start over. ->It's important to understand what each command does before you use it, ->so be sure to read the Parabola/Archi Wiki documentation on the command, ->as well as its** `man` **page.** +**NOTE: You should never blindly copy-and-paste any commands. In this guide, +copying and pasting is to ensure that no errors are made when entering the commands, +so that you don't effectively "brick" your installation, and have to start over. +It's important to understand what each command does before you use it, +so be sure to read the Parabola/Archi Wiki documentation on the command, +as well as its** `man` **page.** If you are not a beginner, choose the *Main Live ISO*. Only choose the *TalkingParabola ISO*, if you are blind or visually impaired. -###Choose the Installation Device <a name="installation_device"></a> +### Choose the Installation Device Refer to the Parabola wiki, for finding and choosing the proper installation device, whether you are using an [Optical Disk](https://wiki.parabola.nu/Beginners%27_guide#Optical_Disks), or a [USB drive](https://wiki.parabola.nu/Beginners%27_guide#USB_flash_drive). -###Boot Parabola's Install Environment <a name="boot_install_environment"></a> +### Boot Parabola's Install Environment After downloading the ISO, and creating some kind of bootable media, you will need to boot into the Live image. If you are unsure of how to do so, see [How to boot a GNU+Linux installer](grub_boot_installer.md), @@ -99,45 +58,37 @@ Once booted into the environment, either open the **`MATE Terminal`** applicatio (if using the MATE Desktop ISO), or simply just enter the commands listed below (if using any of the other ISO's). ---- - -## Setting Up Keyboard Layout <a name="setting_keyboard_layout"></a> +## Setting Up Keyboard Layout To begin the installation, you must first select the proper [keyboard layout](https://wiki.parabola.nu/Beginners%27_guide#Changing_Keyboard). ---- - -## Establish an Internet Connection <a name="establish_internet_connection"></a> +## Establish an Internet Connection You will also need to [set up a network connection](https://wiki.parabola.nu/Beginners%27_guide#Establish_an_internet_connection), to install packages. ---- - -##Preparing the Storage Device for Installation <a name="prepare_device"></a> +## Preparing the Storage Device for Installation You need to prepare the storage device that we will use to install the operating system. You can use same [device name](https://wiki.parabola.nu/Beginners%27_guide#USB_flash_drive) that you used earlier, to determine the installation device for the ISO. -###Wipe Storage Device <a name="wipe_device"></a> +### Wipe Storage Device You want to make sure that the device you're using doesn't contain any plaintext copies of your personal data. If the drive is new, then you can skip the rest of this section; if it's not new, then there are two ways to handle it: -1. If the drive were not previously encrypted, securely wipe it with the **`dd`** command; -you can either choose to fill it with zeroes or random data; I chose random data (e.g., **`urandom`**), +1. If the drive were not previously encrypted, securely wipe it with the `dd` command; +you can either choose to fill it with zeroes or random data; I chose random data (e.g., `urandom`), because it's more secure. Depending on the size of the drive, this could take a while to complete: ->> # dd if=/dev/urandom of=/dev/sdX; sync + # dd if=/dev/urandom of=/dev/sdX; sync 2. If the drive were previously encrypted, all you need to do is wipe the LUKS header. The size of the header depends upon the specific model of the hard drive; you can find this information by doing some research online. Refer to this [article](https://www.lisenet.com/2013/luks-add-keys-backup-and-restore-volume-header/), for more information about LUKS headers. +You can either fill the header with zeroes, or with random data; again, I chose random data, using `urandom`: ->You can either fill the header with zeroes, or with random data; ->again, I chose random data, using **`urandom`**: - ->> # head -c 3145728 /dev/urandom > /dev/sdX; sync + # head -c 3145728 /dev/urandom > /dev/sdX; sync Also, if you're using an SSD, there are a two things you should keep in mind: @@ -146,370 +97,349 @@ and there are security issues, if you do enable it. See [this page](https://wiki - Make sure to read [this article](https://wiki.archlinux.org/index.php/Solid_State_Drives), for information on managing SSD's in Arch Linux (the information applies to Parabola, as well). -###Formatting the Storage Device <a name="format_device"></a> +### Formatting the Storage Device Now that all the personal data has been deleted from the disk, it's time to format it. We'll begin by creating a single, large partition on it, and then encrypting it using LUKS. ->####Create the LUKS partition <a name="create_luks_partition"></a> -> ->You will need the **`device-mapper`** kernel module during the installation; ->this will enable us to set up our encrypted disk. To load it, use the following command: -> ->> # modprobe dm-mod -> ->We then need to select the **device name** of the drive we're installing the operating system on; ->see the above method, if needed, for figuring out device names. - ->Now that we have the name of the correct device, we need to create the partition on it. ->For this, we will use the **`cfdisk`** command: -> ->> # cfdisk /dev/sdX -> ->1. Use the arrow keys to select your partition, and if there is already a partition ->on the drive, select **Delete**, and then **New**. ->2. For the partition size, leave it as the default, which will be the entire drive. ->3. You will see an option for **Primary** or **Logical**; choose **Primary**, ->and make sure that the partition type is **Linux (83)**. ->4. Select **Write**; it will ask you if you are sure that you want to overwrite the drive. ->5. Type **yes**, and press enter. A message at the bottom will appear, telling you that ->the partition table has been altered. ->6. Select **Quit**, to return you to the main terminal. -> ->Now that you have created the partition, it's time to create the encrypted volume on it, ->using the **`cryptsetup`** command, like this: -> ->> # cryptsetup -v --cipher serpent-xts-plain64 --key-size 512 --hash whirlpool \ ->> >--iter-time 500 --use-random --verify-passphrase luksFormat /dev/sdXY -> ->These are just recommended defaults; if you want to use anything else, ->or to find out what options there are, run **`man cryptsetup`**. ->>**NOTE: the default iteration time is 2000ms (2 seconds), ->>if not specified when running the cryptsetup command. You should set a lower time than this; ->>otherwise, there will be an approximately 20-second delay when booting your ->>system. We recommend 500ms (0.5 seconds), and this is included in the ->>prepared** `cryptsetup` **command above. Keep in mind that the iteration time ->>is for security purposes (it mitigates brute force attacks), so anything lower ->>than 5 seconds is probably not very secure.** +#### Create the LUKS partition +You will need the `device-mapper` kernel module during the installation; +this will enable us to set up our encrypted disk. To load it, use the following command: ->You will now be prompted to enter a passphrase; be sure to make it *secure*. ->For passphrase security, length is more important than complexity ->(e.g., **correct-horse-battery-staple** is more secure than **bf20$3Jhy3**), ->but it's helpful to include several different types of characters ->(e.g., uppercase/lowercase letters, numbers, special characters). ->The password length should be as long as you are able to remember, ->without having to write it down, or store it anywhere. + # modprobe dm-mod ->Use of the [**diceware**](http://world.std.com/~reinhold/diceware.html) method ->is recommended, for generating secure passphrases (rather than passwords). +We then need to select the **device name** of the drive we're installing the operating system on; +see the above method, if needed, for figuring out device names. ->####Create the Volume Group and Logical Volumes <a name="create_logical_volumes"></a> ->The next step is to create two Logical Volumes within the LUKS-encrypted partition: ->one will contain your main installation, and the other will contain your swap space. +Now that we have the name of the correct device, we need to create the partition on it. +For this, we will use the `cfdisk` command: ->We will create this using, the [Logical Volume Manager (LVM)](https://wiki.archlinux.org/index.php/LVM). + # cfdisk /dev/sdX ->First, we need to open the LUKS partition, at **/dev/mapper/lvm**: +1. Use the arrow keys to select your partition, and if there is already a partition +on the drive, select **Delete**, and then **New**. +2. For the partition size, leave it as the default, which will be the entire drive. +3. You will see an option for **Primary** or **Logical**; choose **Primary**, +and make sure that the partition type is **Linux (83)**. +4. Select **Write**; it will ask you if you are sure that you want to overwrite the drive. +5. Type **yes**, and press enter. A message at the bottom will appear, telling you that +the partition table has been altered. +6. Select **Quit**, to return you to the main terminal. ->> # cryptsetup luksOpen /dev/sdXY lvm +Now that you have created the partition, it's time to create the encrypted volume on it, +using the `cryptsetup` command, like this: ->Then, we create LVM partition: + # cryptsetup -v --cipher serpent-xts-plain64 --key-size 512 --hash whirlpool \ + >--iter-time 500 --use-random --verify-passphrase luksFormat /dev/sdXY ->> # pvcreate /dev/mapper/lvm +These are just recommended defaults; if you want to use anything else, +or to find out what options there are, run `man cryptsetup`. ->Check to make sure tha the partition was created: +>**NOTE: the default iteration time is 2000ms (2 seconds), +>if not specified when running the cryptsetup command. You should set a lower time than this; +>otherwise, there will be an approximately 20-second delay when booting your +>system. We recommend 500ms (0.5 seconds), and this is included in the +>prepared** `cryptsetup` **command above. Keep in mind that the iteration time +>is for security purposes (it mitigates brute force attacks), so anything lower +>than 5 seconds is probably not very secure.** ->> # pvdisplay +You will now be prompted to enter a passphrase; be sure to make it *secure*. +For passphrase security, length is more important than complexity +(e.g., **correct-horse-battery-staple** is more secure than **bf20$3Jhy3**), +but it's helpful to include several different types of characters +(e.g., uppercase/lowercase letters, numbers, special characters). +The password length should be as long as you are able to remember, +without having to write it down, or store it anywhere. ->Next, we create the volume group, inside of which the logical volumes will ->be created. For this example, we will call this group **matrix**. You can call ->yours whatever you would like; just make sure that you remember its name: +Use of the [**diceware**](http://world.std.com/~reinhold/diceware.html) method +is recommended, for generating secure passphrases (rather than passwords). ->> # vgcreate matrix /dev/mapper/lvm +#### Create the Volume Group and Logical Volumes +The next step is to create two Logical Volumes within the LUKS-encrypted partition: +one will contain your main installation, and the other will contain your swap space. ->Check to make sure that the group was created: +We will create this using, the [Logical Volume Manager (LVM)](https://wiki.archlinux.org/index.php/LVM). ->> # vgdisplay +First, we need to open the LUKS partition, at **/dev/mapper/lvm**: ->Lastly, we need to create the logical volumes themselves, inside the volume group; ->one will be our swap, cleverly named **swapvol**, and the other will be our root partition, ->equally cleverly named as **root**. + # cryptsetup luksOpen /dev/sdXY lvm ->1. We will create the **swapvol** first (again, choose your own name, if you like). ->Also, make sure to [choose an appropriate swap size](http://www.linux.com/news/software/applications/8208-all-about-linux-swap-space) ->(e.g., **2G** refers to two gigabytes; change this however you see fit): ->> # lvcreate -L 2G matrix -n swapvol +Then, we create LVM partition: ->2. Now, we will create a single, large partition in the rest of the space, for **root**: ->> # lvcreate -l +100%FREE matrix -n root + # pvcreate /dev/mapper/lvm ->You can also be flexible here, for example you can specify a **/boot**, a **/**, ->a **/home**, a **/var**, or a **/usr** volume. For example, if you will be running a ->web/mail server then you want **/var** (where logs are stored) in its own partition, ->so that if it fills up with logs, it won't crash your system. ->For a home/laptop system (typical use case), just a root and a swap will do. +Check to make sure tha the partition was created: ->Verify that the logical volumes were created correctly: + # pvdisplay ->> # lvdisplay +Next, we create the volume group, inside of which the logical volumes will +be created. For this example, we will call this group **matrix**. You can call +yours whatever you would like; just make sure that you remember its name: ->####Make the root and swap Partitions Ready for Installation <a name="make_root_and_swap"></a> + # vgcreate matrix /dev/mapper/lvm ->The last steps of setting up the drive for installation are turning **swapvol** ->into an active swap partition, and formatting **root**. +Check to make sure that the group was created: ->To make **swapvol** into a swap partition, we run the **`mkswap`** (i.e., make swap) command: + # vgdisplay ->> # mkswap /dev/mapper/matrix-swapvol +Lastly, we need to create the logical volumes themselves, inside the volume group; +one will be our swap, cleverly named **swapvol**, and the other will be our root partition, +equally cleverly named as **root**. ->Activate the **swapvol**, allowing it to now be used as swap, ->using **`swapon`** (i.e., turn swap on) command: +1. We will create the **swapvol** first (again, choose your own name, if you like). +Also, make sure to [choose an appropriate swap size](http://www.linux.com/news/software/applications/8208-all-about-linux-swap-space) +(e.g., **2G** refers to two gigabytes; change this however you see fit): ->> # swapon /dev/matrix/swapvol + # lvcreate -L 2G matrix -n swapvol ->Now I have to format **root**, to make it ready for installation; ->I do this with the **`mkfs`** (i.e., make file system) command. ->I choose the **ext4** filesystem, but you could use a different one, ->depending on your use case: +2. Now, we will create a single, large partition in the rest of the space, for **root**: ->> # mkfs.ext4 /dev/mapper/matrix-root + # lvcreate -l +100%FREE matrix -n root ->Lastly, I need to mount **root**. Fortunately, GNU+Linux has a directory ->for this very purpose: **/mnt**: +You can also be flexible here, for example you can specify a **/boot**, a **/**, +a **/home**, a **/var**, or a **/usr** volume. For example, if you will be running a +web/mail server then you want **/var** (where logs are stored) in its own partition, +so that if it fills up with logs, it won't crash your system. +For a home/laptop system (typical use case), just a root and a swap will do. ->> # mount /dev/matrix/root /mnt +Verify that the logical volumes were created correctly: ->####Create the /boot and /home Directories <a name="create_boot_and_home"></a> + # lvdisplay ->Now that you have mounted **root**, you need to create the two most important ->folders on it: **/boot** and **/home**; these folder contain your boot files, ->as well as each user's personal documents, videos, etc.. +#### Make the root and swap Partitions Ready for Installation +The last steps of setting up the drive for installation are turning **swapvol** +into an active swap partition, and formatting **root**. ->Since you mounted **root** at **/mnt**, this is where you must create them; ->you will do so using **`mkdir`**: +To make **swapvol** into a swap partition, we run the `mkswap` (i.e., make swap) command: ->> # mkdir -p /mnt/home ->> # mkdir -p /mnt/boot + # mkswap /dev/mapper/matrix-swapvol ->You could also create two separate partitions for **/boot** and **/home**, ->but such a setup would be for advanced users, and is thus not covered in this guide. ->For more information on how to do this, refer to the Parabola/Arch wiki on [partitions](https://wiki.parabola.nu/Beginners%27_guide#Create_new_partition_table). +Activate the **swapvol**, allowing it to now be used as swap, +using `swapon` (i.e., turn swap on) command: ->The setup of the drive and partitions is now complete; it's time to actually install Parabola. + # swapon /dev/matrix/swapvol ---- +Now I have to format **root**, to make it ready for installation; +I do this with the `mkfs` (i.e., make file system) command. +I choose the **ext4** filesystem, but you could use a different one, +depending on your use case: + + # mkfs.ext4 /dev/mapper/matrix-root + +Lastly, I need to mount **root**. Fortunately, GNU+Linux has a directory +for this very purpose: **/mnt**: + + # mount /dev/matrix/root /mnt -## Select a Mirror <a name="select_mirror"></a> +#### Create the /boot and /home Directories +Now that you have mounted **root**, you need to create the two most important +folders on it: **/boot** and **/home**; these folder contain your boot files, +as well as each user's personal documents, videos, etc.. + +Since you mounted **root** at **/mnt**, this is where you must create them; +you will do so using `mkdir`: + + # mkdir -p /mnt/home + # mkdir -p /mnt/boot + +You could also create two separate partitions for **/boot** and **/home**, +but such a setup would be for advanced users, and is thus not covered in this guide. +For more information on how to do this, refer to the Parabola/Arch wiki on [partitions](https://wiki.parabola.nu/Beginners%27_guide#Create_new_partition_table). + +The setup of the drive and partitions is now complete; it's time to actually install Parabola. + +## Select a Mirror The first step of the actual installation is to choose the server from where we will need to download the packages; for this, we will again refer to the [Parabola Wiki](https://wiki.parabola.nu/Beginners%27_guide#Select_a_mirror). -For beginners, I recommend that the edit the file using **`nano`** (a command-line text editor); +For beginners, I recommend that the edit the file using `nano` (a command-line text editor); you can learn more about it [here](https://www.nano-editor.org/); for non-beginners, simply edit it with your favorite text editor. ---- - -## Install the Base System <a name="install_base_system"></a> +## Install the Base System We need to install the essential applications needed for your Parabola installation to run; refer to [Install the Base System](https://wiki.parabola.nu/Beginners%27_guide#Install_the_base_system), on the Parabola wiki. ---- - -## Generate an fstab <a name="generate_fstab"></a> +## Generate an fstab The next step in the process is to generate a file known as an **fstab**; the purpose of this file is for the operating system to identify the storage device used by your installation. [Here](https://wiki.parabola.nu/Beginners%27_guide#Generate_an_fstab) are the instructions to generate that file. ---- - -##Chroot into and Configure the System <a name="chroot_and_configure"></a> -Now, you need to **`chroot`** into your new installation, to complete the setup +## Chroot into and Configure the System +Now, you need to `chroot` into your new installation, to complete the setup and installation process. **Chrooting** refers to changing the root directory of an operating system to a different one; in this instance, it means changing your root directory to the one you created in the previous steps, so that you can modify files and install software onto it, as if it were the host operating system. -To **`chroot`** into your installation, follow the instructions [here](https://wiki.parabola.nu/Beginners%27_guide#Chroot_and_configure_the_base_system). +To `chroot` into your installation, follow the instructions [here](https://wiki.parabola.nu/Beginners%27_guide#Chroot_and_configure_the_base_system). -###Setting up the Locale <a name="locale"></a> +### Setting up the Locale Locale refers to the language that your operating system will use, as well as some other considerations related to the region in which you live. To set this up, follow the instructions [here](https://wiki.parabola.nu/Beginners%27_guide#Locale). -###Setting up the Consolefont and Keymap <a name="consolefont_keymap"></a> +### Setting up the Consolefont and Keymap This will determine the keyboard layout of your new installation; follow the instructions [here](https://wiki.parabola.nu/Beginners%27_guide#Console_font_and_keymap). -###Setting up the Time Zone <a name="time_zone"></a> +### Setting up the Time Zone You'll need to set your current time zone in the operating system; this will enable applications that require accurate time to work properly (e.g., the web browser). To do this, follow the instructions [here](https://wiki.parabola.nu/Beginners%27_guide#Time_zone). -###Setting up the Hardware Clock <a name="hardware_clock"></a> +### Setting up the Hardware Clock To make sure that your computer has the right time, you'll have to set the time in your computer's internal clock. Follow the instructions [here](https://wiki.parabola.nu/Beginners%27_guide#Hardware_clock) to do that. -###Setting up the Kernel Modules <a name="kernel_modules"></a> +### Setting up the Kernel Modules Now we need to make sure that the kernel has all the modules that it needs to boot the operating system. To do this, we need to edit a file called **mkinitcpio.conf**. More information about this file can be found [here](https://wiki.parabola.nu/Mkinitcpio), but for the sake of this guide, you simply need to run the following command. -> # nano /etc/mkinitcpio.conf + # nano /etc/mkinitcpio.conf There are several modifications that we need to make to the file: -1. Change the value of the uncommented **`MODULES`** line to **`i915`**. +1. Change the value of the uncommented `MODULES` line to `i915`. * This forces the driver to load earlier, so that the console font you selected earlier isn’t wiped out after getting to login. - * If you are using a **Macbook 2,1** you will also need to add **`hid-generic`**, - **`hid`**, and **`hid-apple`** inside the quotation marks, in order to have + * If you are using a **Macbook 2,1** you will also need to add `hid-generic`, + `hid`, and `hid-apple` inside the quotation marks, in order to have a working keyboard when asked to enter the LUKS password. Make sure to separate each module by one space. -2. Change the value of the uncommented **`HOOKS`** line to the following: - “**`base udev autodetect modconf block keyboard keymap consolefont encrypt lvm2 filesystems fsck shutdown`**”; +2. Change the value of the uncommented `HOOKS` line to the following: + “`base udev autodetect modconf block keyboard keymap consolefont encrypt lvm2 filesystems fsck shutdown`”; here's what each module does: - * **`keymap`** adds to *initramfs* the keymap that you specified in **/etc/vconsole.conf** - * **`consolefont`** adds to *initramfs* the font that you specified in **/etc/vconsole.conf** - * **`encrypt`** adds LUKS support to the initramfs - needed to unlock your disks at boot time - * **`lvm2`** adds LVM support to the initramfs - needed to mount the LVM partitions at boot time - * **`shutdown`** is needed according to Parabola wiki, for unmounting devices (such as LUKS/LVM) during shutdown + * `keymap` adds to *initramfs* the keymap that you specified in **/etc/vconsole.conf** + * `consolefont` adds to *initramfs* the font that you specified in **/etc/vconsole.conf** + * `encrypt` adds LUKS support to the initramfs - needed to unlock your disks at boot time + * `lvm2` adds LVM support to the initramfs - needed to mount the LVM partitions at boot time + * `shutdown` is needed according to Parabola wiki, for unmounting devices (such as LUKS/LVM) during shutdown After modifying the file and saving it, we need to update the kernel(s) with the new settings. Before doing this, we want to install a Long-Term Support (LTS) kernel as a backup, in the event that we encounter problems with the default Linux-Libre kernel (which is continually updated). -We will also install the **`grub`** package, which we will need later, +We will also install the `grub` package, which we will need later, to make our modifications to the GRUB configuration file: -> # pacman -S linux-libre-lts grub - -Then, we update both kernels like this: - -> # mkinitcpio -p linux-libre + # pacman -S linux-libre-lts grub -> # mkinitcpio -p linux-libre-lts +Then, we update both kernels like this, using the `mkinitcpio` command: -###Setting up the Hostname <a name="set_up_hostname"></a> + # mkinitcpio -p linux-libre + # mkinitcpio -p linux-libre-lts +### Setting up the Hostname Now we need to set up the hostname for the system; this is so that our device can be identified by the network. Refer to [this section](https://wiki.parabola.nu/Beginners%27_guide#Hostname) of the Parabola wiki's Beginner's Guide. You can make the hostname anything you like; for example, if you wanted to choose the hostname **parabola**, -you would run the **`echo`** command, like this: +you would run the `echo` command, like this: -> # echo parabola > /etc/hostname + # echo parabola > /etc/hostname And then you would modify **/etc/hosts** like this, adding the hostname to it: -> # nano /etc/hosts + # nano /etc/hosts -> #<ip-address> <hostname.domain.org> <hostname> -> 127.0.0.1 localhost.localdomain localhost parabola -> ::1 localhost.localdomain localhost parabola - -###Configure the Network <a name="configure_network"></a> + #<ip-address> <hostname.domain.org> <hostname> + 127.0.0.1 localhost.localdomain localhost parabola + ::1 localhost.localdomain localhost parabola +### Configure the Network Now that we have a hostname, we need to configure the settings for the rest of the network. Instructions for setting up a wired connection are [here](https://wiki.parabola.nu/Beginners%27_guide#Wired), and instructions for setting up a wireless connection are [here](https://wiki.parabola.nu/Beginners%27_guide#Wireless_2). -###Set the root Password <a name="root_password"></a> +### Set the root Password The **root** account has control over all the files in the computer; for security, we want to protect it with a password. The password requirements given above, -for the LUKS passphrase, apply here as well. You will set this password with the **`passwd`** command: - -> # passwd +for the LUKS passphrase, apply here as well. You will set this password with the `passwd` command: -###Extra Security Tweaks <a name="security_tweaks"></a> + # passwd +### Extra Security Tweaks There are some final changes that we can make to the installation, to make it significantly more secure; these are based on the [Security](https://wiki.archlinux.org/index.php/Securit) section of the Arch wiki. ->####Key Strengthening <a name="key_strengthening"></a> - ->We will want to open the configuration file for password settings, and increase ->the strength of our **root** password: - ->> # nano /etc/pam.d/passwd - ->Add **`rounds=65536`** at the end of the uncommented 'password' line; in simple terms, ->this will force an attacker to take more time with each password guess, mitigating ->the threat of brute force attacks. - ->####Restrict Access to Important Directories <a name="restrict_directory_access"></a> +#### Key Strengthening +We will want to open the configuration file for password settings, and increase +the strength of our **root** password: ->You can prevent any user, other than the root user, from accessing the most important ->directories in the system, using the **`chmod`** command; to learn more about this command, ->run **`man chmod`**: + # nano /etc/pam.d/passwd ->> # chmod 700 /boot /etc/{iptables,arptables} +Add `rounds=65536` at the end of the uncommented 'password' line; in simple terms, +this will force an attacker to take more time with each password guess, mitigating +the threat of brute force attacks. ->####Lockout User After Three Failed Login Attempts <a name="lockout_user"></a> +#### Restrict Access to Important Directories +You can prevent any user, other than the root user, from accessing the most important +directories in the system, using the `chmod` command; to learn more about this command, +run `man chmod`: ->We can also setup the system to lock a user's account, after three failed login attempts. + # chmod 700 /boot /etc/{iptables,arptables} ->To do this, we will need to edit the file **/etc/pam.d/system-login**, ->and comment out this line: +#### Lockout User After Three Failed Login Attempts +We can also setup the system to lock a user's account, after three failed login attempts. ->> auth required pam\_tally.so onerr=succeed file=/var/log/faillog*\ +To do this, we will need to edit the file **/etc/pam.d/system-login**, +and comment out this line: ->You could also just delete it. Above it, put the following line: + auth required pam\_tally.so onerr=succeed file=/var/log/faillog*\ ->> auth required pam\_tally.so deny=2 unlock\_time=600 onerr=succeed file=/var/log/faillog +You could also just delete it. Above it, put the following line: ->This configuration will lock the user out for ten minutes. ->You can unlock a user's account manually, using the **root** account, with this command: + auth required pam\_tally.so deny=2 unlock\_time=600 onerr=succeed file=/var/log/faillog ->> # pam_tally --user *theusername* --reset +This configuration will lock the user out for ten minutes. +You can unlock a user's account manually, using the **root** account, with this command: ---- - -##Unmount All Partitions and Reboot <a name="unmount_reboot"></a> + # pam_tally --user *theusername* --reset +## Unmount All Partitions and Reboot Congratulations! You have finished the installation of Parabola GNU+Linux-Libre. Now it is time to reboot the system, but first, there are several preliminary steps: -Exit from **`chroot`**, using the **`exit`** command: +Exit from `chroot`, using the `exit` command: -> # exit + # exit Unmount all of the partitions from **/mnt**, and "turn off" the swap volume: -> # umount -R /mnt -> # swapoff -a + # umount -R /mnt + # swapoff -a Deactivate the **root** and **swapvol** logical volumes: -> # lvchange -an /dev/matrix/root -> # lvchange -an /dev/matrix/swapvol + # lvchange -an /dev/matrix/root + # lvchange -an /dev/matrix/swapvol Lock the encrypted partition (i.e., close it): -> # cryptsetup luksClose lvm + # cryptsetup luksClose lvm Shutdown the machine: -> # shutdown -h now + # shutdown -h now After the machine is off, remove the installation media, and turn it on. ---- - -##Booting the New Installation, from GRUB <a name="grub_boot"></a> - +## Booting the New Installation, from GRUB When starting your installation for the first time, you have to manually boot the system by entering a series of commands into the GRUB command line. -After the computer starts, Press **C** to bring up the GRUB command line. +After the computer starts, Press `C` to bring up the GRUB command line. You can either boot the normal kernel, or the LTS kernel we installed; here are the commands for the normal kernel: -> grub> cryptomount -a -> grub> set root='lvm/matrix-root' -> grub> linux /boot/vmlinuz-linux-libre root=/dev/matrix/root cryptdevice=/dev/sda1:root -> grub> initrd /boot/initramfs-linux-libre.img -> grub> boot + grub> cryptomount -a + grub> set root='lvm/matrix-root' + grub> linux /boot/vmlinuz-linux-libre root=/dev/matrix/root cryptdevice=/dev/sda1:root + grub> initrd /boot/initramfs-linux-libre.img + grub> boot If you're trying to boot the LTS kernel, simply add **-lts** to the end of each command that contains the kernel (e.g., **/boot/vmlinuz-linux-libre** @@ -521,10 +451,7 @@ the** `cryptomount -a` **command to fail, as well as the error** `AHCI transfer the workaround was to remove the DVD drive (if using the UltraBase, then the whole device must be removed).** ---- - -##Follow-Up Tutorial: Configuring Parabola <a name="follow_up"></a> - +## Follow-Up Tutorial: Configuring Parabola The next step of the setup process is to modify the configuration file that GRUB uses, so that we don't have to manually type in those commands above, each time we want to boot our system. @@ -542,18 +469,15 @@ read [The Arch Way](https://wiki.archlinux.org/index.php/The_Arch_Way) (Parabola After setting up the graphical interface, refer to [How to Modify GRUB Configuration](grub_cbfs.md), for instructions on doing just that, as well as flashing the ROM (if necessary). ---- - Copyright © 2014, 2015, 2016 Leah Rowe <info@minifree.org> Copyright © 2015 Jeroen Quint <jezza@diplomail.ch> Copyright © 2017 Elijah Smith <esmith1412@posteo.net> ---- - Permission is granted to copy, distribute and/or modify this document under the terms of the GNU Free Documentation License Version 1.3 or any later version published by the Free Software Foundation with no Invariant Sections, no Front Cover Texts, and no Back Cover Texts. -A copy of this license is found in [../fdl-1.3.md](../fdl-1.3.md)- \ No newline at end of file +A copy of this license is found in [../fdl-1.3.md](../fdl-1.3.md) + diff --git a/docs/gnulinux/grub_boot_installer.md b/docs/gnulinux/grub_boot_installer.md @@ -1,224 +1,195 @@ --- -title: How to install GNU+Linux on a libreboot system +title: How to Install GNU+Linux on a Libreboot System x-toc-enable: true ... -This section relates to preparing, booting and installing a GNU+Linux -distribution on your libreboot system, using nothing more than a USB -flash drive (and `dd`). +This section relates to preparing and booting a Live USB for several +GNU+Linux distributions, on your Libreboot system, using nothing more than a USB +flash drive and the `dd` utility. For information on installing GNU+Linux, +refer to [this page](index.md). *This section is only for the GRUB payload. For depthcharge (used on CrOS devices in libreboot), instructions have yet to be written in the libreboot documentation.* -Prepare the USB drive (in GNU+Linux) ------------------------------------- - -If you downloaded your ISO on an existing GNU+Linux system, here is how +## Prepare the USB Drive (in GNU+Linux) +If you downloaded your ISO while on an existing GNU+Linux system, here is how to create the bootable GNU+Linux USB drive: -Connect the USB drive. Check dmesg: +Connect the USB drive. Check `dmesg`: - $ dmesg + $ dmesg -Check lsblk to confirm which drive it is: +Check `lsblk`, to confirm which drive it is: - $ lsblk + $ lsblk Check that it wasn't automatically mounted. If it was, unmount it. For example: - $ sudo umount /dev/sdX\* - # umount /dev/sdX\* + $ sudo umount /dev/sdX\* -dmesg told you what device it is. Overwrite the drive, writing your -distro ISO to it with dd. For example: +`dmesg` told you what device it is. Overwrite the drive, writing your +distro ISO to it with `dd`. Here is an example: - $ sudo dd if=gnulinux.iso of=/dev/sdX bs=8M; sync - # dd if=gnulinux.iso of=/dev/sdX bs=8M; sync + $ sudo dd if=gnulinux.iso of=/dev/sdX bs=8M; sync You should now be able to boot the installer from your USB drive. Continue reading, for information about how to do that. -Prepare the USB drive (in NetBSD) ---------------------------------- - -[This -page](https://wiki.netbsd.org/tutorials/how_to_install_netbsd_from_an_usb_memory_stick/) -on the NetBSD website shows how to create a NetBSD bootable USB drive -from within NetBSD itself. You should use the *dd* method documented -there. This will also work with any GNU+Linux ISO image. - -Prepare the USB drive (in FreeBSD) ----------------------------------- +## Prepare the USB drive (in NetBSD) +[This page](https://wiki.netbsd.org/tutorials/how_to_install_netbsd_from_an_usb_memory_stick/) +on the NetBSD website shows how to create a NetBSD bootable USB drive, +from within NetBSD itself. You should use the `dd` method documented there. +This will also work with any GNU+Linux ISO image. +## Prepare the USB drive (in FreeBSD) [This page](https://www.freebsd.org/doc/handbook/bsdinstall-pre.html) on the FreeBSD website shows how to create a bootable USB drive for -installing FreeBSD. Use the *dd* on that page. You can also use the same -instructions with any GNU+Linux ISO image.. - -Prepare the USB drive (in LibertyBSD or OpenBSD) ------------------------------------------------- +installing FreeBSD. Use the `dd` command format on that page. +You can also use the same instructions with any GNU+Linux ISO image.. +## Prepare the USB drive (in LibertyBSD or OpenBSD) If you downloaded your ISO on a LibertyBSD or OpenBSD system, here is how to create the bootable GNU+Linux USB drive: -Connect the USB drive. Check dmesg: +Connect the USB drive. Check `dmesg`: - $ dmesg | tail + $ dmesg | tail -Check to confirm which drive it is, for example, if you think its sd3: +Check to confirm which drive it is, for example, if you think its **sd3**: - $ disklabel sd3 + $ disklabel sd3 Check that it wasn't automatically mounted. If it was, unmount it. For example: - $ doas umount /dev/sd3i + $ doas umount /dev/sd3i -dmesg told you what device it is. Overwrite the drive, writing the -OpenBSD installer to it with dd. For example: +`dmesg` told you what device it is. Overwrite the drive, writing the +OpenBSD installer to it with `dd`. For example: - $ doas dd if=gnulinux.iso of=/dev/rsdXc bs=1M; sync + $ doas dd if=gnulinux.iso of=/dev/rsdXc bs=1M; sync You should now be able to boot the installer from your USB drive. Continue reading, for information about how to do that. -Installing GNU+Linux with full disk encryption ----------------------------------------------- - -- [Debian or Devuan GNU+Linux with full disk encryption](encrypted_debian.md) -- [Parabola GNU+Linux with full disk encryption](encrypted_parabola.md) - -Debian or Devuan net install? ------------------------------ - +## Debian or Devuan net install? Download the Debian or Devuan net installer. You can download the ISO -from the homepage on [debian.org](https://www.debian.org/), or [the -Devuan homepage](https://www.devuan.org/) for Devuan. Use this on the -GRUB terminal to boot it from USB (for 64-bit Intel or AMD): - - - set root='usb0' - linux /install.amd/vmlinuz - initrd /install.amd/initrd.gz - boot +from the homepage on [debian.org](https://www.debian.org/), or [the Devuan homepage](https://www.devuan.org/) for Devuan. Use this on the +GRUB terminal, to boot it from USB (for 64-bit Intel or AMD): -If you are on a 32-bit system (e.g. X60): + set root='usb0' + linux /install.amd/vmlinuz + initrd /install.amd/initrd.gz + boot - set root='usb0' - linux /install.386/vmlinuz - initrd /install.386/initrd.gz - boot +If you are on a 32-bit system (e.g. some Thinkpad X60's): -We recommend using the *MATE* desktop. + set root='usb0' + linux /install.386/vmlinuz + initrd /install.386/initrd.gz + boot -Booting ISOLINUX images (automatic method) ------------------------------------------- +## Booting ISOLINUX Images +### Automatic Method Boot it in GRUB using the *Parse ISOLINUX config (USB)* option. A new menu should appear in GRUB, showing the boot options for that distro; this is a GRUB menu, converted from the usual ISOLINUX menu provided by that distro. -Booting ISOLINUX images (manual method) ---------------------------------------- - -*These are generic instructions. They may or may not be correct for your +### Manual Method +These are generic instructions. They may or may not be correct for your distribution. You must adapt them appropriately, for whatever GNU+Linux -distribution it is that you are trying to install.* +distribution it is that you are trying to install. If the ISOLINUX parser or *Search for GRUB configuration* options won't -work, then press C in GRUB to access the command line. +work, then press C in GRUB to access the command line: - grub> ls + grub> ls Get the device from above output, eg (usb0). Example: - grub> cat (usb0)/isolinux/isolinux.cfg + grub> cat (usb0)/isolinux/isolinux.cfg Either this will show the ISOLINUX menuentries for that ISO, or link to other .cfg files, for example /isolinux/foo.cfg. If it did that, then you do: - grub> cat (usb0)/isolinux/foo.cfg + grub> cat (usb0)/isolinux/foo.cfg And so on, until you find the correct menuentries for ISOLINUX. *The file `/isolinux/foo.cfg` is a fictional example. Do not actually use this example, unless you actually have that file, if it is appropriate.* -For Debian or Devuan (and other debian-based distros), there are typically +For Debian or Devuan (and other Debian-based distros), there are typically menuentries listed in */isolinux/txt.cfg* or */isolinux/gtk.cfg*. For dual-architecture ISO images (i686 and x86\_64), there may be separate files/directories for each architecture. Just keep searching through the -image, until you find the correct ISOLINUX configuration file. NOTE: Debian 8.6 -ISO only lists 32-bit boot options in txt.cfg. This is important if you want -64-bit booting on your system. Devuan versions based on Debian 8.x may also -have the same issue. +image, until you find the correct ISOLINUX configuration file. + +**NOTE: Debian 8.6 ISO only lists 32-bit boot options in txt.cfg. This is important, if you want 64-bit booting on your system. Devuan versions based on Debian 8.x may also have the same issue.** -Now look at the ISOLINUX menuentry. It'll look like: +Now, look at the ISOLINUX menuentry. It'll look like this: - kernel /path/to/kernel append PARAMETERS initrd=/path/to/initrd ... + kernel /path/to/kernel append PARAMETERS initrd=/path/to/initrd ... -GRUB works similarly. Example GRUB commands: +GRUB works similarly; here are some example GRUB commands: - grub> set root='usb0' - grub> linux /path/to/kernel PARAMETERS MAYBE\_MORE\_PARAMETERS - grub> initrd /path/to/initrd - grub> boot + grub> set root='usb0' + grub> linux /path/to/kernel PARAMETERS MAYBE\_MORE\_PARAMETERS + grub> initrd /path/to/initrd + grub> boot -Note: *usb0* may be incorrect. Check the output of the *ls* command in -GRUB, to see a list of USB devices/partitions. Of course this will vary +Note: `usb0` may be incorrect. Check the output of the `ls` command (in +GRUB), to see a list of USB devices/partitions. Of course, this will vary from distro to distro. If you did all of that correctly, then it should now be booting your USB drive in the way that you specified. -Troubleshooting -=============== - -Most of these issues occur when using libreboot with coreboot's 'text -mode' instead of the coreboot framebuffer. This mode is useful for -booting payloads like memtest86+ which expect text-mode, but for -GNU+Linux distributions it can be problematic when they are trying to -switch to a framebuffer because it doesn't exist. +## Troubleshooting +Most of these issues occur when using Libreboot with Coreboot's 'text +mode' instead of the Coreboot framebuffer. This mode is useful for +booting payloads, like `MemTest86+`, which expect text-mode, but for +GNU+Linux distributions, it can be problematic when they are trying to +switch to a framebuffer, because it doesn't exist. -In most cases, you should use the vesafb ROM images. Example filename: -libreboot\_ukdvorak\_vesafb.rom. - -parabola won't boot in text-mode ---------------------------------- +In most cases, you should use the **vesafb** ROM images. Example filename: +**libreboot\_ukdvorak\_vesafb.rom**. +### Parabola Won't Boot in Text-Mode Use one of the ROM images with vesafb in the filename (uses coreboot framebuffer instead of text-mode). -debian-installer graphical corruption in text-mode (Debian and Devuan) ----------------------------------------------------------------------- - -When using the ROM images that use coreboot's "text mode" instead of +### debian-installer Graphical Corruption in Text-Mode (Debian and Devuan) +When using the ROM images that use Coreboot's "text mode" instead of the coreboot framebuffer, booting the Debian or Devuan net installer -results in graphical corruption because it is trying to switch to a -framebuffer which doesn't exist. Use that kernel parameter on the -'linux' line when booting it: +results in graphical corruption, because it is trying to switch to a +framebuffer, which doesn't exist. Use that kernel parameter on the +`linux` line, when booting it: - vga=normal fb=false + vga=normal fb=false This forces debian-installer to start in text-mode, instead of trying to switch to a framebuffer. If selecting text-mode from a GRUB menu created using the ISOLINUX -parser, you can press E on the menu entry to add this. Or, if you are -booting manually (from GRUB terminal) then just add the parameters. +parser, you can press `E` on the menu entry to add this. Or, if you are +booting manually (from GRUB terminal), then just add the parameters. -This workaround was found on the page: -<https://www.debian.org/releases/stable/i386/ch05s04.html>. It should -also work for Debian, Devuan and any other apt-get distro that provides -debian-installer (text mode) net install method. +This workaround was found on the [Debian site](https://www.debian.org/releases/stable/i386/ch05s04.html). It should also work for Devuan, and any other `apt-get` distro that provides the debian-installer (text mode) net install method. -Copyright © 2014, 2015, 2016 Leah Rowe <info@minifree.org>\ -Copyright © 2016 Scott Bonds <scott@ggr.com>\ +Copyright © 2014, 2015, 2016 Leah Rowe <info@minifree.org> + +Copyright © 2016 Scott Bonds <scott@ggr.com> + +Copyright © 2017 Elijah Smith <esmith1412@posteo.net> Permission is granted to copy, distribute and/or modify this document under the terms of the GNU Free Documentation License Version 1.3 or any later version published by the Free Software Foundation with no Invariant Sections, no Front Cover Texts, and no Back Cover Texts. A copy of this license is found in [../fdl-1.3.md](../fdl-1.3.md) + + diff --git a/docs/gnulinux/grub_cbfs.md b/docs/gnulinux/grub_cbfs.md @@ -1,25 +1,8 @@ -#Modifying the GRUB Configuration in Libreboot Systems - --- +title: Modifying the GRUB Configuration in Libreboot Systems +x-toc enable: true +... -[**Edit this Page**](https://libreboot.org/git.html#editing-the-website-and-documentation-wiki-style) -- [Back to Previous Index](https://libreboot.org/docs/gnulinux/) - -* [How to Get the GRUB Configuration File](#get_grub) - * [Download the Libreboot Utility Archive](#download_libreboot_util) - * [Get the Necessary Utilities](#get_utilities) - * [Get ROM Image](#get_rom) - * [Download a Pre-Compiled Image from the Libreboot Website](#pre_compiled) - * [Create an Image from the Current ROM](#create_from_current_rom) - * [Copy grubtest.cfg from ROM Image](#extract_grubtest) -* [How to Modify the GRUB Configuration File](#modify_grub_howto) -* [Change the GRUB Configuration that the Operating System Uses](#change_grub) - * [Without Re-Flashing ROM](#without_reflash) - * [With Flashing ROM](#with_reflash) - * [Change grubtest.cfg in ROM](#insert_modified_grubtest) - * [Change MAC Address in ROM](#change_mac) - * [Flash Updated ROM Image](#flash_updated_rom) - * [Reboot the Computer](#reboot) - * [Final Steps](#final_steps) This guide will go through all the steps to modify a GRUB configuration file in Libreboot; this is so that the user doesn't have to manually boot @@ -29,10 +12,7 @@ For the purposes of this guide, you can either modify the GRUB configuration fil that resides in the computer's ROM, or else you could modify the version that exists within the operating system itself; both options will be explained here. ---- - -##How to Get the GRUB Configuration File <a name=get_grub></a> - +## How to Get the GRUB Configuration File The first step of the process is to actually get a hold of the GRUB configuration file that we need to modify. There are two ways to do this: @@ -41,169 +21,163 @@ that we need to modify. There are two ways to do this: However, both ways will require us to download the Libreboot Utility Archive. -###Download the Libreboot Utility Archive <a name=download_libreboot_util></a> - +### Download the Libreboot Utility Archive The Libreboot Utility Archive contains the programs that we'll need to get our **grubtest.cfg** file. The latest release of the Libreboot Utility Archive can be downloaded from libreboot.org, [here](https://www.mirrorservice.org/sites/libreboot.org/release/stable/20160907/libreboot_r20160907_util.tar.xz). -The quickest way to download it would be to use the **`wget`** program, +The quickest way to download it would be to use the `wget` program, which (if you don't know) allows you to download files from the internet. If you don't already have it installed, you can install it, -using the **`apt-get`** command (in Debian-based distributions): +using the `apt-get` command (in Debian-based distributions): -> $ sudo apt-get install wget + $ sudo apt-get install wget -You can install it in Arch-based systems, using **`pacman`**: +You can install it in Arch-based systems, using `pacman`: -> $ sudo pacman -S wget + $ sudo pacman -S wget -Once you've installed **`wget`**, use it to download the file, +Once you've installed `wget`, use it to download the file, simply by passing it the URL as an argument; you can save the file anywhere, but for the purpose of this guide, save it in **~/Downloads** (your **Home** directory's downloads folder). First, change the current working directory to **~/Downloads**: -> $ cd ~/Downloads + $ cd ~/Downloads This guide assumes you are using the **20160907** version of Libreboot; if using a different version, modify the following commands accordingly: -> $ wget https://www.mirrorservice.org/sites/libreboot.org/release/stable/20160907/\ -> >libreboot_r20160907_util.tar.xz + $ wget https://www.mirrorservice.org/sites/libreboot.org/release/stable/20160907/\ + >libreboot_r20160907_util.tar.xz -After the file is downloaded, use the **`tar`** command to extract its contents: +After the file is downloaded, use the `tar` command to extract its contents: -> $ tar -xf libreboot_r20160907_util.tar.xz + $ tar -xf libreboot_r20160907_util.tar.xz After extraction, the folder will have the same name as the archive: in this case, **libreboot\_r20160907\_util**. For simplicity's sake, we'll rename it **libreboot\_util**, -using the **`mv`** command: +using the `mv` command: -> $ mv "libreboot_r20160907_util" "libreboot_util" + $ mv "libreboot_r20160907_util" "libreboot_util" Now you have the folder with all the utilities necessary to read and modify the contents of the ROM. -###Get the Necessary Utilities <a name=get_utilities></a> - -Once you have the **libreboot\_util** archive, you can find the **`cbfstool`** and **`flashrom`** +### Get the Necessary Utilities +Once you have the **libreboot\_util** archive, you can find the `cbfstool` and `flashrom` utilities in **libreboot\_util/cbfstools/x86\_64/cbfstool**, and **libreboot\_util/flashrom/x86\_64/flashrom**, respectively. ->NOTE: This guide assumes that you are using a device with the **x86_64** architecture; ->if you are using a device with a different architecture (e.g., **i686** or **armv7l**), ->the proper version of **`cbfstool`** and **`flashrom`** will be in that folder, ->inside their respective directories. +**NOTE: This guide assumes that you are using a device with the** x86\_64 **architecture; +if you are using a device with a different architecture (e.g.,** i686 **or** armv7l**), +the proper version of** `cbfstool` **and** `flashrom` **will be in that folder, +inside their respective directories.** You could also compile both of these utilities; see [How to Build flashrom](../git/#build_flashrom). -**`flashrom`** is also available from the repositories; if using an Arch-based distribution, -use **`pacman`**: - -> $ sudo pacman -S flashrom +`flashrom` is also available from the repositories; if using an Arch-based distribution, +use `pacman`: -Or, if you have a Debian-based distribution, use **`apt-get`**: + $ sudo pacman -S flashrom -> $ sudo apt-get install flashrom +Or, if you have a Debian-based distribution, use `apt-get`: -###Get the ROM Image <a name=get_rom></a> + $ sudo apt-get install flashrom +### Get the ROM Image You can either work directly with one of the ROM images already included in the libreboot ROM archives, or re-use the ROM that you have currently flashed. For the purpose of this tutorial, it is assumed that your ROM image file is named **libreboot.rom**, so please make sure to adapt. There are two ways to get a pre-compiled ROM image: -####1. Download a Pre-Compiled Image from the Libreboot Website <a name=pre_compiled></a> +#### 1. Download a Pre-Compiled Image from the Libreboot Website +For the current release, **20160907**, they can be found [here](https://www.mirrorservice.org/sites/libreboot.org/release/stable/20160907/rom/grub/); +please adopt this guide, if using a different version of Libreboot. ->For the current release, **20160907**, they can be found [here](https://www.mirrorservice.org/sites/libreboot.org/release/stable/20160907/rom/grub/); ->please adopt this guide, if using a different version of Libreboot. +You also need to make sure that you select both the correct ROM for the device you're using, +as well as the correct flash chip size (if applicable): **4mb**, **8mb**, or **16mb**; +variable flash chip sizes only apply for the Thinkpads that Libreboot supports (excluding the X60 and T60). ->You also need to make sure that you select both the correct ROM for the device you're using, ->as well as the correct flash chip size (if applicable): 4mb, 8mb, or 16mb; ->variable flash chip sizes only apply for the Thinkpads that Libreboot supports (excluding the X60 and T60). +You can find the flash chip size, by running the following command: ->You can find the flash chip size, by running the following command: + # flashrom -p internal -V ->> # flashrom -p internal -V +Look for a line like this: ->Look for a line like this: + Found Macronix flash chip "MX25L6406E/MX25L6408E" (8192 kB, SPI) \ + mapped at physical address 0x00000000ff800000. ->> Found Macronix flash chip "MX25L6406E/MX25L6408E" (8192 kB, SPI) \ ->> mapped at physical address 0x00000000ff800000. +Running this command on my Thinkpad X200 gives me the above result, so I know that +my flash chip size is **8mb**. ->Running this command on my Thinkpad X200 gives me the above result, so I know that ->my flash chip size is 8mb. +Once you've determined the correct ROMs and flash chip size, download them from the website. +Since I'm currently using an X200 to write this guide, I'll demonstrate how +to download the correct ROM images for that model. ->Once you've determined the correct ROMs and flash chip size, download them from the website. ->Since I'm currently using an X200 to write this guide, I'll demonstrate how ->to download the correct ROM images for that model. +First, we're going to navigate to the **libreboot\_util** folder: ->First, we're going to navigate to the **libreboot\_util** folder: + $ cd ~/Downloads/libreboot_util/ ->> $ cd ~/Downloads/libreboot_util/ +Then, we will download the ROM images, using `wget`: ->Then, we will download the ROM images, using **`wget`**: + $ wget https://www.mirrorservice.org/sites/libreboot.org/release/stable/\ + 20160907/rom/grub/libreboot_r20160907_grub_x200_8mb.tar.xz ->> $ wget https://www.mirrorservice.org/sites/libreboot.org/release/stable/\ ->> 20160907/rom/grub/libreboot_r20160907_grub_x200_8mb.tar.xz +Extract the archive, using `tar`: ->Extract the archive, using **`tar`**: + $ tar -xf libreboot_r20160907_grub_x200_8mb.tar.xz ->> $ tar -xf libreboot_r20160907_grub_x200_8mb.tar.xz +Navigate to the directory that you just created: ->Navigate to the directory that you just created: + $ cd libreboot_r20160907_grub_x200_8mb ->> $ cd libreboot_r20160907_grub_x200_8mb +Now that we are in the archive, we must choose the correct ROM image. +To figure out the correct image, we must first parse the filenames for each ROM. +For example, for the file named **x200_8mb_usqwerty_vesafb.rom**: ->Now that we are in the archive, we must choose the correct ROM image. ->To figure out the correct image, we must first parse the filenames for each ROM. ->For example, for the file named **x200_8mb_usqwerty_vesafb.rom**: + Model Name: x200 + Flash Chip Size: 8mb + Country: us + Keyboard Layout: qwerty + ROM Type: vesafb or txtmode ->> Model Name: x200 ->> Flash Chip Size: 8mb ->> Country: us ->> Keyboard Layout: qwerty ->> ROM Type: vesafb or txtmode +Since I am using a QWERTY keyboard, I will ignore all the non-QWERTY options. +Note that there are two types of ROMs: **vesafb** and **txtmode**; +The **vesafb** ROM images are recommended, in most cases; **txtmode** ROM images +come with `MemTest86+`, which requires text-mode, instead of the usual framebuffer +used by coreboot native graphics initialization. ->Since I am using a QWERTY keyboard, I will ignore all the non-QWERTY options. ->Note that there are two types of ROMs: **`vesafb`** and **`txtmode`**; ->The **`vesafb`** ROM images are recommended, in most cases; **`txtmode`** ROM images ->come with **`MemTest86+`**, which requires text-mode, instead of the usual framebuffer ->used by coreboot native graphics initialization. +I'll choose **x200_8mb_usqwerty_vesafb.rom**; I'll copy the file (to the `cbfstool` directory), +and rename it with one command: ->I'll choose **x200_8mb_usqwerty_vesafb.rom**; I'll copy the file (to the **`cbfstool`** directory), ->and rename it with one command: + $ mv "x200_8mb_usqwerty_vesafb.rom" ../cbfstool/x86_64/cbfstool/x86_64/libreboot.rom ->> $ mv "x200_8mb_usqwerty_vesafb.rom" ../cbfstool/x86_64/cbfstool/x86_64/libreboot.rom +#### 2. Create an Image from the Current ROM +The simpler way to get a ROM image is to just create it from your current ROM, +using `flashrom`, making sure to save it in the `cbfstool` folder, inside **libreboot\_util**: -####2. Create an Image from the Current ROM <a name=create_from_current_rom></a> + $ sudo flashrom -p internal -r ~/Downloads/libreboot_util/cbfstool/\ + x86_64/cbfstool/x86_64/libreboot.rom ->The simpler way to get a ROM image is to just create it from your current ROM, ->using **`flashrom`**, making sure to save it in the **`cbfstool`** folder, inside **libreboot\_util**: +If you are told to specify the chip, add the option `-c {your chip}` to the command, like this: ->> $ sudo flashrom -p internal -r ~/Downloads/libreboot_util/cbfstool/\ ->> x86_64/cbfstool/x86_64/libreboot.rom - ->If you are told to specify the chip, add the option **`-c {your chip}`** to the command, like this: - ->> $ sudo flashrom -c MX25L6405 -p internal -r ~/Downloads/libreboot_util/\ ->> cbfstool/x86_64/cbfstool/x86_64/libreboot.rom + $ sudo flashrom -c MX25L6405 -p internal -r ~/Downloads/libreboot_util/\ + cbfstool/x86_64/cbfstool/x86_64/libreboot.rom Now you are ready to extract the GRUB configuration files from the ROM, and modify them the way you want. -###Copy grubtest.cfg from the ROM Image <a name=extract_grubtest></a> - -You can check the contents of the ROM image, inside CBFS, using **`cbfstool`**. +### Copy grubtest.cfg from the ROM Image +You can check the contents of the ROM image, inside CBFS, using `cbfstool`. First, navigate to the cbfstool folder: -> $ cd ~/Downloads/libreboot_util/cbfstool/x86_64/cbfstool/x86_64/ + $ cd ~/Downloads/libreboot_util/cbfstool/x86_64/cbfstool/x86_64/ -Then, run the **`cbfstool`** commmand, with the **`print`** option; this will display +Then, run the `cbfstool` commmand, with the `print` option; this will display a list of all the files located in the ROM: -> $ ./cbfstool libreboot.rom print + $ ./cbfstool libreboot.rom print You should see **grub.cfg** and **grubtest.cfg** in the list. **grub.cfg** is loaded by default, with a menu entry for switching to **grubtest.cfg**. In @@ -212,39 +186,36 @@ reduce the possibility of bricking your device, so *DO NOT SKIP THIS!* Extract (i.e., get a copy of ) **grubtest.cfg** from the ROM image: -> $ ./cbfstool libreboot.rom extract -n grubtest.cfg -f grubtest.cfg + $ ./cbfstool libreboot.rom extract -n grubtest.cfg -f grubtest.cfg -By default **`cbfstool`** will extract files to the current working directory; +By default `cbfstool` will extract files to the current working directory; so, **grubtest.cfg** should appear in the same folder as **libreboot.rom**. ---- - -##How to Modify the GRUB Configuration File <a name=modify_grub_howto></a> - +## How to Modify the GRUB Configuration File This section will instruct the user *how* to modify their GRUB configuration file; whether they decide to use the version located in their operating system's **/** folder, or the one located in the ROM, the modifications will be the same. Once the file is open, look for the following line (it will be towards the bottom of the file): -> menuentry 'Load Operating System [o]' --hotkey='o' --unrestricted + menuentry 'Load Operating System [o]' --hotkey='o' --unrestricted After this line, there will be an opening bracket **{**, followed by a several lines of code, and then a closing bracket **}**; delete everything that is between those two brackets, and replace it with the following code, if you're using an Arch-based disribution (e.g., Parabola GNU+Linux-Libre): -> cryptomount -a -> set root='lvm/matrix-root' -> linux /boot/vmlinuz-linux-libre root=/dev/matrix/root cryptdevice=/dev/sda1:root \ -> cryptkey=rootfs:/etc/mykeyfile -> initrd /boot/initramfs-linux-libre.img + cryptomount -a + set root='lvm/matrix-root' + linux /boot/vmlinuz-linux-libre root=/dev/matrix/root cryptdevice=/dev/sda1:root \ + cryptkey=rootfs:/etc/mykeyfile + initrd /boot/initramfs-linux-libre.img Or, replace it with this, if you are using a Debian-based distribution (e.g., Trisquel GNU+Linux): -> cryptomount -a -> set root='lvm/matrix-rootvol' -> linux /vmlinuz root=/dev/mapper/matrix-rootvolcryptdevice=/dev/mapper/matrix-rootvol:root -> initrd /initrd.img + cryptomount -a + set root='lvm/matrix-rootvol' + linux /vmlinuz root=/dev/mapper/matrix-rootvolcryptdevice=/dev/mapper/matrix-rootvol:root + initrd /initrd.img Remember, that these names come from the instructions to install GNU+Linux on Libreboot systems, located [here](index.md). If you followed different instructions, @@ -258,15 +229,11 @@ If you are interested in those modifications, see the Libreboot guide on [Harden That's it for the modifications! Now all you need to do is follow the instructions below, in order to use this new configuration to boot your system. ---- - -##Change the GRUB Configuration File that the Operating System Uses <a name=change_grub></a> - +## Change the GRUB Configuration File that the Operating System Uses Now that we have explained *how* to modify the file itself, we need to explain how to actually make our system *use* the new GRUB configuration file to boot. -###Without Re-Flashing the ROM <a name=without_reflash></a> - +### Without Re-Flashing the ROM To change the GRUB Configuration that our system uses, without having to re-flash the ROM, we need to take our **grubest.cfg** file, rename it to **libreboot\_grub**; this is because that, by default, GRUB in Libreboot is configured to scan all partitions on @@ -275,109 +242,104 @@ the main storage for **/boot/grub/libreboot\_grub.cfg** or **/grub/libreboot\_gr Therefore, we need to either copy **libreboot\_grub.cfg** to **/grub**, or to **/boot/grub**: -> $ sudo cp ~/Downloads/libreboot_util/cbfstool/x86_64/cbfstool/x86_64/grubtest.cfg \ -> >/boot/grub # or /grub + $ sudo cp ~/Downloads/libreboot_util/cbfstool/x86_64/cbfstool/x86_64/grubtest.cfg \ + >/boot/grub # or /grub Now, the next time we boot our computer, GRUB (in Libreboot) will automatically switch to this configuration file. *This means that you do not have to re-flash, recompile, or otherwise modify Libreboot at all!* -###With Re-Flashing the ROM <a name=with_reflash></a> - +### With Re-Flashing the ROM Changing the GRUB configuration that resides in ROM is a bit more complicated that the one in **/**, but most of the hard work is already done. -####Change grubtest.cfg in ROM <a name=insert_modified_grubtest></a> - +#### Change grubtest.cfg in ROM Now that you have the modified **grubtest.cfg**, we need to remove the old **grubtest.cfg** from the ROM, and put in our new one. To remove -the old one, we will use **`cbfstool`**: +the old one, we will use `cbfstool`: -> $ ./cbfstool libreboot.rom remove -n grubtest.cfg + $ ./cbfstool libreboot.rom remove -n grubtest.cfg Then, add the new one to the ROM: -> $ ./cbfstool libreboot.rom add -n grubtest.cfg -f grubtest.cfg -t raw - -####Change MAC address in ROM <a name=change_macl></a> + $ ./cbfstool libreboot.rom add -n grubtest.cfg -f grubtest.cfg -t raw +#### Change MAC address in ROM The last step before flashing the new ROM, is to change the MAC address inside it. Every libreboot ROM image contains a generic MAC address; you want to make sure that your ROM image contains yours, so as to not create any problems on your network (say, for example, that multiple family members had libreboot computers, and used the same ROM image to flash those computers). -To do this, we will use the **`ich9gen`** utility, also located in **libreboot_util**. +To do this, we will use the `ich9gen` utility, also located in **libreboot_util**. First, you need to find the current MAC address of your computer; there are two ways to do this: 1. Read the white label on the bottom of the case (however, this will only work, if your motherboard has never been replaced). -2. Run **`ifconfig`**; look for your ethernet device (e.g., **`enpXXX`** -in Arch-based distributions, or **`eth0`** in Debian-based distributions), -and look for a set of characters like this: **`00:f3:f0:45:91:fe`**. +2. Run `ifconfig`; look for your ethernet device (e.g., **enpXXX** +in Arch-based distributions, or **eth0** in Debian-based distributions), +and look for a set of characters like this: `00:f3:f0:45:91:fe`. Next, you need to move **libreboot.rom** to the following folder; this is where -the executable for **`ich9gen`** is located: +the executable for `ich9gen` is located: -> $ mv libreboot.rom ~/Downloads/libreboot_r20160907_util/ich9deblob/ + $ mv libreboot.rom ~/Downloads/libreboot_r20160907_util/ich9deblob/ Once there, run the following command, making sure to use your own MAC address, instead of what's written below: -> $ ./ich9gen --macaddress XX:XX:XX:XX:XX:XX + $ ./ich9gen --macaddress XX:XX:XX:XX:XX:XX Three new files will be created: -* ich9fdgbe_4m.bin: this is for GM45 laptops with the 4MB flash chip. -* ich9fdgbe_8m.bin: this is for GM45 laptops with the 8MB flash chip. -* ich9fdgbe_16m.bin: this is for GM45 laptops with the 16MB flash chip. +* **ich9fdgbe_4m.bin**: this is for GM45 laptops with the 4MB flash chip. +* **ich9fdgbe_8m.bin**: this is for GM45 laptops with the 8MB flash chip. +* **ich9fdgbe_16m.bin**: this is for GM45 laptops with the 16MB flash chip. Look for the one that corresponds to the size of your ROM image; for example, -if your flash chip size is **`8mb`**, you'll want to use **ich9fdgbe_8m.bin**. +if your flash chip size is **8mb**, you'll want to use **ich9fdgbe_8m.bin**. -Now, insert this file (called the **`descriptor+gbe`**) into the ROM image, using **`dd`**: +Now, insert this file (called the `descriptor+gbe`) into the ROM image, using `dd`: -> dd if=ich9fdgbe_8m.bin of=libreboot.rom bs=1 count=12k conv=notrunc + dd if=ich9fdgbe_8m.bin of=libreboot.rom bs=1 count=12k conv=notrunc Move **libreboot.rom** back to the **libreboot\_util** directory: -> $ mv libreboot.rom ~/Downloads/libreboot_util + $ mv libreboot.rom ~/Downloads/libreboot_util You are finally ready to flash the ROM! -####Flash Updated ROM Image <a name=flash_updated_rom></a> - +#### Flash Updated ROM Image The last step of flashing the ROM requires us to change our current working directory to **libreboot\_util**: -> $ cd ~/Downloads/libreboot_util + $ cd ~/Downloads/libreboot_util -Now, all we have to do is use the **`flash`** script in this directory, -with the **`update`** option, using **libreboot.rom** as the argument: +Now, all we have to do is use the `flash` script in this directory, +with the `update` option, using **libreboot.rom** as the argument: -> $ sudo ./flash update libreboot.rom + $ sudo ./flash update libreboot.rom -Ocassionally, coreboot changes the name of a given board. If **`flashrom`** +Ocassionally, coreboot changes the name of a given board. If `flashrom` complains about a board mismatch, but you are sure that you chose the correct ROM image, then run this alternative command: -> $ sudo ./flash forceupdate libreboot.rom + $ sudo ./flash forceupdate libreboot.rom -You will see the **`flashrom`** program running for a little while, and you might see errors, -but if it says **`Verifying flash... VERIFIED`** at the end, then it’s flashed, +You will see the `flashrom` program running for a little while, and you might see errors, +but if it says `Verifying flash... VERIFIED` at the end, then it’s flashed, and should boot. If you see errors, try again (and again, and again). -The message **`Chip content is identical to the requested image`** is also +The message, `Chip content is identical to the requested image` is also an indication of a successful installation. -####Reboot the Computer <a name=reboot></a> - -Now that you have flashed the image, reboot the computer. Keep pressing **`spacebar`** +#### Reboot the Computer +Now that you have flashed the image, reboot the computer. Keep pressing `spacebar` right after you turn it on, until you see the GRUB menu, to prevent libreboot from automatically trying to load the operating system. -Scroll down with the arrow keys, and choose the **`Load test configuration (grubtest.cfg) inside of CBFS`** option; +Scroll down with the arrow keys, and choose the `Load test configuration (grubtest.cfg) inside of CBFS` option; this will switch the GRUB configuration to your test version. If all goes well, it should prompt you for a GRUB username and password, and then your LUKS password. @@ -385,59 +347,54 @@ Once the operating system starts loading, it will prompt you for your LUKS passw If it continues, and loads into the OS without errors, then that means your flashing attempt was a success. -####Final Steps <a name=final_steps></a> - +#### Final Steps When you are satisfied booting from **grubtest.cfg**, you can create a copy of **grubtest.cfg**, called **grub.cfg**. -First, go to the **`cbfstool`** directory: +First, go to the `cbfstool` directory: -> $ cd ~/Downloads/libreboot_util/cbfstool/x86_64/cbfstool/x86_64/ + $ cd ~/Downloads/libreboot_util/cbfstool/x86_64/cbfstool/x86_64/ Then, create a copy of **grubest.cfg**, named **grub.cfg**: -> $ cp grubtest.cfg ./grub.cfg + $ cp grubtest.cfg ./grub.cfg -Now you will use the **`sed`** command to make several changes to the file: -the menu entry **`'Switch to grub.cfg'`** will be changed to **`Switch to grubtest.cfg`**, +Now you will use the `sed` command to make several changes to the file: +the menu entry `'Switch to grub.cfg'` will be changed to `Switch to grubtest.cfg`, and inside it, all instances of **grub.cfg** to **grubtest.cfg**. -This is so that the main config still links (in the menu) to **grubtest.cfg**, +This is so that the main configuration still links (in the menu) to **grubtest.cfg**, so that you don't have to manually switch to it, in case you ever want to follow this guide again in the future (modifying the already modified config).: -> $ sed -e 's:(cbfsdisk)/grub.cfg:(cbfsdisk)/grubtest.cfg:g' -e \ -> >'s:Switch to grub.cfg:Switch to grubtest.cfg:g' < grubtest.cfg > \ -> >grub.cfg + $ sed -e 's:(cbfsdisk)/grub.cfg:(cbfsdisk)/grubtest.cfg:g' -e \ + >'s:Switch to grub.cfg:Switch to grubtest.cfg:g' < grubtest.cfg > \ + >grub.cfg Move **libreboot.rom** from **libreboot\_util** to your current directory: -> $ mv ~/Downloads/libreboot_util/libreboot.rom . + $ mv ~/Downloads/libreboot_util/libreboot.rom . Delete the **grub.cfg** that's already inside the ROM: -> $ ./cbfstool libreboot.rom remove -n grub.cfg + $ ./cbfstool libreboot.rom remove -n grub.cfg Add your modified **grub.cfg** to the ROM: -> $ ./cbfstool libreboot.rom add -n grub.cfg -f grub.cfg -t raw + $ ./cbfstool libreboot.rom add -n grub.cfg -f grub.cfg -t raw Move **libreboot.rom** back to **libreboot\_util**: -> $ mv libreboot.rom ../.. + $ mv libreboot.rom ../.. -If you don't remember how to flash it, refer back to [Flash Updated ROM Image](#flash_updated_rom); -it's the same method as you used before. Afterwards, reboot the machine with your new configuration. - ---- +If you don't remember how to flash it, refer back to the *Flash Updated ROM Image*, above; it's the same method as you used before. Afterwards, reboot the machine with your new configuration. Copyright © 2014, 2015, 2016 Leah Rowe <info@minifree.org> Copyright © 2017 Elijah Smith <esmith61412@posteo.net> ---- - Permission is granted to copy, distribute and/or modify this document under the terms of the GNU Free Documentation License Version 1.3 or any later version published by the Free Software Foundation with no Invariant Sections, no Front Cover Texts, and no Back Cover Texts. -A copy of this license is found in [../fdl-1.3.md](../fdl-1.3.md)- \ No newline at end of file +A copy of this license is found in [../fdl-1.3.md](../fdl-1.3.md) + diff --git a/docs/gnulinux/index.md b/docs/gnulinux/index.md @@ -1,35 +1,33 @@ -# GNU+Linux Installation Instructions - --- +title: GNU+Linux Installation Instructions +... This section explains how to deal with various GNU+Linux distributions in Libreboot (e.g., Creating bootable USB drives, Installing Operating Systems, Changing the default GRUB menu, etc.). -**NOTE: This section is only for the GRUB payload. For depthcharge, -instructions have yet to be written.** +**NOTE: This section is only for the GRUB payload. For depthcharge +(used on CrOS devices in libreboot), instructions have yet to be written.** - [How to Install GNU+Linux on a Libreboot System](grub_boot_installer.md) - [Modifying the GRUB Configuration in Libreboot Systems](grub_cbfs.md) - [Installing Parabola or Arch Gnu+Linux-Libre, with Full-Disk Encryption (including /boot)](encrypted_parabola.md) + - Follow-Up Tutorial: [Configuring Parabola (Post-Install)](configuring_parabola.md) - [Installing Debian or Devuan GNU+Linux-Libre, with Full-Disk Encryption (including /boot)](encrypted_debian.md) - [How to Harden Your GRUB Configuration, for Security](grub_hardening.md) ---- - Copyright © 2014, 2015 Leah Rowe <info@minifree.org> Copyright © 2017 Elijah Smith <esmith1412@posteo.net> ---- - Permission is granted to copy, distribute and/or modify this document under the terms of the GNU Free Documentation License Version 1.3 or any later version published by the Free Software Foundation with no Invariant Sections, no Front Cover Texts, and no Back Cover Texts. -A copy of this license is found in [../fdl-1.3.md](../fdl-1.3.md)- \ No newline at end of file +A copy of this license is found in [../fdl-1.3.md](../fdl-1.3.md) +