@@ -110,18 +110,18 @@ Now it's time to partition the disk; you will be shown several options; choose `
...
@@ -110,18 +110,18 @@ Now it's time to partition the disk; you will be shown several options; choose `
13. Choose `Configure the Logical Volume Manager`. You will be asked if you want to `Keep current partition layout and configure LVM`; choose `Yes`.
13. Choose `Configure the Logical Volume Manager`. You will be asked if you want to `Keep current partition layout and configure LVM`; choose `Yes`.
14. Choose `Create volume group`. You will have to enter a name for the group; use **grubcrypt**. Select the encrypted partition as the device (by pressing `Spacebar`, which will make an `*` appear between the brackets; that's how you know it's been selected). Press `Tab`, and choose `Continue`.
14. Choose `Create volume group`. You will have to enter a name for the group; use **matrix**. Select the encrypted partition as the device (by pressing `Spacebar`, which will make an `*` appear between the brackets; that's how you know it's been selected). Press `Tab`, and choose `Continue`.
15. Choose `Create logical volume`. Select the volume group you created in the previous step (i.e., **grubcrypt**), and name it **trisquel**; make the size the entire drive minus 2048 MB (for the swap space). Press `Enter`.
15. Choose `Create logical volume`. Select the volume group you created in the previous step (i.e., **matrix**), and name it **rootvol**; make the size the entire drive minus 2048 MB (for the swap space). Press `Enter`.
16. Choose `Create logical volume` again, and select **grubcrypt**. Name this one **swap**, and make the size the default value (it should be about 2048MB). Press `Enter`, and then choose `Finish`.
16. Choose `Create logical volume` again, and select **matrix**. Name this one **swap**, and make the size the default value (it should be about 2048MB). Press `Enter`, and then choose `Finish`.
17. Now you are back at the main partitioning screen. You will simply set the mount points and filesystems to use for each partition you just created. Under `LVM VG grubcrypt, LV trisquel`, select the first partition: `#1`. Change the values in this section to reflect the following; then choose `Done setting up partition`:
17. Now you are back at the main partitioning screen. You will simply set the mount points and filesystems to use for each partition you just created. Under `LVM VG matrix, LV rootvol`, select the first partition: `#1`. Change the values in this section to reflect the following; then choose `Done setting up partition`:
* use as: `ext4`
* use as: `ext4`
* mount point: `/`
* mount point: `/`
18. Under `LVM VG grubcrypt, LV swap`, select the first partition: `#1`. Change the value of `use as` to `swap area`. Choose `Done setting up partition`.
18. Under `LVM VG matrix, LV swap`, select the first partition: `#1`. Change the value of `use as` to `swap area`. Choose `Done setting up partition`.
19. Finally, when back at the main partitioning screen, choose `Finish partitioning and write changes to disk`. It will ask you to verify that you want to do this; choose `Yes`.
19. Finally, when back at the main partitioning screen, choose `Finish partitioning and write changes to disk`. It will ask you to verify that you want to do this; choose `Yes`.
...
@@ -146,7 +146,7 @@ When prompted to choose a desktop environment, use the arrow keys to navigate th
...
@@ -146,7 +146,7 @@ When prompted to choose a desktop environment, use the arrow keys to navigate th
You might also want to choose some of the other package groups (or none of them, if you want a basic shell); it's up to you. Once you've chosen the option you want, press `Tab`, and then choose `Continue`.
You might also want to choose some of the other package groups (or none of them, if you want a basic shell); it's up to you. Once you've chosen the option you want, press `Tab`, and then choose `Continue`.
## Install the GRUB boot loader to the master boot record
## Install the GRUB boot loader to the master boot record
The installer will ask you if you want to install the GRUB bootloader to the master boot record; choose `No`. You do not need to install GRUB at all, since in Libreboot, you are using the GRUB payload on the ROM to boot your system.
The installer will ask you if you want to install the GRUB bootloader to the master boot record; choose `Yes`. While you do not need to install GRUB bootloader, since in Libreboot, you are using the GRUB payload on the ROM to boot your syste, you still need to install grub package (preferably `grub-coreboot`) and generate distro's `grub.cfg` with `grub-mkconfig`.
The next window will prompt you to enter a `Device for boot loader installation`. Leave the line blank; press `Tab`, and choose `Continue`.
The next window will prompt you to enter a `Device for boot loader installation`. Leave the line blank; press `Tab`, and choose `Continue`.
...
@@ -156,13 +156,13 @@ The installer will ask if your system clock is set to UTC; choose `Yes`.
...
@@ -156,13 +156,13 @@ The installer will ask if your system clock is set to UTC; choose `Yes`.
## Finishing the Installation
## Finishing the Installation
The installer will now give you a message that the installation is complete. Choose `Continue`, remove the installation media, and the system will automatically reboot.
The installer will now give you a message that the installation is complete. Choose `Continue`, remove the installation media, and the system will automatically reboot.
## Booting your system
## Booting your system manually
At this point, you will have finished the installation. At your GRUB boot screen, press `C` to get to the command line, and enter the following commands at the `grub>` prompt:
At this point, you will have finished the installation. To boot system manually, at your GRUB boot screen, press `C` to get to the command line, and enter the following commands at the `grub>` prompt:
grub> cryptomount -a
grub> cryptomount -a
grub> set root='lvm/grubcrypt-trisquel'
grub> set root='lvm/matrix-rootvol'
grub> linux /vmlinuz root=/dev/mapper/grubcrypt-trisquel \
grub> linux /vmlinuz root=/dev/mapper/matrix-rootvol \
>cryptdevice=/dev/mapper/grubcrypt-trisquel:root
>cryptdevice=/dev/mapper/matrix-rootvol:root
grub> initrd /initrd.img
grub> initrd /initrd.img
grub> boot
grub> boot
...
@@ -178,7 +178,7 @@ If you didn't encrypt your home directory, then you can safely ignore this secti
...
@@ -178,7 +178,7 @@ If you didn't encrypt your home directory, then you can safely ignore this secti
This will be needed in the future, if you ever need to recover your home directory from another system. Write it down, or (preferably) store it using a password manager (I recommend `keepass`,`keepasX`, or `keepassXC`).
This will be needed in the future, if you ever need to recover your home directory from another system. Write it down, or (preferably) store it using a password manager (I recommend `keepass`,`keepasX`, or `keepassXC`).
## Modify grub.cfg (CBFS)
## Modify grub.cfg (CBFS)
The last step of the proccess is to modify your **grub.cfg** file (in the firmware), and flash the new configuration, [using this tutorial](grub_cbfs.md); this is so that you don't have to manually type in the commands above, every single time you want to boot your computer. You can also make your GRUB configuration much more secure, by following [this guide](grub_hardening.md).
As the last step of the proccess you *can* modify your **grub.cfg** file (in the firmware), and flash the new configuration, [using this tutorial](grub_cbfs.md); this is so you can make your GRUB configuration much more secure, by following [this guide](grub_hardening.md). This step is entirely optional, libreboot supports FDE scheme without any changes to its grub.cfg.
## Troubleshooting
## Troubleshooting
During boot, some Thinkpads have a faulty DVD drive, which can cause the `cryptomount -a` command to fail, as well as the error `AHCI transfer timed out` (when the Thinkpad X200 is connected to an UltraBase). For both issues, the workaround was to remove the DVD drive (if using the UltraBase, then the whole device must be removed).
During boot, some Thinkpads have a faulty DVD drive, which can cause the `cryptomount -a` command to fail, as well as the error `AHCI transfer timed out` (when the Thinkpad X200 is connected to an UltraBase). For both issues, the workaround was to remove the DVD drive (if using the UltraBase, then the whole device must be removed).
