summaryrefslogtreecommitdiffstats
path: root/docs/gnulinux
diff options
context:
space:
mode:
authorFrancis Rowe <info@gluglug.org.uk>2015-02-04 04:14:49 (EST)
committer Francis Rowe <info@gluglug.org.uk>2015-02-04 04:14:49 (EST)
commit4c3d46238022f0c9955ae7e8b10c9f1716dd871a (patch)
tree8639e21d93df6493d952bda5f324efbe4d89447f /docs/gnulinux
parent5b6f5884280657c8554035503ee2bde5d84a276c (diff)
downloadlibreboot-4c3d46238022f0c9955ae7e8b10c9f1716dd871a.zip
libreboot-4c3d46238022f0c9955ae7e8b10c9f1716dd871a.tar.gz
libreboot-4c3d46238022f0c9955ae7e8b10c9f1716dd871a.tar.bz2
Documentation: implement theme, drastically improve readability
Diffstat (limited to 'docs/gnulinux')
-rw-r--r--docs/gnulinux/configuring_parabola.html1234
-rw-r--r--docs/gnulinux/encrypted_parabola.html727
-rw-r--r--docs/gnulinux/encrypted_trisquel.html557
-rw-r--r--docs/gnulinux/grub_boot_installer.html238
-rw-r--r--docs/gnulinux/grub_cbfs.html751
-rw-r--r--docs/gnulinux/index.html64
6 files changed, 1901 insertions, 1670 deletions
diff --git a/docs/gnulinux/configuring_parabola.html b/docs/gnulinux/configuring_parabola.html
index 0c8e92a..7f69cf7 100644
--- a/docs/gnulinux/configuring_parabola.html
+++ b/docs/gnulinux/configuring_parabola.html
@@ -12,143 +12,169 @@
</head>
<body>
- <header>
+ <div class="section">
<h1 id="pagetop">Configuring Parabola (post-install)</h1>
- <aside>Or <a href="index.html">back to main index</a></aside>
- </header>
-
-<hr/>
-
- <h2>Table of Contents</h2>
- <ul>
- <li>
- <a href="#pacman_configure">Configuring pacman</a>
- <ul>
- <li><a href="#pacman_update">Updating Parabola</a></li>
- <li>
- <a href="#pacman_maintain">Maintaining Parabola during system updates</a>
- <ul>
- <li><a href="#pacman_cacheclean">Clearing package cache after updating</a></li>
- <li><a href="#pacman_commandequiv">Pacman command equivalents (compared to other package managers)</a></li>
- </ul>
- </li>
- <li><a href="#yourfreedom">your-freedom</a></li>
- </ul>
- </li>
- <li><a href="#useradd">Add a user account</a></li>
- <li><a href="#systemd">System D</a></li>
- <li><a href="#interesting_repos">Interesting repositories</a></li>
- <li>
- <a href="#network">Setup a network connection in Parabola</a>
- <ul>
- <li><a href="#network_hostname">Setting hostname</a></li>
- <li><a href="#network_status">Network status</a></li>
- <li><a href="#network_devicenames">Network interface names</a></li>
- <li><a href="#network_setup">Network setup</a></li>
- </ul>
- </li>
- <li><a href="#system_maintain">System maintenance</a> - important!</li>
- <li>
- <a href="#desktop">Configuring the desktop</a>
- <ul>
- <li><a href="#desktop_xorg">Install Xorg</a></li>
- <li><a href="#desktop_kblayout">Xorg keyboard layout</a></li>
- <li><a href="#desktop_lxde">Install LXDE</a></li>
- <li><a href="#lxde_clock">LXDE - clock</a></li>
- <li><a href="#lxde_font">LXDE - font</a></li>
- <li><a href="#lxde_screenlock">LXDE - screenlock</a></li>
- <li><a href="#lxde_automount">LXDE - automounting</a></li>
- <li><a href="#lxde_suspend">LXDE - disable suspend</a></li>
- <li><a href="#lxde_battery">LXDE - battery monitor</a></li>
- <li><a href="#lxde_network">LXDE - network manager</a></li>
- </ul>
- </li>
- </ul>
-
-<hr/>
-
- <p>
- While not strictly related to the libreboot project, this guide
- is intended to be useful for those interested in installing
- Parabola on their libreboot machine.
- </p>
-
- <p>
- It details configuration steps that I took after installing the base system,
- as a follow up to <a href="encrypted_parabola.html">encrypted_parabola.html</a>.
- This guide is likely to become obsolete at a later date (due to the volatile
- 'rolling-release' model that Arch/Parabola both use), but attempts will be made to maintain it.
- </p>
-
- <p>
- <b>
- This guide was valid on 2014-09-21. If you see any changes that should to be made at the present date, please get in touch
- with the libreboot project!
- </b>
- </p>
-
- <p>
- You do not necessarily have to follow this guide word-for-word; <i>parabola</i> is extremely flexible.
- The aim here is to provide a common setup that most users will be happy with. While Parabola
- can seem daunting at first glance (especially for new GNU/Linux users), with a simple guide it can provide
- all the same usability as Trisquel, without hiding any details from the user.
- </p>
-
- <p>
- Paradoxically, as you get more advanced Parabola can actually become <i>easier to use</i>
- when you want to set up your machine in a special way compared to what most distributions provide.
- You will find over time that other distributions tend to <i>get in your way</i>.
- </p>
-
- <p>
- <b>
- This guide assumes that you already have Parabola installed. If you have not yet installed Parabola,
- then <a href="encrypted_parabola.html">this guide</a> is highly recommended!
- </b>
- </p>
-
- <p>
- A lot of the steps in this guide will refer to the Arch wiki. Arch is the upstream distribution that Parabola uses.
- Most of this guide will also tell you to read wiki articles, other pages, manuals, and so on. In general it tries
- to cherry pick the most useful information but nonetheless you are encouraged to learn as much as possible.
- <b>It might take you a few days to fully install your system how you like, depending on how much you need to read. Patience is key,
- especially for new users</b>.
- </p>
-
- <p>
- The Arch wiki will sometimes use bad language, such as calling the whole system Linux, using the term open-source (or closed-source),
- and it will sometimes recommend the use of proprietary software. You need to be careful about this when reading anything on the
- Arch wiki.
- </p>
-
- <p>
- Some of these steps require internet access. I'll go into networking later but for now, I just connected
- my machine to a switch and did:<br/>
- # <b>systemctl start dhcpcd.service</b><br/>
- You can stop it later by running:<br/>
- # <b>systemctl stop dhcpcd.service</b><br/>
- For most people this should be enough, but if you don't have DHCP on your network then you should setup your network connection first:<br/>
- <a href="#network">Setup network connection in Parabola</a>
- </p>
-
-<hr/>
-
- <h2 id="pacman_configure">Configure pacman</h2>
+ <p>
+ Post-installation configuration steps for Parabola GNU/Linux-libre. Parabola is extremely flexible; this is just an example.
+ </p>
+ <p>
+ <a href="index.html">Back to previous index</a>
+ </p>
+ </div>
+
+ <div class="section">
+
+ <h1>Table of Contents</h1>
+ <ul>
+ <li>
+ <a href="#pacman_configure">Configuring pacman</a>
+ <ul>
+ <li><a href="#pacman_update">Updating Parabola</a></li>
+ <li>
+ <a href="#pacman_maintain">Maintaining Parabola during system updates</a>
+ <ul>
+ <li><a href="#pacman_cacheclean">Clearing package cache after updating</a></li>
+ <li><a href="#pacman_commandequiv">Pacman command equivalents (compared to other package managers)</a></li>
+ </ul>
+ </li>
+ <li><a href="#yourfreedom">your-freedom</a></li>
+ </ul>
+ </li>
+ <li><a href="#useradd">Add a user account</a></li>
+ <li><a href="#systemd">System D</a></li>
+ <li><a href="#interesting_repos">Interesting repositories</a></li>
+ <li>
+ <a href="#network">Setup a network connection in Parabola</a>
+ <ul>
+ <li><a href="#network_hostname">Setting hostname</a></li>
+ <li><a href="#network_status">Network status</a></li>
+ <li><a href="#network_devicenames">Network interface names</a></li>
+ <li><a href="#network_setup">Network setup</a></li>
+ </ul>
+ </li>
+ <li><a href="#system_maintain">System maintenance</a> - important!</li>
+ <li>
+ <a href="#desktop">Configuring the desktop</a>
+ <ul>
+ <li><a href="#desktop_xorg">Install Xorg</a></li>
+ <li><a href="#desktop_kblayout">Xorg keyboard layout</a></li>
+ <li><a href="#desktop_lxde">Install LXDE</a></li>
+ <li><a href="#lxde_clock">LXDE - clock</a></li>
+ <li><a href="#lxde_font">LXDE - font</a></li>
+ <li><a href="#lxde_screenlock">LXDE - screenlock</a></li>
+ <li><a href="#lxde_automount">LXDE - automounting</a></li>
+ <li><a href="#lxde_suspend">LXDE - disable suspend</a></li>
+ <li><a href="#lxde_battery">LXDE - battery monitor</a></li>
+ <li><a href="#lxde_network">LXDE - network manager</a></li>
+ </ul>
+ </li>
+ </ul>
+
+ </div>
+
+ <div class="section">
+
+ <p>
+ While not strictly related to the libreboot project, this guide
+ is intended to be useful for those interested in installing
+ Parabola on their libreboot machine.
+ </p>
+
+ <p>
+ It details configuration steps that I took after installing the base system,
+ as a follow up to <a href="encrypted_parabola.html">encrypted_parabola.html</a>.
+ This guide is likely to become obsolete at a later date (due to the volatile
+ 'rolling-release' model that Arch/Parabola both use), but attempts will be made to maintain it.
+ </p>
+
+ <p>
+ <b>
+ This guide was valid on 2014-09-21. If you see any changes that should to be made at the present date, please get in touch
+ with the libreboot project!
+ </b>
+ </p>
+
+ </div>
+
+ <div class="section">
+
+ <p>
+ You do not necessarily have to follow this guide word-for-word; <i>parabola</i> is extremely flexible.
+ The aim here is to provide a common setup that most users will be happy with. While Parabola
+ can seem daunting at first glance (especially for new GNU/Linux users), with a simple guide it can provide
+ all the same usability as Trisquel, without hiding any details from the user.
+ </p>
+
+ <p>
+ Paradoxically, as you get more advanced Parabola can actually become <i>easier to use</i>
+ when you want to set up your machine in a special way compared to what most distributions provide.
+ You will find over time that other distributions tend to <i>get in your way</i>.
+ </p>
+
+ </div>
+
+ <div class="section">
+
+ <p>
+ <b>
+ This guide assumes that you already have Parabola installed. If you have not yet installed Parabola,
+ then <a href="encrypted_parabola.html">this guide</a> is highly recommended!
+ </b>
+ </p>
+
<p>
- pacman (<b>pac</b>kage <b>man</b>ager) is the name of the package management system in Arch, which Parabola
- (as a deblobbed parallel effort) also uses. Like with 'apt-get' on debian-based systems like Trisquel,
- this can be used to add/remove and update the software on your computer.
+ A lot of the steps in this guide will refer to the Arch wiki. Arch is the upstream distribution that Parabola uses.
+ Most of this guide will also tell you to read wiki articles, other pages, manuals, and so on. In general it tries
+ to cherry pick the most useful information but nonetheless you are encouraged to learn as much as possible.
+ <b>It might take you a few days to fully install your system how you like, depending on how much you need to read. Patience is key,
+ especially for new users</b>.
</p>
+
<p>
- Based on <a href="https://wiki.parabolagnulinux.org/Installation_Guide#Configure_pacman">https://wiki.parabolagnulinux.org/Installation_Guide#Configure_pacman</a>
- and from reading <a href="https://wiki.archlinux.org/index.php/Pacman">https://wiki.archlinux.org/index.php/Pacman</a> (make sure to read and understand this,
- it's very important) and
- <a href="https://wiki.parabolagnulinux.org/Official_Repositories">https://wiki.parabolagnulinux.org/Official_Repositories</a>
+ The Arch wiki will sometimes use bad language, such as calling the whole system Linux, using the term open-source (or closed-source),
+ and it will sometimes recommend the use of proprietary software. You need to be careful about this when reading anything on the
+ Arch wiki.
</p>
+
+ </div>
+
+ <div class="section">
+
<p>
- <a href="#pagetop">Back to top of page.</a>
+ Some of these steps require internet access. I'll go into networking later but for now, I just connected
+ my machine to a switch and did:<br/>
+ # <b>systemctl start dhcpcd.service</b><br/>
+ You can stop it later by running:<br/>
+ # <b>systemctl stop dhcpcd.service</b><br/>
+ For most people this should be enough, but if you don't have DHCP on your network then you should setup your network connection first:<br/>
+ <a href="#network">Setup network connection in Parabola</a>
</p>
- <h3 id="pacman_update">Updating Parabola</h3>
+
+ </div>
+
+ <div class="section">
+
+ <h2 id="pacman_configure">Configure pacman</h2>
+ <p>
+ pacman (<b>pac</b>kage <b>man</b>ager) is the name of the package management system in Arch, which Parabola
+ (as a deblobbed parallel effort) also uses. Like with 'apt-get' on debian-based systems like Trisquel,
+ this can be used to add/remove and update the software on your computer.
+ </p>
+ <p>
+ Based on <a href="https://wiki.parabolagnulinux.org/Installation_Guide#Configure_pacman">https://wiki.parabolagnulinux.org/Installation_Guide#Configure_pacman</a>
+ and from reading <a href="https://wiki.archlinux.org/index.php/Pacman">https://wiki.archlinux.org/index.php/Pacman</a> (make sure to read and understand this,
+ it's very important) and
+ <a href="https://wiki.parabolagnulinux.org/Official_Repositories">https://wiki.parabolagnulinux.org/Official_Repositories</a>
+ </p>
+ <p>
+ <a href="#pagetop">Back to top of page.</a>
+ </p>
+
+ </div>
+
+ <div class="section">
+
+ <h2 id="pacman_update">Updating Parabola</h2>
<p>
In the end, I didn't change my configuration for pacman. When you are updating, resync with the latest package names/versions:<br/>
# <b>pacman -Syy</b><br/>
@@ -191,7 +217,12 @@
<p>
<a href="#pagetop">Back to top of page.</a>
</p>
- <h3 id="pacman_maintain">Maintaining Parabola</h3>
+
+ </div>
+
+ <div class="section">
+
+ <h2 id="pacman_maintain">Maintaining Parabola</h2>
<p>
Parabola is a very simple distro, in the sense that you are in full control
and everything is made transparent to you. One consequence is
@@ -202,7 +233,7 @@
<p>
<a href="#pagetop">Back to top of page.</a>
</p>
- <h4 id="pacman_cacheclean">Cleaning the package cache</h4>
+ <h3 id="pacman_cacheclean">Cleaning the package cache</h3>
<p>
<b>
The following is very important as you continue to use, update and maintain your Parabola system:<br/>
@@ -229,7 +260,7 @@
<p>
<a href="#pagetop">Back to top of page.</a>
</p>
- <h4 id="pacman_commandequiv">pacman command equivalents</h4>
+ <h3 id="pacman_commandequiv">pacman command equivalents</h3>
<p>
The following table lists other distro package manager commands, and their equivalent in pacman:<br/>
<a href="https://wiki.archlinux.org/index.php/Pacman_Rosetta">https://wiki.archlinux.org/index.php/Pacman_Rosetta</a>
@@ -237,8 +268,12 @@
<p>
<a href="#pagetop">Back to top of page.</a>
</p>
+
+ </div>
- <h3 id="yourfreedom">your-freedom</h3>
+ <div class="section">
+
+ <h2 id="yourfreedom">your-freedom</h2>
<p>
your-freedom is a package specific to Parabola, and it is installed by default. What it does is conflict with packages
from Arch that are known to be non-free (proprietary) software. When migrating from Arch (there is a guide on the Parabola
@@ -249,526 +284,565 @@
<p>
<a href="#pagetop">Back to top of page.</a>
</p>
+
+ </div>
-<hr/>
+ <div class="section">
- <h2 id="useradd">Add a user</h2>
- <p>
- Based on <a href="https://wiki.archlinux.org/index.php/Users_and_Groups">https://wiki.archlinux.org/index.php/Users_and_Groups</a>.
- </p>
- <p>
- It is important (for security reasons) to create and use a non-root (non-admin) user account for everyday use. The default 'root' account is intended
- only for critical administrative work, since it has complete access to the entire operating system.
- </p>
- <p>
- Read the entire document linked to above, and then continue.
- </p>
- <p>
- Add your user:<br/>
- # <b>useradd -m -G wheel -s /bin/bash <i>yourusername</i></b><br/>
- Set a password:<br/>
- # <b>passwd <i>yourusername</i></b>
- </p>
-
- <p><a href="#pagetop">Back to top of page</a></p>
-
-<hr/>
-
- <h2 id="systemd">systemd</h2>
- <p>
- This is the name of the system used for managing services in Parabola. It is a good idea to become familiar with it.
- Read <a href="https://wiki.archlinux.org/index.php/systemd">https://wiki.archlinux.org/index.php/systemd</a>
- and <a href="https://wiki.archlinux.org/index.php/systemd#Basic_systemctl_usage">https://wiki.archlinux.org/index.php/systemd#Basic_systemctl_usage</a>
- to gain a full understanding. <b>This is very important! Make sure to read them.</b>
- </p>
- <p>
- An example of a 'service' could be a webserver (such as lighttpd), or sshd (openssh), dhcp, etc. There are countless others.
- </p>
- <p>
- <a href="https://bbs.archlinux.org/viewtopic.php?pid=1149530#p1149530">https://bbs.archlinux.org/viewtopic.php?pid=1149530#p1149530</a> explains
- the background behind the decision by Arch (Parabola's upstream supplier) to use systemd.
- </p>
-
- <p>
- The manpage should also help:<br/>
- # <b>man systemd</b><br/>
- The section on 'unit types' is especially useful.
- </p>
-
- <p>
- According to the wiki, systemd 'journal' keeps logs of a size up to 10% of the total size your / partition takes up.
- on a 60GB root this would mean 6GB. That's not exactly practical, and can have performance implications later when the
- log gets too big. Based on instructions from the wiki, I will reduce the total size of the journal to 50MiB (the wiki
- recommends 50MiB).
- </p>
- <p>
- Open /etc/systemd/journald.conf and find the line that says:<br/>
- <i>#SystemMaxUse=</i><br/>
- Change it to say:<br/>
- <i>SystemMaxUse=50M</i>
- </p>
- <p>
- The wiki also recommended a method for forwarding journal output to TTY 12 (accessible by pressing ctrl+alt+f12,
- and you use ctrl+alt+[F1-F12] to switch between terminals). I decided not to enable it.
- </p>
- <p>
- Restart journald:<br/>
- # <b>systemctl restart systemd-journald</b>
- </p>
-
- <p>
- The wiki recommends that if the journal gets too large, you can also simply delete (rm -rf) everything inside /var/log/journald/*
- but recommends backing it up. This shouldn't be necessary, since you already set the size limit above and systemd will automatically
- start to delete older records when the journal size reaches it's limit (according to systemd developers).
- </p>
-
- <p>
- Finally, the wiki mentions 'temporary' files and the utility for managing them.<br/>
- # <b>man systemd-tmpfiles</b><br/>
- The command for 'clean' is:<br/>
- # <b>systemd-tmpfiles --clean</b><br/>
- According to the manpage, this <i>&quot;cleans all files and directories with an age parameter&quot;</i>.
- According to the Arch wiki, this reads information in /etc/tmpfiles.d/ and /usr/lib/tmpfiles.d/
- to know what actions to perform. Therefore, it is a good idea to read what's stored in these locations
- to get a better understanding.
- </p>
- <p>
- I looked in /etc/tmpfiles.d/ and found that it was empty on my system. However, /usr/lib/tmpfiles.d/ contained some files.
- The first one was etc.conf, containing information and a reference to this manpage:<br/>
- # <b>man tmpfiles.d</b><br/>
- Read that manpage, and then continue studying all the files.
- </p>
- <p>
- The systemd developers tell me that it isn't usually necessary to touch the systemd-tmpfiles utility manually at all.
- </p>
-
- <p><a href="#pagetop">Back to top of page</a></p>
-
-<hr/>
-
- <h2 id="interesting_repos">Interesting repositories</h2>
- <p>
- Parabola wiki at <a href="https://wiki.parabolagnulinux.org/Repositories#kernels">https://wiki.parabolagnulinux.org/Repositories#kernels</a>
- mentions about a repository called [kernels] for custom kernels that aren't in the default base. It might be worth looking into what is available
- there, depending on your use case.
- </p>
- <p>
- I enabled it on my system, to see what was in it. Edit /etc/pacman.conf and below the 'extra' section add:<br/>
- <i>
- [kernels]<br/>
- Include = /etc/pacman.d/mirrorlist
- </i>
- </p>
- <p>
- Now sync with the repository:<br/>
- # <b>pacman -Syy</b>
- </p>
- <p>
- List all available packages in this repository:<br/>
- # <b>pacman -Sl kernels</b>
- </p>
- <p>
- In the end, I decided not to install anything from it but I kept the repository enabled regardless.
- </p>
- <p><a href="#pagetop">Back to top of page.</a></p>
-
-<hr/>
-
- <h2 id="network">Setup a network connection in Parabola</h2>
- <p>
- Read <a href="https://wiki.archlinux.org/index.php/Configuring_Network">https://wiki.archlinux.org/index.php/Configuring_Network</a>.
- </p>
- <p>
- <a href="#pagetop">Back to top of page.</a>
- </p>
- <h3 id="network_hostname">Set the hostname</h3>
- <p>
- This should be the same as the hostname that you set in /etc/hostname when installing Parabola. You can also do it with systemd (do so now, if you like):<br/>
- # <b>hostnamectl set-hostname <i>yourhostname</i></b><br/>
- This writes the specified hostname to /etc/hostname. More information can be found in these manpages:<br/>
- # <b>man hostname</b><br/>
- # <b>info hostname</b><br/>
- # <b>man hostnamectl</b>
- </p>
- <p>
- Add the same hostname to /etc/hosts, on each line. Example:<br/>
- <i>
- 127.0.0.1 localhost.localdomain localhost <u>myhostname</u><br/>
- ::1 localhost.localdomain localhost <u>myhostname</u>
- </i>
- </p>
- <p>
- You'll note that I set both lines; the 2nd line is for IPv6. More and more ISPs are providing this now (mine does)
- so it's good to be forward-thinking here.
- </p>
- <p>
- The <i>hostname</i> utility is part of the <i>inetutils</i> package and is in core/, installed by default (as part of <i>base</i>).
- </p>
- <p>
- <a href="#pagetop">Back to top of page.</a>
- </p>
- <h3 id="network_status">Network Status</h3>
- <p>
- According to the Arch wiki, <a href="https://wiki.archlinux.org/index.php/Udev">udev</a> should already detect the ethernet chipset
- and load the driver for it automatically at boot time. You can check this in the <i>&quot;Ethernet controller&quot;</i> section
- when running this command:<br/>
- # <b>lspci -v</b>
- </p>
- <p>
- Look at the remaining sections <i>'Kernel driver in use'</i> and <i>'Kernel modules'</i>. In my case it was as follows:<br/>
- <i>
- Kernel driver in use: e1000e<br/>
- Kernel modules: e1000e
- </i>
- </p>
- <p>
- Check that the driver was loaded by issuing <i>dmesg | grep module_name</i>. In my case, I did:<br/>
- # <b>dmesg | grep e1000e</b>
- </p>
- <h3 id="network_devicenames">Network device names</h3>
+ <h2 id="useradd">Add a user</h2>
<p>
- According to <a href="https://wiki.archlinux.org/index.php/Configuring_Network#Device_names">https://wiki.archlinux.org/index.php/Configuring_Network#Device_names</a>,
- it is important to note that the old interface names like eth0, wlan0, wwan0 and so on no longer apply. Instead, <i>systemd</i>
- creates device names starting with en (for enternet), wl (for wifi) and ww (for wwan) with a fixed identifier that systemd automatically generates.
- An example device name for your ethernet chipset would be <i>enp0s25</i>, where it is never supposed to change.
+ Based on <a href="https://wiki.archlinux.org/index.php/Users_and_Groups">https://wiki.archlinux.org/index.php/Users_and_Groups</a>.
</p>
<p>
- If you want to enable the old names (eth0, wlan0, wwan0, etc), the Arch wiki recommends
- adding <i>net.ifnames=0</i> to your kernel parameters (in libreboot context, this would be accomplished by following the
- instructions in <a href="grub_cbfs.html">grub_cbfs.html</a>).
+ It is important (for security reasons) to create and use a non-root (non-admin) user account for everyday use. The default 'root' account is intended
+ only for critical administrative work, since it has complete access to the entire operating system.
</p>
<p>
- For background information,
- read <a href="http://www.freedesktop.org/wiki/Software/systemd/PredictableNetworkInterfaceNames/">Predictable Network Interface Names</a>
+ Read the entire document linked to above, and then continue.
</p>
<p>
- Show device names:<br/>
- # <b>ls /sys/class/net</b>
- </p>
- <p>
- Changing the device names is possible (I chose not to do it):<br/>
- <a href="https://wiki.archlinux.org/index.php/Configuring_Network#Change_device_name">https://wiki.archlinux.org/index.php/Configuring_Network#Change_device_name</a>
- </p>
- <p>
- <a href="#pagetop">Back to top of page.</a>
- </p>
- <h3 id="network_setup">Network setup</h3>
- <p>
- I actually chose to ignore most of Networking section on the wiki. Instead, I plan to set up LXDE desktop with the graphical
- network-manager client. Here is a list of network managers:<br/>
- <a href="https://wiki.archlinux.org/index.php/List_of_applications/Internet#Network_managers">https://wiki.archlinux.org/index.php/List_of_applications/Internet#Network_managers</a>.
- If you need to, set a static IP address (temporarily) using the networking guide and the Arch wiki, or start the dhcpcd service in systemd.
- NetworkManager will be setup later, after installing LXDE.
- </p>
- <p>
- <a href="#pagetop">Back to top of page.</a>
+ Add your user:<br/>
+ # <b>useradd -m -G wheel -s /bin/bash <i>yourusername</i></b><br/>
+ Set a password:<br/>
+ # <b>passwd <i>yourusername</i></b>
</p>
-<hr/>
+ <p><a href="#pagetop">Back to top of page</a></p>
+
+ </div>
- <h2 id="system_maintain">System Maintenance</h2>
- <p>
- Read <a href="https://wiki.archlinux.org/index.php/System_maintenance">https://wiki.archlinux.org/index.php/System_maintenance</a> before continuing.
- Also read <a href="https://wiki.archlinux.org/index.php/Enhance_system_stability">https://wiki.archlinux.org/index.php/Enhance_system_stability</a>.
- <b>This is important, so make sure to read them!</b>
- </p>
- <p>
- Install smartmontools (it can be used to check smart data. HDDs use non-free firmware inside, but it's transparent to you
- but the smart data comes from it. Therefore, don't rely on it too much):<br/>
- # <b>pacman -S smartmontools</b><br/>
- Read <a href="https://wiki.archlinux.org/index.php/S.M.A.R.T.">https://wiki.archlinux.org/index.php/S.M.A.R.T.</a> to learn how to use it.
- </p>
- <p>
- <a href="#pagetop">Back to top of page.</a>
- </p>
-
-<hr/>
-
- <h2 id="desktop">Configuring the desktop</h2>
- <p>
- Based on steps from
- <a href="https://wiki.archlinux.org/index.php/General_recommendations#Graphical_user_interface">General Recommendations</a> on the Arch wiki.
- The plan is to use LXDE and LXDM/LightDM, along with everything else that you would expect on other distributions that provide LXDE
- by default.
- </p>
- <p>
- <a href="#pagetop">Back to top of page.</a>
- </p>
+ <div class="section">
- <h3 id="desktop_xorg">Installing Xorg</h3>
- <p>
- Based on <a href="https://wiki.archlinux.org/index.php/Xorg">https://wiki.archlinux.org/index.php/Xorg</a>.
- </p>
- <p>
- Firstly, install it!<br/>
- # <b>pacman -S xorg-server</b><br/>
- I also recommend installing this (contains lots of useful tools, including <i>xrandr</i>):<br/>
- # <b>pacman -S xorg-server-utils</b>
- </p>
- <p>
- Install the driver. For me this was <i>xf86-video-intel</i> on the ThinkPad X60. T60 and macbook11/21 should be the same.<br/>
- # <b>pacman -S xf86-video-intel</b><br/>
- For other systems you can try:<br/>
- # <b>pacman -Ss xf86-video- | less</b><br/>
- Combined with looking at your <i>lspci</i> output, you can determine which driver is needed.
- By default, Xorg will revert to xf86-video-vesa which is a generic driver and doesn't provide true hardware acceleration.
- </p>
- <p>
- Other drivers (not just video) can be found by looking at the <i>xorg-drivers</i> group:<br/>
- # <b>pacman -Sg xorg-drivers</b><br/>
- </p>
+ <h2 id="systemd">systemd</h2>
<p>
- Mostly you will rely on a display manager, but in case you ever want to start X without one:<br/>
- # <b>pacman -S xorg-xinit</b>
+ This is the name of the system used for managing services in Parabola. It is a good idea to become familiar with it.
+ Read <a href="https://wiki.archlinux.org/index.php/systemd">https://wiki.archlinux.org/index.php/systemd</a>
+ and <a href="https://wiki.archlinux.org/index.php/systemd#Basic_systemctl_usage">https://wiki.archlinux.org/index.php/systemd#Basic_systemctl_usage</a>
+ to gain a full understanding. <b>This is very important! Make sure to read them.</b>
</p>
<p>
- &lt;optional&gt;<br/>
- &nbsp;&nbsp;&nbsp;Arch wiki recommends installing these, for testing that X works:<br/>
- &nbsp;&nbsp;&nbsp;# <b>pacman -S xorg-twm xorg-xclock xterm</b><br/>
- &nbsp;&nbsp;&nbsp;Refer to <a href="https://wiki.archlinux.org/index.php/Xinitrc">https://wiki.archlinux.org/index.php/Xinitrc</a>.
- and test X:<br/>
- &nbsp;&nbsp;&nbsp;# <b>startx</b><br/>
- &nbsp;&nbsp;&nbsp;When you are satisfied, type <b><i>exit</i></b> in xterm, inside the X session.<br/>
- &nbsp;&nbsp;&nbsp;Uninstall them (clutter. eww): # <b>pacman -S xorg-xinit xorg-twm xorg-xclock xterm</b><br/>
- &lt;/optional&gt;
+ An example of a 'service' could be a webserver (such as lighttpd), or sshd (openssh), dhcp, etc. There are countless others.
</p>
<p>
- <a href="#pagetop">Back to top of page.</a>
+ <a href="https://bbs.archlinux.org/viewtopic.php?pid=1149530#p1149530">https://bbs.archlinux.org/viewtopic.php?pid=1149530#p1149530</a> explains
+ the background behind the decision by Arch (Parabola's upstream supplier) to use systemd.
</p>
- <h3 id="desktop_kblayout">Xorg keyboard layout</h3>
- <p>
- Refer to <a href="https://wiki.archlinux.org/index.php/Keyboard_configuration_in_Xorg">https://wiki.archlinux.org/index.php/Keyboard_configuration_in_Xorg</a>.
- </p>
- <p>
- Xorg uses a different configuration method for keyboard layouts, so you will notice that the layout you
- set in /etc/vconsole.conf earlier might not actually be the same in X.
- </p>
- <p>
- To see what layout you currently use, try this on a terminal emulator in X:<br/>
- # <b>setxkbmap -print -verbose 10</b>
- </p>
- <p>
- In my case, I wanted to use the Dvorak (UK) keyboard which is quite different from Xorg's default Qwerty (US) layout.
- </p>
- <p>
- I'll just say it now: <i>XkbModel</i> can be <i>pc105</i> in this case (ThinkPad X60, with a 105-key UK keyboard).
- If you use an American keyboard (typically 104 keys) you will want to use <i>pc104</i>.
- </p>
- <p>
- <i>XkbLayout</i> in my case would be <i>gb</i>, and <i>XkbVariant</i> would be <i>dvorak</i>.
- </p>
- <p>
- The Arch wiki recommends two different methods for setting the keyboard layout:<br/>
- <a href="https://wiki.archlinux.org/index.php/Keyboard_configuration_in_Xorg#Using_X_configuration_files">https://wiki.archlinux.org/index.php/Keyboard_configuration_in_Xorg#Using_X_configuration_files</a> and<br/>
- <a href="https://wiki.archlinux.org/index.php/Keyboard_configuration_in_Xorg#Using_localectl">https://wiki.archlinux.org/index.php/Keyboard_configuration_in_Xorg#Using_localectl</a>.
- </p>
- <p>
- In my case, I chose to use the <i>configuration file</i> method:<br/>
- Create the file /etc/X11/xorg.conf.d/10-keyboard.conf and put this inside:<br/>
- <i>
- Section "InputClass"<br/>
- &nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;Identifier "system-keyboard"<br/>
- &nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;MatchIsKeyboard "on"<br/>
- &nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;Option "XkbLayout" "gb"<br/>
- &nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;Option "XkbModel" "pc105"<br/>
- &nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;Option "XkbVariant" "dvorak"<br/>
- EndSection
- </i>
- </p>
- <p>
- For you, the steps above may differ if you have a different layout. If you use a US Qwerty keyboard, then
- you don't even need to do anything (though it might help, for the sake of being explicit).
- </p>
<p>
- <a href="#pagetop">Back to top of page.</a>
+ The manpage should also help:<br/>
+ # <b>man systemd</b><br/>
+ The section on 'unit types' is especially useful.
</p>
- <h3 id="desktop_lxde">Install LXDE</h3>
- <p>
- Desktop choice isn't that important to me, so for simplicity I decided to use LXDE. It's lightweight
- and does everything that I need.
- If you would like to try something different, refer to
- <a href="https://wiki.archlinux.org/index.php/Desktop_environment">https://wiki.archlinux.org/index.php/Desktop_environment</a>
- </p>
<p>
- Refer to <a href="https://wiki.archlinux.org/index.php/LXDE">https://wiki.archlinux.org/index.php/LXDE</a>.
+ According to the wiki, systemd 'journal' keeps logs of a size up to 10% of the total size your / partition takes up.
+ on a 60GB root this would mean 6GB. That's not exactly practical, and can have performance implications later when the
+ log gets too big. Based on instructions from the wiki, I will reduce the total size of the journal to 50MiB (the wiki
+ recommends 50MiB).
</p>
<p>
- Install it, choosing 'all' when asked for the default package list:<br/>
- # <b>pacman -S lxde obconf</b>
+ Open /etc/systemd/journald.conf and find the line that says:<br/>
+ <i>#SystemMaxUse=</i><br/>
+ Change it to say:<br/>
+ <i>SystemMaxUse=50M</i>
</p>
<p>
- I didn't want the following, so I removed them:<br/>
- # <b>pacman -R lxmusic lxtask</b>
+ The wiki also recommended a method for forwarding journal output to TTY 12 (accessible by pressing ctrl+alt+f12,
+ and you use ctrl+alt+[F1-F12] to switch between terminals). I decided not to enable it.
</p>
<p>
- I also lazily installed all fonts:<br/>
- # <b>pacman -S $(pacman -Ssq ttf-)</b>
+ Restart journald:<br/>
+ # <b>systemctl restart systemd-journald</b>
</p>
+
<p>
- LXDE comes with a terminal. You probably want a browser to go with that; I choose GNU IceCat, part of the <i><a href="https://gnu.org/">GNU project</a></i>:<br/>
- # <b>pacman -S icecat</b><br/>
- And a mail client:<br/>
- # <b>pacman -S icedove</b>
+ The wiki recommends that if the journal gets too large, you can also simply delete (rm -rf) everything inside /var/log/journald/*
+ but recommends backing it up. This shouldn't be necessary, since you already set the size limit above and systemd will automatically
+ start to delete older records when the journal size reaches it's limit (according to systemd developers).
</p>
+
<p>
- In IceCat, go to <i>Preferences :: Advanced</i> and disable <i>GNU IceCat Health Report</i>.
+ Finally, the wiki mentions 'temporary' files and the utility for managing them.<br/>
+ # <b>man systemd-tmpfiles</b><br/>
+ The command for 'clean' is:<br/>
+ # <b>systemd-tmpfiles --clean</b><br/>
+ According to the manpage, this <i>&quot;cleans all files and directories with an age parameter&quot;</i>.
+ According to the Arch wiki, this reads information in /etc/tmpfiles.d/ and /usr/lib/tmpfiles.d/
+ to know what actions to perform. Therefore, it is a good idea to read what's stored in these locations
+ to get a better understanding.
</p>
<p>
- I also like to install these:<br/>
- # <b>pacman -S xsensors stress htop</b>
+ I looked in /etc/tmpfiles.d/ and found that it was empty on my system. However, /usr/lib/tmpfiles.d/ contained some files.
+ The first one was etc.conf, containing information and a reference to this manpage:<br/>
+ # <b>man tmpfiles.d</b><br/>
+ Read that manpage, and then continue studying all the files.
</p>
<p>
- Enable LXDM (the default display manager, providing a graphical login):<br/>
- # <b>systemctl enable lxdm.service</b><br/>
- It will start when you boot up the machine. To start it now, do:<br/>
- # <b>systemctl start lxdm.service</b>
+ The systemd developers tell me that it isn't usually necessary to touch the systemd-tmpfiles utility manually at all.
</p>
+
+ <p><a href="#pagetop">Back to top of page</a></p>
+
+ </div>
+
+ <div class="section">
+
+ <h2 id="interesting_repos">Interesting repositories</h2>
<p>
- Log in with your standard (non-root) user that you created earlier.
- It is advisable to also create an xinitrc rule in case you ever want to start lxde without lxdm.
- Read <a href="https://wiki.archlinux.org/index.php/Xinitrc">https://wiki.archlinux.org/index.php/Xinitrc</a>.
+ Parabola wiki at <a href="https://wiki.parabolagnulinux.org/Repositories#kernels">https://wiki.parabolagnulinux.org/Repositories#kernels</a>
+ mentions about a repository called [kernels] for custom kernels that aren't in the default base. It might be worth looking into what is available
+ there, depending on your use case.
</p>
<p>
- Open LXterminal:<br/>
- $ <b>cp /etc/skel/.xinitrc ~</b><br/>
- Open .xinitrc and add the following plus a line break at the bottom of the file.<br/>
+ I enabled it on my system, to see what was in it. Edit /etc/pacman.conf and below the 'extra' section add:<br/>
<i>
- # Probably not needed. The same locale info that we set before<br/>
- # Based on advice from the LXDE wiki
- export LC_ALL=en_GB.UTF-8<br/>
- export LANGUAGE=en_GB.UTF-8<br/>
- export LANG=en_GB.UTF-8<br/>
- <br/>
- # Start lxde desktop<br/>
- exec startlxde<br/>
+ [kernels]<br/>
+ Include = /etc/pacman.d/mirrorlist
</i>
- Now make sure that it is executable:<br/>
- $ <b>chmod +x .xinitrc</b>
</p>
<p>
- <a href="#pagetop">Back to top of page.</a>
+ Now sync with the repository:<br/>
+ # <b>pacman -Syy</b>
</p>
-
- <h3 id="lxde_clock">LXDE - clock</h3>
<p>
- In <b>Digital Clock Settings</b> (right click the clock) I set the Clock Format to <i>%Y/%m/%d %H:%M:%S</i>
+ List all available packages in this repository:<br/>
+ # <b>pacman -Sl kernels</b>
</p>
<p>
- <a href="#pagetop">Back to top of page.</a>
+ In the end, I decided not to install anything from it but I kept the repository enabled regardless.
</p>
+ <p><a href="#pagetop">Back to top of page.</a></p>
+
+ </div>
- <h3 id="lxde_font">LXDE - font</h3>
- <p>
- NOTE TO SELF: come back to this later.
- </p>
- <p>
- <a href="#pagetop">Back to top of page.</a>
- </p>
+ <div class="section">
- <h3 id="lxde_screenlock">LXDE - screenlock</h3>
- <p>
- Arch wiki recommends to use <i>xscreensaver</i>:<br/>
- # <b>pacman -S xscreensaver</b>
- </p>
+ <h2 id="network">Setup a network connection in Parabola</h2>
<p>
- Under <i>Preferences :: Screensaver</i> in the LXDE menu, I chose <i>Mode: Blank Screen Only</i>,
- setting <i>Blank After</i>, <i>Cycle After</i> and <i>Lock Screen After</i> (checked) to 10 minutes.
- </p>
- <p>
- You can now lock the screen with <i>Logout :: Lock Screen</i> in the LXDE menu.
+ Read <a href="https://wiki.archlinux.org/index.php/Configuring_Network">https://wiki.archlinux.org/index.php/Configuring_Network</a>.
</p>
<p>
<a href="#pagetop">Back to top of page.</a>
</p>
+ <h3 id="network_hostname">Set the hostname</h3>
+ <p>
+ This should be the same as the hostname that you set in /etc/hostname when installing Parabola. You can also do it with systemd (do so now, if you like):<br/>
+ # <b>hostnamectl set-hostname <i>yourhostname</i></b><br/>
+ This writes the specified hostname to /etc/hostname. More information can be found in these manpages:<br/>
+ # <b>man hostname</b><br/>
+ # <b>info hostname</b><br/>
+ # <b>man hostnamectl</b>
+ </p>
+ <p>
+ Add the same hostname to /etc/hosts, on each line. Example:<br/>
+ <i>
+ 127.0.0.1 localhost.localdomain localhost <u>myhostname</u><br/>
+ ::1 localhost.localdomain localhost <u>myhostname</u>
+ </i>
+ </p>
+ <p>
+ You'll note that I set both lines; the 2nd line is for IPv6. More and more ISPs are providing this now (mine does)
+ so it's good to be forward-thinking here.
+ </p>
+ <p>
+ The <i>hostname</i> utility is part of the <i>inetutils</i> package and is in core/, installed by default (as part of <i>base</i>).
+ </p>
+ <p>
+ <a href="#pagetop">Back to top of page.</a>
+ </p>
+ <h3 id="network_status">Network Status</h3>
+ <p>
+ According to the Arch wiki, <a href="https://wiki.archlinux.org/index.php/Udev">udev</a> should already detect the ethernet chipset
+ and load the driver for it automatically at boot time. You can check this in the <i>&quot;Ethernet controller&quot;</i> section
+ when running this command:<br/>
+ # <b>lspci -v</b>
+ </p>
+ <p>
+ Look at the remaining sections <i>'Kernel driver in use'</i> and <i>'Kernel modules'</i>. In my case it was as follows:<br/>
+ <i>
+ Kernel driver in use: e1000e<br/>
+ Kernel modules: e1000e
+ </i>
+ </p>
+ <p>
+ Check that the driver was loaded by issuing <i>dmesg | grep module_name</i>. In my case, I did:<br/>
+ # <b>dmesg | grep e1000e</b>
+ </p>
+ <h3 id="network_devicenames">Network device names</h3>
+ <p>
+ According to <a href="https://wiki.archlinux.org/index.php/Configuring_Network#Device_names">https://wiki.archlinux.org/index.php/Configuring_Network#Device_names</a>,
+ it is important to note that the old interface names like eth0, wlan0, wwan0 and so on no longer apply. Instead, <i>systemd</i>
+ creates device names starting with en (for enternet), wl (for wifi) and ww (for wwan) with a fixed identifier that systemd automatically generates.
+ An example device name for your ethernet chipset would be <i>enp0s25</i>, where it is never supposed to change.
+ </p>
+ <p>
+ If you want to enable the old names (eth0, wlan0, wwan0, etc), the Arch wiki recommends
+ adding <i>net.ifnames=0</i> to your kernel parameters (in libreboot context, this would be accomplished by following the
+ instructions in <a href="grub_cbfs.html">grub_cbfs.html</a>).
+ </p>
+ <p>
+ For background information,
+ read <a href="http://www.freedesktop.org/wiki/Software/systemd/PredictableNetworkInterfaceNames/">Predictable Network Interface Names</a>
+ </p>
+ <p>
+ Show device names:<br/>
+ # <b>ls /sys/class/net</b>
+ </p>
+ <p>
+ Changing the device names is possible (I chose not to do it):<br/>
+ <a href="https://wiki.archlinux.org/index.php/Configuring_Network#Change_device_name">https://wiki.archlinux.org/index.php/Configuring_Network#Change_device_name</a>
+ </p>
+ <p>
+ <a href="#pagetop">Back to top of page.</a>
+ </p>
+ <h3 id="network_setup">Network setup</h3>
+ <p>
+ I actually chose to ignore most of Networking section on the wiki. Instead, I plan to set up LXDE desktop with the graphical
+ network-manager client. Here is a list of network managers:<br/>
+ <a href="https://wiki.archlinux.org/index.php/List_of_applications/Internet#Network_managers">https://wiki.archlinux.org/index.php/List_of_applications/Internet#Network_managers</a>.
+ If you need to, set a static IP address (temporarily) using the networking guide and the Arch wiki, or start the dhcpcd service in systemd.
+ NetworkManager will be setup later, after installing LXDE.
+ </p>
+ <p>
+ <a href="#pagetop">Back to top of page.</a>
+ </p>
+
+ </div>
- <h3 id="lxde_automount">LXDE - automounting</h3>
- <p>
- Refer to <a href="https://wiki.archlinux.org/index.php/File_manager_functionality">https://wiki.archlinux.org/index.php/File_manager_functionality</a>.
- </p>
- <p>
- I chose to ignore this for now. NOTE TO SELF: come back to this later.
- </p>
- <p>
- <a href="#pagetop">Back to top of page.</a>
- </p>
- <h3 id="lxde_suspend">LXDE - disable suspend</h3>
- <p>
- When closing the laptop lid, the machine suspends. This is annoying at least to me.
- NOTE TO SELF: disable it, then document the steps here.
- </p>
+ <div class="section">
+
+ <h2 id="system_maintain">System Maintenance</h2>
<p>
- <a href="#pagetop">Back to top of page.</a>
+ Read <a href="https://wiki.archlinux.org/index.php/System_maintenance">https://wiki.archlinux.org/index.php/System_maintenance</a> before continuing.
+ Also read <a href="https://wiki.archlinux.org/index.php/Enhance_system_stability">https://wiki.archlinux.org/index.php/Enhance_system_stability</a>.
+ <b>This is important, so make sure to read them!</b>
</p>
- <h3 id="lxde_battery">LXDE - battery monitor</h3>
<p>
- Right click lxde panel and <i>Add/Remove Panel Items</i>. Click <i>Add</i> and select <i>Battery Monitor</i>, then click <i>Add</i>.
- Close and then right-click the applet and go to <i>Battery Monitor Settings</i>, check the box that says <i>Show Extended Information</i>.
- Now click <i>Close</i>. When you hover the cursor over it, it'll show information about the battery.
+ Install smartmontools (it can be used to check smart data. HDDs use non-free firmware inside, but it's transparent to you
+ but the smart data comes from it. Therefore, don't rely on it too much):<br/>
+ # <b>pacman -S smartmontools</b><br/>
+ Read <a href="https://wiki.archlinux.org/index.php/S.M.A.R.T.">https://wiki.archlinux.org/index.php/S.M.A.R.T.</a> to learn how to use it.
</p>
<p>
<a href="#pagetop">Back to top of page.</a>
</p>
- <h3 id="lxde_network">LXDE - Network Manager</h3>
- <p>
- Refer to <a href="https://wiki.archlinux.org/index.php/LXDE#Network_Management">https://wiki.archlinux.org/index.php/LXDE#Network_Management</a>.
- Then I read: <a href="https://wiki.archlinux.org/index.php/NetworkManager">https://wiki.archlinux.org/index.php/NetworkManager</a>.
- </p>
- <p>
- Install Network Manager:<br/>
- # <b>pacman -S networkmanager</b>
- </p>
- <p>
- You will also want the graphical applet:<br/>
- # <b>pacman -S network-manager-applet</b><br/>
- Arch wiki says that an autostart rule will be written at <i>/etc/xdg/autostart/nm-applet.desktop</i>
- </p>
- <p>
- I want to be able to use a VPN at some point, so the wiki tells me to do:<br/>
- # <b>pacman -S networkmanager-openvpn</b>
- </p>
- <p>
- LXDE uses openbox, so I refer to:<br/>
- <a href="https://wiki.archlinux.org/index.php/NetworkManager#Openbox">https://wiki.archlinux.org/index.php/NetworkManager#Openbox</a>.
- </p>
- <p>
- It tells me for the applet I need:<br/>
- # <b>pacman -S xfce4-notifyd gnome-icon-theme</b><br/>
- Also, for storing authentication details (wifi) I need:<br/>
- # <b>pacman -S gnome-keyring</b>
- </p>
- <p>
- I wanted to quickly enable networkmanager:<br/>
- # <b>systemctl stop dhcpcd</b><br/>
- # <b>systemctl start NetworkManager</b><br/>
- Enable NetworkManager at boot time:<br/>
- # <b>systemctl enable NetworkManager</b>
- </p>
- <p>
- Restart LXDE (log out, and then log back in).
- </p>
+
+ </div>
+
+ <div class="section">
+
+ <h2 id="desktop">Configuring the desktop</h2>
<p>
- I added the volume control applet to the panel (right click panel, and add a new applet).
- I also later changed the icons to use the gnome icon theme, in <i>lxappearance</i>.
+ Based on steps from
+ <a href="https://wiki.archlinux.org/index.php/General_recommendations#Graphical_user_interface">General Recommendations</a> on the Arch wiki.
+ The plan is to use LXDE and LXDM/LightDM, along with everything else that you would expect on other distributions that provide LXDE
+ by default.
</p>
<p>
<a href="#pagetop">Back to top of page.</a>
</p>
-<hr/>
+ <div class="subsection">
+ <h3 id="desktop_xorg">Installing Xorg</h3>
+ <p>
+ Based on <a href="https://wiki.archlinux.org/index.php/Xorg">https://wiki.archlinux.org/index.php/Xorg</a>.
+ </p>
+ <p>
+ Firstly, install it!<br/>
+ # <b>pacman -S xorg-server</b><br/>
+ I also recommend installing this (contains lots of useful tools, including <i>xrandr</i>):<br/>
+ # <b>pacman -S xorg-server-utils</b>
+ </p>
+ <p>
+ Install the driver. For me this was <i>xf86-video-intel</i> on the ThinkPad X60. T60 and macbook11/21 should be the same.<br/>
+ # <b>pacman -S xf86-video-intel</b><br/>
+ For other systems you can try:<br/>
+ # <b>pacman -Ss xf86-video- | less</b><br/>
+ Combined with looking at your <i>lspci</i> output, you can determine which driver is needed.
+ By default, Xorg will revert to xf86-video-vesa which is a generic driver and doesn't provide true hardware acceleration.
+ </p>
+ <p>
+ Other drivers (not just video) can be found by looking at the <i>xorg-drivers</i> group:<br/>
+ # <b>pacman -Sg xorg-drivers</b><br/>
+ </p>
+ <p>
+ Mostly you will rely on a display manager, but in case you ever want to start X without one:<br/>
+ # <b>pacman -S xorg-xinit</b>
+ </p>
+ <p>
+ &lt;optional&gt;<br/>
+ &nbsp;&nbsp;&nbsp;Arch wiki recommends installing these, for testing that X works:<br/>
+ &nbsp;&nbsp;&nbsp;# <b>pacman -S xorg-twm xorg-xclock xterm</b><br/>
+ &nbsp;&nbsp;&nbsp;Refer to <a href="https://wiki.archlinux.org/index.php/Xinitrc">https://wiki.archlinux.org/index.php/Xinitrc</a>.
+ and test X:<br/>
+ &nbsp;&nbsp;&nbsp;# <b>startx</b><br/>
+ &nbsp;&nbsp;&nbsp;When you are satisfied, type <b><i>exit</i></b> in xterm, inside the X session.<br/>
+ &nbsp;&nbsp;&nbsp;Uninstall them (clutter. eww): # <b>pacman -S xorg-xinit xorg-twm xorg-xclock xterm</b><br/>
+ &lt;/optional&gt;
+ </p>
+ <p>
+ <a href="#pagetop">Back to top of page.</a>
+ </p>
+ </div>
+
+ <div class="subsection">
+ <h3 id="desktop_kblayout">Xorg keyboard layout</h3>
+ <p>
+ Refer to <a href="https://wiki.archlinux.org/index.php/Keyboard_configuration_in_Xorg">https://wiki.archlinux.org/index.php/Keyboard_configuration_in_Xorg</a>.
+ </p>
+ <p>
+ Xorg uses a different configuration method for keyboard layouts, so you will notice that the layout you
+ set in /etc/vconsole.conf earlier might not actually be the same in X.
+ </p>
+ <p>
+ To see what layout you currently use, try this on a terminal emulator in X:<br/>
+ # <b>setxkbmap -print -verbose 10</b>
+ </p>
+ <p>
+ In my case, I wanted to use the Dvorak (UK) keyboard which is quite different from Xorg's default Qwerty (US) layout.
+ </p>
+ <p>
+ I'll just say it now: <i>XkbModel</i> can be <i>pc105</i> in this case (ThinkPad X60, with a 105-key UK keyboard).
+ If you use an American keyboard (typically 104 keys) you will want to use <i>pc104</i>.
+ </p>
+ <p>
+ <i>XkbLayout</i> in my case would be <i>gb</i>, and <i>XkbVariant</i> would be <i>dvorak</i>.
+ </p>
+ <p>
+ The Arch wiki recommends two different methods for setting the keyboard layout:<br/>
+ <a href="https://wiki.archlinux.org/index.php/Keyboard_configuration_in_Xorg#Using_X_configuration_files">https://wiki.archlinux.org/index.php/Keyboard_configuration_in_Xorg#Using_X_configuration_files</a> and<br/>
+ <a href="https://wiki.archlinux.org/index.php/Keyboard_configuration_in_Xorg#Using_localectl">https://wiki.archlinux.org/index.php/Keyboard_configuration_in_Xorg#Using_localectl</a>.
+ </p>
+ <p>
+ In my case, I chose to use the <i>configuration file</i> method:<br/>
+ Create the file /etc/X11/xorg.conf.d/10-keyboard.conf and put this inside:<br/>
+ <i>
+ Section "InputClass"<br/>
+ &nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;Identifier "system-keyboard"<br/>
+ &nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;MatchIsKeyboard "on"<br/>
+ &nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;Option "XkbLayout" "gb"<br/>
+ &nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;Option "XkbModel" "pc105"<br/>
+ &nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;Option "XkbVariant" "dvorak"<br/>
+ EndSection
+ </i>
+ </p>
+ <p>
+ For you, the steps above may differ if you have a different layout. If you use a US Qwerty keyboard, then
+ you don't even need to do anything (though it might help, for the sake of being explicit).
+ </p>
+ <p>
+ <a href="#pagetop">Back to top of page.</a>
+ </p>
+ </div>
+
+ <div class="subsection">
+ <h3 id="desktop_lxde">Install LXDE</h3>
+ <p>
+ Desktop choice isn't that important to me, so for simplicity I decided to use LXDE. It's lightweight
+ and does everything that I need.
+ If you would like to try something different, refer to
+ <a href="https://wiki.archlinux.org/index.php/Desktop_environment">https://wiki.archlinux.org/index.php/Desktop_environment</a>
+ </p>
+ <p>
+ Refer to <a href="https://wiki.archlinux.org/index.php/LXDE">https://wiki.archlinux.org/index.php/LXDE</a>.
+ </p>
+ <p>
+ Install it, choosing 'all' when asked for the default package list:<br/>
+ # <b>pacman -S lxde obconf</b>
+ </p>
+ <p>
+ I didn't want the following, so I removed them:<br/>
+ # <b>pacman -R lxmusic lxtask</b>
+ </p>
+ <p>
+ I also lazily installed all fonts:<br/>
+ # <b>pacman -S $(pacman -Ssq ttf-)</b>
+ </p>
+ <p>
+ LXDE comes with a terminal. You probably want a browser to go with that; I choose GNU IceCat, part of the <i><a href="https://gnu.org/">GNU project</a></i>:<br/>
+ # <b>pacman -S icecat</b><br/>
+ And a mail client:<br/>
+ # <b>pacman -S icedove</b>
+ </p>
+ <p>
+ In IceCat, go to <i>Preferences :: Advanced</i> and disable <i>GNU IceCat Health Report</i>.
+ </p>
+ <p>
+ I also like to install these:<br/>
+ # <b>pacman -S xsensors stress htop</b>
+ </p>
+ <p>
+ Enable LXDM (the default display manager, providing a graphical login):<br/>
+ # <b>systemctl enable lxdm.service</b><br/>
+ It will start when you boot up the machine. To start it now, do:<br/>
+ # <b>systemctl start lxdm.service</b>
+ </p>
+ <p>
+ Log in with your standard (non-root) user that you created earlier.
+ It is advisable to also create an xinitrc rule in case you ever want to start lxde without lxdm.
+ Read <a href="https://wiki.archlinux.org/index.php/Xinitrc">https://wiki.archlinux.org/index.php/Xinitrc</a>.
+ </p>
+ <p>
+ Open LXterminal:<br/>
+ $ <b>cp /etc/skel/.xinitrc ~</b><br/>
+ Open .xinitrc and add the following plus a line break at the bottom of the file.<br/>
+ <i>
+ # Probably not needed. The same locale info that we set before<br/>
+ # Based on advice from the LXDE wiki
+ export LC_ALL=en_GB.UTF-8<br/>
+ export LANGUAGE=en_GB.UTF-8<br/>
+ export LANG=en_GB.UTF-8<br/>
+ <br/>
+ # Start lxde desktop<br/>
+ exec startlxde<br/>
+ </i>
+ Now make sure that it is executable:<br/>
+ $ <b>chmod +x .xinitrc</b>
+ </p>
+ <p>
+ <a href="#pagetop">Back to top of page.</a>
+ </p>
+ </div>
+
+ <div class="subsection">
+ <h3 id="lxde_clock">LXDE - clock</h3>
+ <p>
+ In <b>Digital Clock Settings</b> (right click the clock) I set the Clock Format to <i>%Y/%m/%d %H:%M:%S</i>
+ </p>
+ <p>
+ <a href="#pagetop">Back to top of page.</a>
+ </p>
+ </div>
+
+ <div class="subsection">
+ <h3 id="lxde_font">LXDE - font</h3>
+ <p>
+ NOTE TO SELF: come back to this later.
+ </p>
+ <p>
+ <a href="#pagetop">Back to top of page.</a>
+ </p>
+ </div>
+
+ <div class="subsection">
+ <h3 id="lxde_screenlock">LXDE - screenlock</h3>
+ <p>
+ Arch wiki recommends to use <i>xscreensaver</i>:<br/>
+ # <b>pacman -S xscreensaver</b>
+ </p>
+ <p>
+ Under <i>Preferences :: Screensaver</i> in the LXDE menu, I chose <i>Mode: Blank Screen Only</i>,
+ setting <i>Blank After</i>, <i>Cycle After</i> and <i>Lock Screen After</i> (checked) to 10 minutes.
+ </p>
+ <p>
+ You can now lock the screen with <i>Logout :: Lock Screen</i> in the LXDE menu.
+ </p>
+ <p>
+ <a href="#pagetop">Back to top of page.</a>
+ </p>
+ </div>
+
+ <div class="subsection">
+ <h3 id="lxde_automount">LXDE - automounting</h3>
+ <p>
+ Refer to <a href="https://wiki.archlinux.org/index.php/File_manager_functionality">https://wiki.archlinux.org/index.php/File_manager_functionality</a>.
+ </p>
+ <p>
+ I chose to ignore this for now. NOTE TO SELF: come back to this later.
+ </p>
+ <p>
+ <a href="#pagetop">Back to top of page.</a>
+ </p>
+ </div>
+
+ <div class="subsection">
+ <h3 id="lxde_suspend">LXDE - disable suspend</h3>
+ <p>
+ When closing the laptop lid, the machine suspends. This is annoying at least to me.
+ NOTE TO SELF: disable it, then document the steps here.
+ </p>
+ <p>
+ <a href="#pagetop">Back to top of page.</a>
+ </p>
+ </div>
+
+ <div class="subsection">
+ <h3 id="lxde_battery">LXDE - battery monitor</h3>
+ <p>
+ Right click lxde panel and <i>Add/Remove Panel Items</i>. Click <i>Add</i> and select <i>Battery Monitor</i>, then click <i>Add</i>.
+ Close and then right-click the applet and go to <i>Battery Monitor Settings</i>, check the box that says <i>Show Extended Information</i>.
+ Now click <i>Close</i>. When you hover the cursor over it, it'll show information about the battery.
+ </p>
+ <p>
+ <a href="#pagetop">Back to top of page.</a>
+ </p>
+ </div>
+
+ <div class="subsection">
+ <h3 id="lxde_network">LXDE - Network Manager</h3>
+ <p>
+ Refer to <a href="https://wiki.archlinux.org/index.php/LXDE#Network_Management">https://wiki.archlinux.org/index.php/LXDE#Network_Management</a>.
+ Then I read: <a href="https://wiki.archlinux.org/index.php/NetworkManager">https://wiki.archlinux.org/index.php/NetworkManager</a>.
+ </p>
+ <p>
+ Install Network Manager:<br/>
+ # <b>pacman -S networkmanager</b>
+ </p>
+ <p>
+ You will also want the graphical applet:<br/>
+ # <b>pacman -S network-manager-applet</b><br/>
+ Arch wiki says that an autostart rule will be written at <i>/etc/xdg/autostart/nm-applet.desktop</i>
+ </p>
+ <p>
+ I want to be able to use a VPN at some point, so the wiki tells me to do:<br/>
+ # <b>pacman -S networkmanager-openvpn</b>
+ </p>
+ <p>
+ LXDE uses openbox, so I refer to:<br/>
+ <a href="https://wiki.archlinux.org/index.php/NetworkManager#Openbox">https://wiki.archlinux.org/index.php/NetworkManager#Openbox</a>.
+ </p>
+ <p>
+ It tells me for the applet I need:<br/>
+ # <b>pacman -S xfce4-notifyd gnome-icon-theme</b><br/>
+ Also, for storing authentication details (wifi) I need:<br/>
+ # <b>pacman -S gnome-keyring</b>
+ </p>
+ <p>
+ I wanted to quickly enable networkmanager:<br/>
+ # <b>systemctl stop dhcpcd</b><br/>
+ # <b>systemctl start NetworkManager</b><br/>
+ Enable NetworkManager at boot time:<br/>
+ # <b>systemctl enable NetworkManager</b>
+ </p>
+ <p>
+ Restart LXDE (log out, and then log back in).
+ </p>
+ <p>
+ I added the volume control applet to the panel (right click panel, and add a new applet).
+ I also later changed the icons to use the gnome icon theme, in <i>lxappearance</i>.
+ </p>
+ <p>
+ <a href="#pagetop">Back to top of page.</a>
+ </p>
+ </div>
+
+ </div>
+
+ <div class="section">
- <p>
- Copyright &copy; 2014 Francis Rowe &lt;info@gluglug.org.uk&gt;<br/>
- This document is released under the Creative Commons Attribution-ShareAlike 4.0 International Public License and all future versions.
- A copy of the license can be found at <a href="../license.txt">../license.txt</a>.
- </p>
+ <p>
+ Copyright &copy; 2014, 2015 Francis Rowe &lt;info@gluglug.org.uk&gt;<br/>
+ This document is released under the Creative Commons Attribution-ShareAlike 4.0 International Public License and all future versions.
+ A copy of the license can be found at <a href="../license.txt">../license.txt</a>.
+ </p>
- <p>
- This document is distributed in the hope that it will be useful,
- but WITHOUT ANY WARRANTY; without even the implied warranty of
- MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See <a href="../license.txt">../license.txt</a> for more information.
- </p>
+ <p>
+ This document is distributed in the hope that it will be useful,
+ but WITHOUT ANY WARRANTY; without even the implied warranty of
+ MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See <a href="../license.txt">../license.txt</a> for more information.
+ </p>
+
+ </div>
</body>
</html>
diff --git a/docs/gnulinux/encrypted_parabola.html b/docs/gnulinux/encrypted_parabola.html
index a48e489..85cb6ce 100644
--- a/docs/gnulinux/encrypted_parabola.html
+++ b/docs/gnulinux/encrypted_parabola.html
@@ -12,262 +12,293 @@
</head>
<body>
- <header>
+ <div class="section">
<h1>Installing Parabola GNU/Linux with full disk encryption (including /boot)</h1>
- <aside>Or <a href="index.html">back to main index</a></aside>
- </header>
-
- <p>
- Libreboot uses the GRUB <a href="http://www.coreboot.org/Payloads#GRUB_2">payload</a>
- by default, which means that the GRUB configuration file
- (where your GRUB menu comes from) is stored directly alongside libreboot
- and it's GRUB payload executable, inside
- the flash chip. In context, this means that installing distributions and managing them
- is handled slightly differently compared to traditional BIOS systems.
- </p>
-
- <p>
- On most systems, the /boot partition has to be left unencrypted while the others are encrypted.
- This is so that GRUB, and therefore the kernel, can be loaded and executed since the firmware
- can't open a LUKS volume. Not so with libreboot! Since GRUB is already included directly as a
- payload, even /boot can be encrypted. This protects /boot from tampering by someone with physical
- access to the machine.
- </p>
-
- <p>
- Boot Parabola's install environment. <a href="grub_boot_installer.html">How to boot a GNU/Linux installer</a>.
- </p>
-
- <p>
- For this guide I used the 2013 09 01 image to boot the live installer and install the system.
- </p>
-
- <p>
- Parabola is much more flexible than Trisquel, but also more involved to set up.
- </p>
-
- <p>
- Firstly if you use an SSD, beware there are issues with TRIM (not enabled through luks) and security issues if you do enable it.
- See <a href="https://wiki.archlinux.org/index.php/Dm-crypt/Specialties#Discard.2FTRIM_support_for_solid_state_drives_.28SSD.29">this page</a>
- for more info.
- </p>
-
- <p>
- <b>If you are using an SSD for this, make sure it's brand-new (or barely used). Or, otherwise, be sure that it never previously
- contained plaintext copies of your data.</b>
- </p>
-
- <p>
- Wipe the MBR (if you use MBR):<br/>
- # <b>lsblk</b><br/>
- Your HDD is probably /dev/sda:
- # <b>dd if=/dev/zero of=/dev/sda bs=446 count=1; sync</b><br/>
- Never use SeaBIOS! The MBR section can easily be changed with malicious code, which SeaBIOS will blindly execute.
- This guide is for libreboot with GRUB-as-payload only.
- </p>
-
- <p>
- Securely wipe the drive:<br/>
- # <b>dd if=/dev/urandom of=/dev/sda; sync</b><br/>
- NOTE: If you have an SSD, only do this the first time. If it was already LUKS-encrypted before,
- use the info below to wipe the LUKS header. Also, check online for your SSD what the recommended
- erase block size is. For example if it was 2MiB:<br/>
- # <b>dd if=/dev/urandom of=/dev/sda bs=2M; sync</b>
- </p>
- <p>
- If your drive was already LUKS encrypted (maybe you are re-installing your distro) then
- it is already 'wiped'. You should just wipe the LUKS header.
- <a href="https://www.lisenet.com/2013/luks-add-keys-backup-and-restore-volume-header/">https://www.lisenet.com/2013/luks-add-keys-backup-and-restore-volume-header/</a>
- showed me how to do this. It recommends doing the first 3MiB. Now, that guide is recommending putting zero there. I'm doing to use urandom. Do this:<br/>
- # <b>head -c 3145728 /dev/urandom &gt; /dev/sda; sync</b><br/>
- (wiping the LUKS header is important, since it has hashed passphrases and so on. It's 'secure', but 'potentially' a risk).
- </p>
- <p>
- <b>
- If you do plan to use an SSD, make sure to read
- <a href="https://wiki.archlinux.org/index.php/Solid_State_Drives">https://wiki.archlinux.org/index.php/Solid_State_Drives</a><br/>
- Edit /etc/fstab later on when chrooted into your install. Also, read the whole article and keep all points in mind, adapting
- them for this guide.
- </b>
- </p>
-
- <p>
- This guide will go through the installation steps taken at the time of writing, which may or may not change due to
- the volatile nature of Parabola (it changes all the time). In general most of it should remain the same. If you spot mistakes,
- please say so! This guide will be ported to the Parabola wiki at a later date. For up to date Parabola install guide, go to
- the Parabola wiki. This guide essentially cherry picks the useful information (valid at the time of writing: 2014-09-15).
- </p>
-
- <h2>
- Change keyboard layout
- </h2>
- <p>
- Parabola live shell assumes US Qwerty. If you have something different, use:<br/>
- # <b>loadkeys LAYOUT</b><br/>
- For me, LAYOUT would have been dvorak-uk.
- </p>
+ <p>
+ Libreboot uses the GRUB <a href="http://www.coreboot.org/Payloads#GRUB_2">payload</a>
+ by default, which means that the GRUB configuration file
+ (where your GRUB menu comes from) is stored directly alongside libreboot
+ and it's GRUB payload executable, inside
+ the flash chip. In context, this means that installing distributions and managing them
+ is handled slightly differently compared to traditional BIOS systems.
+ </p>
- <h2>Getting started</h2>
- <p>
- The beginning is based on <a href="https://wiki.parabolagnulinux.org/Installation_Guide">https://wiki.parabolagnulinux.org/Installation_Guide</a>.
- Then I referred to <a href="https://wiki.archlinux.org/index.php/Partitioning">https://wiki.archlinux.org/index.php/Partitioning</a> at first.
- </p>
+ <p>
+ On most systems, the /boot partition has to be left unencrypted while the others are encrypted.
+ This is so that GRUB, and therefore the kernel, can be loaded and executed since the firmware
+ can't open a LUKS volume. Not so with libreboot! Since GRUB is already included directly as a
+ payload, even /boot can be encrypted. This protects /boot from tampering by someone with physical
+ access to the machine.
+ </p>
+ <p>
+ <a href="index.html">Back to previous index</a>
+ </p>
+ </div>
- <h2>dm-mod</h2>
+ <div class="section">
+
<p>
- device-mapper will be used - a lot. Make sure that the kernel module is loaded:<br/>
- # <b>modprobe dm-mod</b>
+ Boot Parabola's install environment. <a href="grub_boot_installer.html">How to boot a GNU/Linux installer</a>.
</p>
- <h2>Create LUKS partition</h2>
- <p>
- I am using MBR partitioning, so I use cfdisk:<br/>
- # <b>cfdisk /dev/sda</b>
- </p>
- <p>
- I create a single large sda1 filling the whole drive, leaving it as the default type 'Linux' (83).
- </p>
<p>
- Now I refer to <a href="https://wiki.archlinux.org/index.php/Dm-crypt/Drive_preparation#Partitioning">https://wiki.archlinux.org/index.php/Dm-crypt/Drive_preparation#Partitioning</a>:<br/>
- I am then directed to <a href="https://wiki.archlinux.org/index.php/Dm-crypt/Device_encryption">https://wiki.archlinux.org/index.php/Dm-crypt/Device_encryption</a>.
+ For this guide I used the 2013 09 01 image to boot the live installer and install the system.
</p>
+
<p>
- Parabola forces you to RTFM.
- </p>
- <p>
- It tells me to run:<br/>
- # <b>cryptsetup benchmark</b> (for making sure the list below is populated)<br/>
- Then:<br/>
- # <b>cat /proc/crypto</b><br/>
- This gives me crypto options that I can use. It also provides a representation of the best way to set up LUKS (in this case, security is a priority; speed, a distant second).
- To gain a better understanding, I am also reading:<br/>
- # <b>man cryptsetup</b>
- </p>
- <p>
- Following that page, based on my requirements, I do the following based on <a href="https://wiki.archlinux.org/index.php/Dm-crypt/Device_encryption#Encryption_options_for_LUKS_mode">https://wiki.archlinux.org/index.php/Dm-crypt/Device_encryption#Encryption_options_for_LUKS_mode</a>.
- Reading through, it seems like Serpent (encryption) and Whirlpool (hash) is the best option.
- </p>
- <p>
- I am initializing LUKS with the following:<br/>
- # <b>cryptsetup -v --cipher serpent-xts-plain64 --key-size 512 --hash whirlpool --use-random --verify-passphrase luksFormat /dev/sda1</b>
- -- choose a <b>secure</b> passphrase here. Ideally lots of lowercase/uppercase numbers, letters, symbols etc all in a random pattern. The password
- length should be as long as you are able to handle without writing it down or storing it anywhere. Ideally, 100 characters or more.
- It might take you a while to memorize a long passphrase before beginning this step.
+ This guide will go through the installation steps taken at the time of writing, which may or may not change due to
+ the volatile nature of Parabola (it changes all the time). In general most of it should remain the same. If you spot mistakes,
+ please say so! This guide will be ported to the Parabola wiki at a later date. For up to date Parabola install guide, go to
+ the Parabola wiki. This guide essentially cherry picks the useful information (valid at the time of writing: 2014-09-15).
</p>
+
+ </div>
- <h2>Create LVM</h2>
- <p>
- Now I refer to <a href="https://wiki.archlinux.org/index.php/LVM">https://wiki.archlinux.org/index.php/LVM</a>.
- </p>
+ <div class="section">
+
<p>
- Open the LUKS partition:<br/>
- # <b>cryptsetup open --type luks /dev/sda1 lvm</b><br/>
- (it will be available at /dev/mapper/lvm)<br/>
- I'm told that the above is old syntax, which is what I did anyway. You could also try:<br/>
- # <b>cryptsetup luksOpen /dev/sda1 lvm</b>
- </p>
- <p>
- Create LVM partition:<br/>
- # <b>pvcreate /dev/mapper/lvm</b><br/>
- Show that you just created it:<br/>
- # <b>pvdisplay</b>
- </p>
- <p>
- Now I create the volume group, inside of which the logical volumes will be created:<br/>
- # <b>vgcreate matrix /dev/mapper/lvm</b> (volume group name is 'matrix')<br/>
- Show that you created it:<br/>
- # <b>vgdisplay</b>
- </p>
- <p>
- Now create the logical volumes:<br/>
- # <b>lvcreate -L 2G matrix -n swapvol</b> (2G swap partition, named <u>swapvol</u>)<br/>
- # <b>lvcreate -l +100%FREE matrix -n rootvol</b> (single large partition in the rest of the space, named <u>rootvol</u>)<br/>
- You can also be flexible here, for example you can specify a /boot, a /, a /home, a /var, a /usr, etc. For example,
- if you will be running a web/mail server then you want /var in its own partition (so that if it fills up with logs, it won't crash your system).
- For a home/laptop system (typical use case), a root and a swap will do (really).
- </p>
- <p>
- Verify that the logical volumes were created, using the following command:<br/>
- # <b>lvdisplay</b>
+ Firstly if you use an SSD, beware there are issues with TRIM (not enabled through luks) and security issues if you do enable it.
+ See <a href="https://wiki.archlinux.org/index.php/Dm-crypt/Specialties#Discard.2FTRIM_support_for_solid_state_drives_.28SSD.29">this page</a>
+ for more info.
</p>
- <h2>Create / and swap partitions</h2>
<p>
- For the swapvol LV I use:<br/>
- # <b>mkswap /dev/mapper/matrix-swapvol</b>
- </p>
- <p>
- For the rootvol LV I use:<br/>
- # <b>mkfs.ext4 /dev/mapper/matrix-rootvol</b>
+ <b>If you are using an SSD for this, make sure it's brand-new (or barely used). Or, otherwise, be sure that it never previously
+ contained plaintext copies of your data.</b>
</p>
- <h2>Continue with Parabola installation</h2>
- <p>
- Mount the root (/) partition:<br/>
- # <b>mount /dev/matrix/rootvol /mnt</b><br/>
- </p>
- <p>
- This guide is really about GRUB, Parabola and cryptomount. I have to show how to install Parabola
- so that the guide can continue.
- </p>
<p>
- Now I am following the rest of <a href="https://wiki.parabolagnulinux.org/Installation_Guide">https://wiki.parabolagnulinux.org/Installation_Guide</a>.
- I also cross referenced <a href="https://wiki.archlinux.org/index.php/Installation_guide">https://wiki.archlinux.org/index.php/Installation_guide</a>.
- </p>
- <p>
- Create /home and /boot on rootvol mountpoint:<br/>
- # <b>mkdir /mnt/home</b><br/>
- # <b>mkdir /mnt/boot</b>
- </p>
- <p>
- The wiki says to enable the swap so that it can be detected by 'genfstab':<br/>
- # <b>swapon /dev/matrix/swapvol</b>
- </p>
- <p>
- DHCP was already working for me, so I had internet during the install. Therefore, I ignore the 'Connect to the Internet' section of the install guide.
- I also ignore wifi, since I can set that up after the install. For now, I am just using ethernet.
- Otherwise, refer to <a href="https://wiki.archlinux.org/index.php/Configuring_Network">https://wiki.archlinux.org/index.php/Configuring_Network</a>.
- You can test to see if internet is already working by pinging a few domains.
+ Wipe the MBR (if you use MBR):<br/>
+ # <b>lsblk</b><br/>
+ Your HDD is probably /dev/sda:
+ # <b>dd if=/dev/zero of=/dev/sda bs=446 count=1; sync</b><br/>
+ Never use SeaBIOS! The MBR section can easily be changed with malicious code, which SeaBIOS will blindly execute.
+ This guide is for libreboot with GRUB-as-payload only.
</p>
<p>
- I commented out all lines except the Server line for the UK Parabola server (main server) in <b>/etc/pacman.d/mirrorlist</b> and then did:<br/>
- # <b>pacman -Syy</b><br/>
- # <b>pacman -Syu</b><br/>
- # <b>pacman -Sy pacman</b> (and then I did the other 2 steps above, again)<br/>
- In my case I did the steps in the next paragraph, and followed the steps in this paragraph again.
+ Securely wipe the drive:<br/>
+ # <b>dd if=/dev/urandom of=/dev/sda; sync</b><br/>
+ NOTE: If you have an SSD, only do this the first time. If it was already LUKS-encrypted before,
+ use the info below to wipe the LUKS header. Also, check online for your SSD what the recommended
+ erase block size is. For example if it was 2MiB:<br/>
+ # <b>dd if=/dev/urandom of=/dev/sda bs=2M; sync</b>
</p>
<p>
- &lt;troubleshooting&gt;<br/>
- &nbsp;&nbsp;&nbsp;The following is based on 'Verification of package signatures' in the Parabola install guide.<br/>
- &nbsp;&nbsp;&nbsp;Check there first to see if steps differ by now.<br/>
- &nbsp;&nbsp;&nbsp;Now you have to update the default Parabola keyring. This is used for signing and verifying packages:<br/>
- &nbsp;&nbsp;&nbsp;# <b>pacman -Sy parabola-keyring</b><br/>
- &nbsp;&nbsp;&nbsp;It says that if you get GPG errors, then it's probably an expired key and, therefore, you should do:<br/>
- &nbsp;&nbsp;&nbsp;# <b>pacman-key --populate parabola</b><br/>
- &nbsp;&nbsp;&nbsp;# <b>pacman-key --refresh-keys</b><br/>
- &nbsp;&nbsp;&nbsp;# <b>pacman -Sy parabola-keyring</b><br/>
- &nbsp;&nbsp;&nbsp;To be honest, you should do the above anyway. Parabola has a lot of maintainers, and a lot of keys. Really!<br/>
- &nbsp;&nbsp;&nbsp;Also, it says that if the clock is set incorrectly then you have to manually set the correct time <br/>
- &nbsp;&nbsp;&nbsp;(if keys are listed as expired because of it):<br/>
- &nbsp;&nbsp;&nbsp;# <b>date MMDDhhmm[[CC]YY][.ss]</b><br/>
- &nbsp;&nbsp;&nbsp;I also had to install:<br/>
- &nbsp;&nbsp;&nbsp;# <b>pacman -S archlinux-keyring</b><br/>
- &nbsp;&nbsp;&nbsp;# <b>pacman-key --populate archlinux</b><br/>
- &nbsp;&nbsp;&nbsp;In my case I saw some conflicting files reported in pacman, stopping me from using it.<br/>
- &nbsp;&nbsp;&nbsp;I deleted the files that it mentioned
- and then it worked. Specifically, I had this error:<br/>
- &nbsp;&nbsp;&nbsp;<i>licenses: /usr/share/licenses/common/MPS exists in filesystem</i><br/>
- &nbsp;&nbsp;&nbsp;I rm -rf'd the file and then pacman worked. I'm told that the following would have also made it work:<br/>
- &nbsp;&nbsp;&nbsp;# <b>pacman -Sf licenses</b><br/>
- &lt;/troubleshooting&gt;<br/>
+ If your drive was already LUKS encrypted (maybe you are re-installing your distro) then
+ it is already 'wiped'. You should just wipe the LUKS header.
+ <a href="https://www.lisenet.com/2013/luks-add-keys-backup-and-restore-volume-header/">https://www.lisenet.com/2013/luks-add-keys-backup-and-restore-volume-header/</a>
+ showed me how to do this. It recommends doing the first 3MiB. Now, that guide is recommending putting zero there. I'm doing to use urandom. Do this:<br/>
+ # <b>head -c 3145728 /dev/urandom &gt; /dev/sda; sync</b><br/>
+ (wiping the LUKS header is important, since it has hashed passphrases and so on. It's 'secure', but 'potentially' a risk).
</p>
<p>
- I also like to install other packages (base-devel, compilers and so on) and wpa_supplicant/dialog are needed for wireless after the install:<br/>
- # <b>pacstrap /mnt base base-devel wpa_supplicant dialog</b>
+ <b>
+ If you do plan to use an SSD, make sure to read
+ <a href="https://wiki.archlinux.org/index.php/Solid_State_Drives">https://wiki.archlinux.org/index.php/Solid_State_Drives</a><br/>
+ Edit /etc/fstab later on when chrooted into your install. Also, read the whole article and keep all points in mind, adapting
+ them for this guide.
+ </b>
</p>
+
+ </div>
+
+ <div class="section">
+
+ <h2>
+ Change keyboard layout
+ </h2>
+ <p>
+ Parabola live shell assumes US Qwerty. If you have something different, use:<br/>
+ # <b>loadkeys LAYOUT</b><br/>
+ For me, LAYOUT would have been dvorak-uk.
+ </p>
+
+ </div>
+
+ <div class="section">
+
+ <h2>Getting started</h2>
+ <p>
+ The beginning is based on <a href="https://wiki.parabolagnulinux.org/Installation_Guide">https://wiki.parabolagnulinux.org/Installation_Guide</a>.
+ Then I referred to <a href="https://wiki.archlinux.org/index.php/Partitioning">https://wiki.archlinux.org/index.php/Partitioning</a> at first.
+ </p>
+
+ </div>
+
+ <div class="section">
+
+ <h2>dm-mod</h2>
+ <p>
+ device-mapper will be used - a lot. Make sure that the kernel module is loaded:<br/>
+ # <b>modprobe dm-mod</b>
+ </p>
+
+ <h2>Create LUKS partition</h2>
+ <p>
+ I am using MBR partitioning, so I use cfdisk:<br/>
+ # <b>cfdisk /dev/sda</b>
+ </p>
+ <p>
+ I create a single large sda1 filling the whole drive, leaving it as the default type 'Linux' (83).
+ </p>
+ <p>
+ Now I refer to <a href="https://wiki.archlinux.org/index.php/Dm-crypt/Drive_preparation#Partitioning">https://wiki.archlinux.org/index.php/Dm-crypt/Drive_preparation#Partitioning</a>:<br/>
+ I am then directed to <a href="https://wiki.archlinux.org/index.php/Dm-crypt/Device_encryption">https://wiki.archlinux.org/index.php/Dm-crypt/Device_encryption</a>.
+ </p>
+ <p>
+ Parabola forces you to RTFM.
+ </p>
+ <p>
+ It tells me to run:<br/>
+ # <b>cryptsetup benchmark</b> (for making sure the list below is populated)<br/>
+ Then:<br/>
+ # <b>cat /proc/crypto</b><br/>
+ This gives me crypto options that I can use. It also provides a representation of the best way to set up LUKS (in this case, security is a priority; speed, a distant second).
+ To gain a better understanding, I am also reading:<br/>
+ # <b>man cryptsetup</b>
+ </p>
+ <p>
+ Following that page, based on my requirements, I do the following based on <a href="https://wiki.archlinux.org/index.php/Dm-crypt/Device_encryption#Encryption_options_for_LUKS_mode">https://wiki.archlinux.org/index.php/Dm-crypt/Device_encryption#Encryption_options_for_LUKS_mode</a>.
+ Reading through, it seems like Serpent (encryption) and Whirlpool (hash) is the best option.
+ </p>
+ <p>
+ I am initializing LUKS with the following:<br/>
+ # <b>cryptsetup -v --cipher serpent-xts-plain64 --key-size 512 --hash whirlpool --use-random --verify-passphrase luksFormat /dev/sda1</b>
+ -- choose a <b>secure</b> passphrase here. Ideally lots of lowercase/uppercase numbers, letters, symbols etc all in a random pattern. The password
+ length should be as long as you are able to handle without writing it down or storing it anywhere. Ideally, 100 characters or more.
+ It might take you a while to memorize a long passphrase before beginning this step.
+ </p>
+
+ </div>
- <h3>Configure the system</h3>
+ <div class="section">
+
+ <h2>Create LVM</h2>
+ <p>
+ Now I refer to <a href="https://wiki.archlinux.org/index.php/LVM">https://wiki.archlinux.org/index.php/LVM</a>.
+ </p>
+ <p>
+ Open the LUKS partition:<br/>
+ # <b>cryptsetup open --type luks /dev/sda1 lvm</b><br/>
+ (it will be available at /dev/mapper/lvm)<br/>
+ I'm told that the above is old syntax, which is what I did anyway. You could also try:<br/>
+ # <b>cryptsetup luksOpen /dev/sda1 lvm</b>
+ </p>
+ <p>
+ Create LVM partition:<br/>
+ # <b>pvcreate /dev/mapper/lvm</b><br/>
+ Show that you just created it:<br/>
+ # <b>pvdisplay</b>
+ </p>
+ <p>
+ Now I create the volume group, inside of which the logical volumes will be created:<br/>
+ # <b>vgcreate matrix /dev/mapper/lvm</b> (volume group name is 'matrix')<br/>
+ Show that you created it:<br/>
+ # <b>vgdisplay</b>
+ </p>
+ <p>
+ Now create the logical volumes:<br/>
+ # <b>lvcreate -L 2G matrix -n swapvol</b> (2G swap partition, named <u>swapvol</u>)<br/>
+ # <b>lvcreate -l +100%FREE matrix -n rootvol</b> (single large partition in the rest of the space, named <u>rootvol</u>)<br/>
+ You can also be flexible here, for example you can specify a /boot, a /, a /home, a /var, a /usr, etc. For example,
+ if you will be running a web/mail server then you want /var in its own partition (so that if it fills up with logs, it won't crash your system).
+ For a home/laptop system (typical use case), a root and a swap will do (really).
+ </p>
+ <p>
+ Verify that the logical volumes were created, using the following command:<br/>
+ # <b>lvdisplay</b>
+ </p>
+
+ </div>
+
+ <div class="section">
+
+ <h2>Create / and swap partitions</h2>
+ <p>
+ For the swapvol LV I use:<br/>
+ # <b>mkswap /dev/mapper/matrix-swapvol</b>
+ </p>
+ <p>
+ For the rootvol LV I use:<br/>
+ # <b>mkfs.ext4 /dev/mapper/matrix-rootvol</b>
+ </p>
+
+ </div>
+
+ <div class="section">
+
+ <h2>Continue with Parabola installation</h2>
+ <p>
+ Mount the root (/) partition:<br/>
+ # <b>mount /dev/matrix/rootvol /mnt</b><br/>
+ </p>
+ <p>
+ This guide is really about GRUB, Parabola and cryptomount. I have to show how to install Parabola
+ so that the guide can continue.
+ </p>
+ <p>
+ Now I am following the rest of <a href="https://wiki.parabolagnulinux.org/Installation_Guide">https://wiki.parabolagnulinux.org/Installation_Guide</a>.
+ I also cross referenced <a href="https://wiki.archlinux.org/index.php/Installation_guide">https://wiki.archlinux.org/index.php/Installation_guide</a>.
+ </p>
+ <p>
+ Create /home and /boot on rootvol mountpoint:<br/>
+ # <b>mkdir /mnt/home</b><br/>
+ # <b>mkdir /mnt/boot</b>
+ </p>
+ <p>
+ The wiki says to enable the swap so that it can be detected by 'genfstab':<br/>
+ # <b>swapon /dev/matrix/swapvol</b>
+ </p>
+ <p>
+ DHCP was already working for me, so I had internet during the install. Therefore, I ignore the 'Connect to the Internet' section of the install guide.
+ I also ignore wifi, since I can set that up after the install. For now, I am just using ethernet.
+ Otherwise, refer to <a href="https://wiki.archlinux.org/index.php/Configuring_Network">https://wiki.archlinux.org/index.php/Configuring_Network</a>.
+ You can test to see if internet is already working by pinging a few domains.
+ </p>
+
+ <p>
+ I commented out all lines except the Server line for the UK Parabola server (main server) in <b>/etc/pacman.d/mirrorlist</b> and then did:<br/>
+ # <b>pacman -Syy</b><br/>
+ # <b>pacman -Syu</b><br/>
+ # <b>pacman -Sy pacman</b> (and then I did the other 2 steps above, again)<br/>
+ In my case I did the steps in the next paragraph, and followed the steps in this paragraph again.
+ </p>
+ <p>
+ &lt;troubleshooting&gt;<br/>
+ &nbsp;&nbsp;&nbsp;The following is based on 'Verification of package signatures' in the Parabola install guide.<br/>
+ &nbsp;&nbsp;&nbsp;Check there first to see if steps differ by now.<br/>
+ &nbsp;&nbsp;&nbsp;Now you have to update the default Parabola keyring. This is used for signing and verifying packages:<br/>
+ &nbsp;&nbsp;&nbsp;# <b>pacman -Sy parabola-keyring</b><br/>
+ &nbsp;&nbsp;&nbsp;It says that if you get GPG errors, then it's probably an expired key and, therefore, you should do:<br/>
+ &nbsp;&nbsp;&nbsp;# <b>pacman-key --populate parabola</b><br/>
+ &nbsp;&nbsp;&nbsp;# <b>pacman-key --refresh-keys</b><br/>
+ &nbsp;&nbsp;&nbsp;# <b>pacman -Sy parabola-keyring</b><br/>
+ &nbsp;&nbsp;&nbsp;To be honest, you should do the above anyway. Parabola has a lot of maintainers, and a lot of keys. Really!<br/>
+ &nbsp;&nbsp;&nbsp;Also, it says that if the clock is set incorrectly then you have to manually set the correct time <br/>
+ &nbsp;&nbsp;&nbsp;(if keys are listed as expired because of it):<br/>
+ &nbsp;&nbsp;&nbsp;# <b>date MMDDhhmm[[CC]YY][.ss]</b><br/>
+ &nbsp;&nbsp;&nbsp;I also had to install:<br/>
+ &nbsp;&nbsp;&nbsp;# <b>pacman -S archlinux-keyring</b><br/>
+ &nbsp;&nbsp;&nbsp;# <b>pacman-key --populate archlinux</b><br/>
+ &nbsp;&nbsp;&nbsp;In my case I saw some conflicting files reported in pacman, stopping me from using it.<br/>
+ &nbsp;&nbsp;&nbsp;I deleted the files that it mentioned
+ and then it worked. Specifically, I had this error:<br/>
+ &nbsp;&nbsp;&nbsp;<i>licenses: /usr/share/licenses/common/MPS exists in filesystem</i><br/>
+ &nbsp;&nbsp;&nbsp;I rm -rf'd the file and then pacman worked. I'm told that the following would have also made it work:<br/>
+ &nbsp;&nbsp;&nbsp;# <b>pacman -Sf licenses</b><br/>
+ &lt;/troubleshooting&gt;<br/>
+ </p>
+ <p>
+ I also like to install other packages (base-devel, compilers and so on) and wpa_supplicant/dialog are needed for wireless after the install:<br/>
+ # <b>pacstrap /mnt base base-devel wpa_supplicant dialog</b>
+ </p>
+
+ </div>
+
+ <div class="section">
+
+ <h2>Configure the system</h2>
<p>
From the Parabola installation guide (Arch's one was identical):<br/>
# <b>genfstab -p /mnt &gt;&gt; /mnt/etc/fstab</b>
@@ -359,8 +390,12 @@
# <b>mkinitcpio -p linux-libre-grsec</b>
</li>
</ul>
+
+ </div>
- <h3>Set a root password</h3>
+ <div class="section">
+
+ <h2>Set a root password</h2>
<p>
At the time of writing, Parabola used SHA512 by default for it's password hashing.
</p>
@@ -374,8 +409,12 @@
# <b>passwd root</b><br/>
Make sure to set a secure password! Also, it must never be the same as your LUKS password.
</p>
+
+ </div>
+
+ <div class="section">
- <h3>Extra security tweaks</h3>
+ <h2>Extra security tweaks</h2>
<p>
Based on <a href="https://wiki.archlinux.org/index.php/Security">https://wiki.archlinux.org/index.php/Security</a>.
</p>
@@ -397,8 +436,12 @@
Configure sudo - not covered here. Will be covered post-installation in another tutorial, at a later date.
If this is a single-user system, you don't really need sudo.
</p>
+
+ </div>
+
+ <div class="section">
- <h3>Unmount, reboot!</h3>
+ <h2>Unmount, reboot!</h2>
<p>
Exit from chroot:<br/>
# <b>exit</b>
@@ -421,8 +464,12 @@
# <b>shutdown -h now</b><br/>
Then boot up again.
</p>
+
+ </div>
- <h3>Booting from GRUB</h3>
+ <div class="section">
+
+ <h2>Booting from GRUB</h2>
<p>
Initially you will have to boot manually. Press C to get to the GRUB command line. The underlined parts are optional
(using those 2 underlines will boot lts kernel instead of normal).
@@ -437,132 +484,144 @@
<p>
You could also make it load /boot/vmlinuz-linux-libre-grsec and /boot/initramfs-linux-libre-grsec.img
</p>
+
+ </div>
-<hr/>
+ <div class="section">
+
+ <h2>Modify grub.cfg inside the ROM</h2>
- <h2>Modify grub.cfg inside the ROM</h2>
+ <p>
+ Now you need to modify the ROM, so that Parabola can boot automatically with this configuration.
+ <a href="grub_cbfs.html">grub_cbfs.html</a> shows you how. Follow that guide, using the configuration details below.
+ </p>
+ <p>
+ Inside the 'Load Operating System' menu entry, change the contents to:<br/>
+ <b><i>
+ cryptomount -a (ahci0,msdos1)<br/>
+ set root='lvm/matrix-rootvol'<br/>
+ linux /boot/vmlinuz-linux-libre<u>-lts</u> root=/dev/matrix/rootvol cryptdevice=/dev/sda1:root<br/>
+ initrd /boot/initramfs-linux-libre<u>-lts</u>.img
+ </i></b>
+ </p>
- <p>
- Now you need to modify the ROM, so that Parabola can boot automatically with this configuration.
- <a href="grub_cbfs.html">grub_cbfs.html</a> shows you how. Follow that guide, using the configuration details below.
- </p>
- <p>
- Inside the 'Load Operating System' menu entry, change the contents to:<br/>
- <b><i>
- cryptomount -a (ahci0,msdos1)<br/>
- set root='lvm/matrix-rootvol'<br/>
- linux /boot/vmlinuz-linux-libre<u>-lts</u> root=/dev/matrix/rootvol cryptdevice=/dev/sda1:root<br/>
- initrd /boot/initramfs-linux-libre<u>-lts</u>.img
- </i></b>
- </p>
+ <p>
+ Note: the underlined parts above (-lts) can also be removed, to boot the latest kernel instead of LTS (long-term support) kernels.
+ You could also copy the menu entry and in one have -lts, and without in the other menuentry.
+ You could also create a menu entry to load /boot/vmlinuz-linux-libre-grsec and /boot/initramfs-linux-libre-grsec.img
+ </p>
- <p>
- Note: the underlined parts above (-lts) can also be removed, to boot the latest kernel instead of LTS (long-term support) kernels.
- You could also copy the menu entry and in one have -lts, and without in the other menuentry.
- You could also create a menu entry to load /boot/vmlinuz-linux-libre-grsec and /boot/initramfs-linux-libre-grsec.img
- </p>
+ <p>
+ Personally, I opted to have the entry for linux-libre-grsec at the top, so that it would load by default.
+ </p>
- <p>
- Personally, I opted to have the entry for linux-libre-grsec at the top, so that it would load by default.
- </p>
+ <p>
+ Above the 'Load Operating System' menu entry you should also add a GRUB password, like so:
+ </p>
+ <pre><b><i>set superusers=&quot;root&quot;
+ password_pbkdf2 root grub.pbkdf2.sha512.10000.711F186347156BC105CD83A2ED7AF1EB971AA2B1EB2640172F34B0DEFFC97E654AF48E5F0C3B7622502B76458DA494270CC0EA6504411D676E6752FD1651E749.8DD11178EB8D1F633308FD8FCC64D0B243F949B9B99CCEADE2ECA11657A757D22025986B0FA116F1D5191E0A22677674C994EDBFADE62240E9D161688266A711
+ </i></b></pre>
- <p>
- Above the 'Load Operating System' menu entry you should also add a GRUB password, like so:
- </p>
-<pre><b><i>set superusers=&quot;root&quot;
-password_pbkdf2 root grub.pbkdf2.sha512.10000.711F186347156BC105CD83A2ED7AF1EB971AA2B1EB2640172F34B0DEFFC97E654AF48E5F0C3B7622502B76458DA494270CC0EA6504411D676E6752FD1651E749.8DD11178EB8D1F633308FD8FCC64D0B243F949B9B99CCEADE2ECA11657A757D22025986B0FA116F1D5191E0A22677674C994EDBFADE62240E9D161688266A711
-</i></b></pre>
+ <p>
+ Note that the above entry specifies user 'root'; this is just a username for GRUB. You don't even need to use root.
+ Change root on both of those 2 lines to whatever you want.
+ </p>
- <p>
- Note that the above entry specifies user 'root'; this is just a username for GRUB. You don't even need to use root.
- Change root on both of those 2 lines to whatever you want.
- </p>
+ <p>
+ Start dhcp on ethernet:<br/>
+ # <b>systemctl start dhcpcd.service</b>
+ This is just for the step below. I won't cover network configuration here. That is for another Parabola article.
+ </p>
- <p>
- Start dhcp on ethernet:<br/>
- # <b>systemctl start dhcpcd.service</b>
- This is just for the step below. I won't cover network configuration here. That is for another Parabola article.
- </p>
+ <p>
+ The password hash (it's <b>password</b>, by the way) after <i>'password_pbkdf2 root'</i> <i>should be changed</i> and is created by the <b>grub-mkpasswd-pbkdf2</b> utility, which you need to install or otherwise compile,
+ like so:<br/>
+ # <b>pacman -S grub</b>
+ </p>
+
+ <p>
+ GRUB isn't needed for booting, since it's already included as a payload in libreboot. This is only so that the utility needed becomes available. Get your hash
+ by entering your chosen password at the prompt, when running this command:<br/>
+ # <b>grub-mkpasswd-pbkdf2</b>
+ </p>
- <p>
- The password hash (it's <b>password</b>, by the way) after <i>'password_pbkdf2 root'</i> <i>should be changed</i> and is created by the <b>grub-mkpasswd-pbkdf2</b> utility, which you need to install or otherwise compile,
- like so:<br/>
- # <b>pacman -S grub</b>
- </p>
-
- <p>
- GRUB isn't needed for booting, since it's already included as a payload in libreboot. This is only so that the utility needed becomes available. Get your hash
- by entering your chosen password at the prompt, when running this command:<br/>
- # <b>grub-mkpasswd-pbkdf2</b>
- </p>
+ <p>
+ It will output the hash for the password that you entered. Make sure to specify a password that is different from both your LUKS *and* your root/user password.
+ Use it to replace the default hash mentioned above.
+ </p>
- <p>
- It will output the hash for the password that you entered. Make sure to specify a password that is different from both your LUKS *and* your root/user password.
- Use it to replace the default hash mentioned above.
- </p>
+ <p>
+ With this setup, you will have to enter a password at boot time, in GRUB, before being able to use any of the menu entries or switch to the terminal.
+ This protects your system from an attacker simply booting a live usb distro and re-flashing the boot firmware.
+ </p>
- <p>
- With this setup, you will have to enter a password at boot time, in GRUB, before being able to use any of the menu entries or switch to the terminal.
- This protects your system from an attacker simply booting a live usb distro and re-flashing the boot firmware.
- </p>
+ <p>
+ You probably only need base-devel (compilers and so on) to build and use cbfstool. It was already installed if you followed this tutorial, but here it is:<br/>
+ # <b>pacman -S base-devel</b>
+ </p>
- <p>
- You probably only need base-devel (compilers and so on) to build and use cbfstool. It was already installed if you followed this tutorial, but here it is:<br/>
- # <b>pacman -S base-devel</b>
- </p>
+ <p>
+ For flashing the modified ROM, I just used flashrom from the Parabola repo's:<br/>
+ # <b>pacman -S flashrom</b><br/>
+ I also installed dmidecode:<br/>
+ # <b>pacman -S dmidecode</b>
+ </p>
- <p>
- For flashing the modified ROM, I just used flashrom from the Parabola repo's:<br/>
- # <b>pacman -S flashrom</b><br/>
- I also installed dmidecode:<br/>
- # <b>pacman -S dmidecode</b>
- </p>
+ <p>
+ When done, deleted GRUB (remember, we only needed it for the <i>grub-mkpasswd-pbkdf2</i> utility;
+ GRUB is already part of libreboot, flashed alongside it as a <i>payload</i>):<br/>
+ # <b>pacman -R grub</b>
+ </p>
+
+ </div>
+
+ <div class="section">
<p>
- When done, deleted GRUB (remember, we only needed it for the <i>grub-mkpasswd-pbkdf2</i> utility;
- GRUB is already part of libreboot, flashed alongside it as a <i>payload</i>):<br/>
- # <b>pacman -R grub</b>
+ If you followed all that correctly, you should now have a fully encrypted Parabola installation.
+ This is a very barebones Parabola install (the default one). Refer to the wiki for how to do the rest
+ (desktop, etc).
</p>
+
+ </div>
-<hr/>
+ <div class="section">
- <p>
- If you followed all that correctly, you should now have a fully encrypted Parabola installation.
- This is a very barebones Parabola install (the default one). Refer to the wiki for how to do the rest
- (desktop, etc).
- </p>
+ <h2>Further security tips</h2>
+ <p>
+ <a href="https://wiki.archlinux.org/index.php/Security">https://wiki.archlinux.org/index.php/Security</a>.<br/>
+ <a href="https://wiki.parabolagnulinux.org/User:GNUtoo/laptop">https://wiki.parabolagnulinux.org/User:GNUtoo/laptop</a>
+ </p>
+
+ </div>
-<hr/>
+ <div class="section">
- <h2>Further security tips</h2>
- <p>
- <a href="https://wiki.archlinux.org/index.php/Security">https://wiki.archlinux.org/index.php/Security</a>.<br/>
- <a href="https://wiki.parabolagnulinux.org/User:GNUtoo/laptop">https://wiki.parabolagnulinux.org/User:GNUtoo/laptop</a>
- </p>
+ <h2>Follow-up tutorial: configuring Parabola</h2>
+ <p>
+ <a href="configuring_parabola.html">configuring_parabola.html</a> shows my own notes post-installation. Using these, you can get a basic
+ system similar to the one that I chose for myself. You can also cherry pick useful notes and come up with your own system.
+ Parabola is user-centric, which means that you are in control. For more information, read <a href="https://wiki.archlinux.org/index.php/The_Arch_Way">The Arch Way</a>
+ (Parabola also follows it).
+ </p>
+
+ </div>
-<hr/>
+ <div class="section">
- <h2>Follow-up tutorial: configuring Parabola</h2>
<p>
- <a href="configuring_parabola.html">configuring_parabola.html</a> shows my own notes post-installation. Using these, you can get a basic
- system similar to the one that I chose for myself. You can also cherry pick useful notes and come up with your own system.
- Parabola is user-centric, which means that you are in control. For more information, read <a href="https://wiki.archlinux.org/index.php/The_Arch_Way">The Arch Way</a>
- (Parabola also follows it).
+ Copyright &copy; 2014, 2015 Francis Rowe &lt;info@gluglug.org.uk&gt;<br/>
+ This document is released under the Creative Commons Attribution-ShareAlike 4.0 International Public License and all future versions.
+ A copy of the license can be found at <a href="../license.txt">../license.txt</a>.
</p>
-<hr/>
-
- <p>
- Copyright &copy; 2014 Francis Rowe &lt;info@gluglug.org.uk&gt;<br/>
- This document is released under the Creative Commons Attribution-ShareAlike 4.0 International Public License and all future versions.
- A copy of the license can be found at <a href="../license.txt">../license.txt</a>.
- </p>
-
- <p>
- This document is distributed in the hope that it will be useful,
- but WITHOUT ANY WARRANTY; without even the implied warranty of
- MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See <a href="../license.txt">../license.txt</a> for more information.
- </p>
+ <p>
+ This document is distributed in the hope that it will be useful,
+ but WITHOUT ANY WARRANTY; without even the implied warranty of
+ MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See <a href="../license.txt">../license.txt</a> for more information.
+ </p>
+
+ </div>
</body>
</html>
diff --git a/docs/gnulinux/encrypted_trisquel.html b/docs/gnulinux/encrypted_trisquel.html
index 8e369a4..c24d5f1 100644
--- a/docs/gnulinux/encrypted_trisquel.html
+++ b/docs/gnulinux/encrypted_trisquel.html
@@ -12,280 +12,325 @@
</head>
<body>
- <header>
+ <div class="section">
<h1>Installing Trisquel GNU/Linux with full disk encryption (including /boot)</h1>
- <aside>Or <a href="index.html">back to main index</a></aside>
- </header>
-
- <p>
- Libreboot uses the GRUB <a href="http://www.coreboot.org/Payloads#GRUB_2">payload</a>
- by default, which means that the GRUB configuration file
- (where your GRUB menu comes from) is stored directly alongside libreboot
- and its GRUB payload executable, inside
- the flash chip. In context, this means that installing distributions and managing them
- is handled slightly differently compared to traditional BIOS systems.
- </p>
-
- <p>
- On most systems, the /boot partition has to be left unencrypted while the others are encrypted.
- This is so that GRUB, and therefore the kernel, can be loaded and executed since the firmware
- can't open a LUKS volume. Not so with libreboot! Since GRUB is already included directly as a
- payload, even /boot can be encrypted. This protects /boot from tampering by someone with physical
- access to the machine.
- </p>
-
- <p>
- This works in Trisquel 7, and probably Trisquel 6. Boot the 'net installer' (Install Trisquel in Text Mode). <a href="grub_boot_installer.html">How to boot a GNU/Linux installer</a>.
- </p>
-
- <p>
- Set a strong user password (ideally above 40 characters, of lowercase/uppercase, numbers and symbols).
- </p>
-
- <p>
- when the installer asks you to set up
- encryption (ecryptfs) for your home directory, select 'Yes' if you want to: <b>LUKS is already secure and performs well. Having ecryptfs on top of it
- will add noticeable performance penalty, for little security gain in most use cases. This is therefore optional, and not recommended.
- Choose 'no'.</b>
- </p>
-
- <p>
- <b>
- Your user password should be different from the LUKS password which you will set later on.
- Your LUKS password should, like the user password, be secure.
- </b>
- </p>
-
- <h1>Partitioning</h1>
-
- <p>Choose 'Manual' partitioning:</p>
- <ul>
- <li>Select drive and create new partition table</li>
- <li>
- Single large partition. The following are mostly defaults:
- <ul>
- <li>Use as: physical volume for encryption</li>
- <li>Encryption: aes</li>
- <li>key size: 256</li>
- <li>IV algorithm: xts-plain64</li>
- <li>Encryption key: passphrase</li>
- <li>erase data: Yes (only choose 'No' if it's a new drive that doesn't contain your private data)</li>
- </ul>
- </li>
- <li>
- Select 'configure encrypted volumes'
- <ul>
- <li>Create encrypted volumes</li>
- <li>Select your partition</li>
- <li>Finish</li>
- <li>Really erase: Yes</li>
- <li>(erase will take a long time. be patient)</li>
- <li>(if your old system was encrypted, just let this run for about a minute to
- make sure that the LUKS header is wiped out)</li>
- </ul>
- </li>
- <li>
- Select encrypted space:
- <ul>
- <li>use as: physical volume for LVM</li>
- <li>Choose 'done setting up the partition'</li>
- </ul>
- </li>
- <li>
- Configure the logical volume manager:
- <ul>
- <li>Keep settings: Yes</li>
- </ul>
- </li>
- <li>
- Create volume group:
- <ul>
- <li>Name: <b>grubcrypt</b> (you can use whatever you want here, this is just an example)</li>
- <li>Select crypto partition</li>
- </ul>
- </li>
- <li>
- Create logical volume
- <ul>
- <li>select <b>grubcrypt</b> (or whatever you named it before)</li>
- <li>name: <b>trisquel</b> (you can use whatever you want here, this is just an example)</li>
- <li>size: default, minus 2048 MB</li>
- </ul>
- </li>
- <li>
- Create logical volume
- <ul>
- <li>select <b>grubcrypt</b> (or whatever you named it before)</li>
- <li>name: <b>swap</b> (you can use whatever you want here, this is just an example)</li>
- <li>size: press enter</li>
- </ul>
- </li>
- </ul>
-
- <h1>Further partitioning</h1>
-
- <p>
- Now you are back at the main partitioning screen. You will simply set mountpoints and filesystems to use.
- </p>
- <ul>
- <li>
- LVM LV trisquel
- <ul>
- <li>use as: ext4</li>
- <li>mount point: /</li>
- <li>done setting up partition</li>
- </ul>
- </li>
- <li>
- LVM LV swap
- <ul>
- <li>use as: swap area</li>
- <li>done setting up partition</li>
- </ul>
- </li>
- <li>Now you select 'Finished partitioning and write changes to disk'.</li>
- </ul>
-
- <h1>Kernel</h1>
-
- <p>
- Installation will ask what kernel you want to use. linux-generic is fine.
- </p>
-
- <h1>Tasksel</h1>
-
- <p>
- Choose <i>&quot;Trisquel Desktop Environment&quot;</i> if you want GNOME,
- <i>&quot;Trisquel-mini Desktop Environment&quot;</i> if you
- want LXDE or <i>&quot;Triskel Desktop Environment&quot;</i> if you want KDE.
- If you want to have no desktop (just a basic shell)
- when you boot or if you want to create your own custom setup, then choose nothing here (don't select anything).
- You might also want to choose some of the other package groups; it's up to you.
- </p>
-
- <h1>Postfix configuration</h1>
-
- <p>
- If asked, choose <i>&quot;No Configuration&quot;</i> here (or maybe you want to select something else. It's up to you.)
- </p>
-
- <h1>Install the GRUB boot loader to the master boot record</h1>
-
- <p>
- Choose 'Yes'. It will fail, but don't worry. Then at the main menu, choose 'Continue without a bootloader'.
- You could also choose 'No'. Choice is irrelevant here.
- </p>
-
- <p>
- <i>You do not need to install GRUB at all, since in libreboot you are using the GRUB payload (for libreboot) to boot your system directly.</i>
- </p>
-
- <h1>Clock UTC</h1>
-
- <p>
- Just say 'Yes'.
- </p>
-
- <h1>
- Booting your system
- </h1>
-
- <p>
- At this point, you will have finished the installation. At your GRUB payload, press C to get to the command line.
- </p>
-
+ <p>
+ Libreboot uses the GRUB <a href="http://www.coreboot.org/Payloads#GRUB_2">payload</a>
+ by default, which means that the GRUB configuration file
+ (where your GRUB menu comes from) is stored directly alongside libreboot
+ and its GRUB payload executable, inside
+ the flash chip. In context, this means that installing distributions and managing them
+ is handled slightly differently compared to traditional BIOS systems.
+ </p>
+
+ <p>
+ On most systems, the /boot partition has to be left unencrypted while the others are encrypted.
+ This is so that GRUB, and therefore the kernel, can be loaded and executed since the firmware
+ can't open a LUKS volume. Not so with libreboot! Since GRUB is already included directly as a
+ payload, even /boot can be encrypted. This protects /boot from tampering by someone with physical
+ access to the machine.
+ </p>
+ <p>
+ This works in Trisquel 7, and probably Trisquel 6. Boot the 'net installer' (Install Trisquel in Text Mode).
+ <a href="grub_boot_installer.html">How to boot a GNU/Linux installer</a>.
+ </p>
+ <p><a href="index.html">Back to previous index</a></p>
+ </div>
+
+ <div class="section">
+
<p>
- Do that:<br/>
- grub&gt; <b>cryptomount -a (ahci0,msdos1)</b><br/>
- grub&gt; <b>set root='lvm/grubcrypt-trisquel'</b><br/>
- grub&gt; <b>linux /vmlinuz root=/dev/mapper/grubcrypt-trisquel cryptdevice=/dev/mapper/grubcrypt-trisquel:root</b><br/>
- grub&gt; <b>initrd /initrd.img</b><br/>
- grub&gt; <b>boot</b>
- </p>
-
- <h1>
- ecryptfs
- </h1>
-
- <p>
- If you didn't encrypt your home directory, then you can safely ignore this section.
- </p>
-
- <p>
- Immediately after logging in, do that:<br/>
- $ <b>sudo ecryptfs-unwrap-passphrase</b>
- </p>
-
- <p>
- This will be needed in the future if you ever need to recover your home directory from another system, so write it down and keep the note
- somewhere secret. Ideally, you should memorize it and then burn the note (or not even write it down, and memorize it still)>
- </p>
-
- <h1>
- Modify grub.cfg (CBFS)
- </h1>
-
- <p>
- Now you need to set it up so that the system will automatically boot, without having to type a bunch of commands.
- </p>
-
- <p>
- Modify your grub.cfg (in the firmware) <a href="grub_cbfs.html">using this tutorial</a>;
- just change the default menu entry 'Load Operating System' to say this inside:
+ Set a strong user password (ideally above 40 characters, of lowercase/uppercase, numbers and symbols).
</p>
<p>
- <b>cryptomount -a (ahci0,msdos1)</b><br/>
- <b>set root='lvm/grubcrypt-trisquel'</b><br/>
- <b>linux /vmlinuz root=/dev/mapper/grubcrypt-trisquel cryptdevice=/dev/mapper/grubcrypt-trisquel:root</b><br/>
- <b>initrd /initrd.img</b>
+ when the installer asks you to set up
+ encryption (ecryptfs) for your home directory, select 'Yes' if you want to: <b>LUKS is already secure and performs well. Having ecryptfs on top of it
+ will add noticeable performance penalty, for little security gain in most use cases. This is therefore optional, and not recommended.
+ Choose 'no'.</b>
</p>
<p>
- Additionally, you should set a GRUB password. This is not your LUKS password, but it's a password that you have to enter to see
- GRUB. This protects your system from an attacker simply booting a live USB and re-flashing your firmware. <b>This should be different than your LUKS passphrase and user password.</b>
+ <b>
+ Your user password should be different from the LUKS password which you will set later on.
+ Your LUKS password should, like the user password, be secure.
+ </b>
</p>
+
+ </div>
+
+ <div class="section">
+
+ <h1>Partitioning</h1>
+
+ <p>Choose 'Manual' partitioning:</p>
+ <ul>
+ <li>Select drive and create new partition table</li>
+ <li>
+ Single large partition. The following are mostly defaults:
+ <ul>
+ <li>Use as: physical volume for encryption</li>
+ <li>Encryption: aes</li>
+ <li>key size: 256</li>
+ <li>IV algorithm: xts-plain64</li>
+ <li>Encryption key: passphrase</li>
+ <li>erase data: Yes (only choose 'No' if it's a new drive that doesn't contain your private data)</li>
+ </ul>
+ </li>
+ <li>
+ Select 'configure encrypted volumes'
+ <ul>
+ <li>Create encrypted volumes</li>
+ <li>Select your partition</li>
+ <li>Finish</li>
+ <li>Really erase: Yes</li>
+ <li>(erase will take a long time. be patient)</li>
+ <li>(if your old system was encrypted, just let this run for about a minute to
+ make sure that the LUKS header is wiped out)</li>
+ </ul>
+ </li>
+ <li>
+ Select encrypted space:
+ <ul>
+ <li>use as: physical volume for LVM</li>
+ <li>Choose 'done setting up the partition'</li>
+ </ul>
+ </li>
+ <li>
+ Configure the logical volume manager:
+ <ul>
+ <li>Keep settings: Yes</li>
+ </ul>
+ </li>
+ <li>
+ Create volume group:
+ <ul>
+ <li>Name: <b>grubcrypt</b> (you can use whatever you want here, this is just an example)</li>
+ <li>Select crypto partition</li>
+ </ul>
+ </li>
+ <li>
+ Create logical volume
+ <ul>
+ <li>select <b>grubcrypt</b> (or whatever you named it before)</li>
+ <li>name: <b>trisquel</b> (you can use whatever you want here, this is just an example)</li>
+ <li>size: default, minus 2048 MB</li>
+ </ul>
+ </li>
+ <li>
+ Create logical volume
+ <ul>
+ <li>select <b>grubcrypt</b> (or whatever you named it before)</li>
+ <li>name: <b>swap</b> (you can use whatever you want here, this is just an example)</li>
+ <li>size: press enter</li>
+ </ul>
+ </li>
+ </ul>
+
+ </div>
+
+ <div class="section">
+
+ <h1>Further partitioning</h1>
+
+ <p>
+ Now you are back at the main partitioning screen. You will simply set mountpoints and filesystems to use.
+ </p>
+ <ul>
+ <li>
+ LVM LV trisquel
+ <ul>
+ <li>use as: ext4</li>
+ <li>mount point: /</li>
+ <li>done setting up partition</li>
+ </ul>
+ </li>
+ <li>
+ LVM LV swap
+ <ul>
+ <li>use as: swap area</li>
+ <li>done setting up partition</li>
+ </ul>
+ </li>
+ <li>Now you select 'Finished partitioning and write changes to disk'.</li>
+ </ul>
+
+ </div>
+
+ <div class="section">
+
+ <h1>Kernel</h1>
+
+ <p>
+ Installation will ask what kernel you want to use. linux-generic is fine.
+ </p>
+
+ </div>
+
+ <div class="section">
+
+ <h1>Tasksel</h1>
+
+ <p>
+ Choose <i>&quot;Trisquel Desktop Environment&quot;</i> if you want GNOME,
+ <i>&quot;Trisquel-mini Desktop Environment&quot;</i> if you
+ want LXDE or <i>&quot;Triskel Desktop Environment&quot;</i> if you want KDE.
+ If you want to have no desktop (just a basic shell)
+ when you boot or if you want to create your own custom setup, then choose nothing here (don't select anything).
+ You might also want to choose some of the other package groups; it's up to you.
+ </p>
+
+ </div>
+
+ <div class="section">
+
+ <h1>Postfix configuration</h1>
+
+ <p>
+ If asked, choose <i>&quot;No Configuration&quot;</i> here (or maybe you want to select something else. It's up to you.)
+ </p>
+
+ </div>
+
+ <div class="section">
+
+ <h1>Install the GRUB boot loader to the master boot record</h1>
+
+ <p>
+ Choose 'Yes'. It will fail, but don't worry. Then at the main menu, choose 'Continue without a bootloader'.
+ You could also choose 'No'. Choice is irrelevant here.
+ </p>
+
+ <p>
+ <i>You do not need to install GRUB at all, since in libreboot you are using the GRUB payload (for libreboot) to boot your system directly.</i>
+ </p>
+
+ </div>
+
+ <div class="section">
+
+ <h1>Clock UTC</h1>
+
+ <p>
+ Just say 'Yes'.
+ </p>
+
+ </div>
+
+ <div class="section">
+
+ <h1>
+ Booting your system
+ </h1>
+
+ <p>
+ At this point, you will have finished the installation. At your GRUB payload, press C to get to the command line.
+ </p>
+
+ <p>
+ Do that:<br/>
+ grub&gt; <b>cryptomount -a (ahci0,msdos1)</b><br/>
+ grub&gt; <b>set root='lvm/grubcrypt-trisquel'</b><br/>
+ grub&gt; <b>linux /vmlinuz root=/dev/mapper/grubcrypt-trisquel cryptdevice=/dev/mapper/grubcrypt-trisquel:root</b><br/>
+ grub&gt; <b>initrd /initrd.img</b><br/>
+ grub&gt; <b>boot</b>
+ </p>
+
+ </div>
+
+ <div class="section">
+
+ <h1>
+ ecryptfs
+ </h1>
+
+ <p>
+ If you didn't encrypt your home directory, then you can safely ignore this section.
+ </p>
+
+ <p>
+ Immediately after logging in, do that:<br/>
+ $ <b>sudo ecryptfs-unwrap-passphrase</b>
+ </p>
+
+ <p>
+ This will be needed in the future if you ever need to recover your home directory from another system, so write it down and keep the note
+ somewhere secret. Ideally, you should memorize it and then burn the note (or not even write it down, and memorize it still)>
+ </p>
+
+ </div>
+
+ <div class="section">
+
+ <h1>
+ Modify grub.cfg (CBFS)
+ </h1>
+
+ <p>
+ Now you need to set it up so that the system will automatically boot, without having to type a bunch of commands.
+ </p>
+
+ <p>
+ Modify your grub.cfg (in the firmware) <a href="grub_cbfs.html">using this tutorial</a>;
+ just change the default menu entry 'Load Operating System' to say this inside:
+ </p>
+
+ <p>
+ <b>cryptomount -a (ahci0,msdos1)</b><br/>
+ <b>set root='lvm/grubcrypt-trisquel'</b><br/>
+ <b>linux /vmlinuz root=/dev/mapper/grubcrypt-trisquel cryptdevice=/dev/mapper/grubcrypt-trisquel:root</b><br/>
+ <b>initrd /initrd.img</b>
+ </p>
+
+ <p>
+ Additionally, you should set a GRUB password. This is not your LUKS password, but it's a password that you have to enter to see
+ GRUB. This protects your system from an attacker simply booting a live USB and re-flashing your firmware. <b>This should be different than your LUKS passphrase and user password.</b>
+ </p>
+
+ <p>
+ The GRUB utility can be used like so:<br/>
+ $ <b>grub-mkpasswd-pbkdf2</b>
+ </p>
+
+ <p>
+ Give it a password (remember, it has to be secure) and it'll output something like:<br/>
+ <b>grub.pbkdf2.sha512.10000.711F186347156BC105CD83A2ED7AF1EB971AA2B1EB2640172F34B0DEFFC97E654AF48E5F0C3B7622502B76458DA494270CC0EA6504411D676E6752FD1651E749.8DD11178EB8D1F633308FD8FCC64D0B243F949B9B99CCEADE2ECA11657A757D22025986B0FA116F1D5191E0A22677674C994EDBFADE62240E9D161688266A711</b>
+ </p>
+
+ <p>
+ Put that in the grub.cfg (the one for CBFS inside the ROM) before the 'Load Operating System' menu entry like so (example):<br/>
+ </p>
+ <pre>
+<b>set superusers=&quot;root&quot;</b>
+<b>password_pbkdf2 root grub.pbkdf2.sha512.10000.711F186347156BC105CD83A2ED7AF1EB971AA2B1EB2640172F34B0DEFFC97E654AF48E5F0C3B7622502B76458DA494270CC0EA6504411D676E6752FD1651E749.8DD11178EB8D1F633308FD8FCC64D0B243F949B9B99CCEADE2ECA11657A757D22025986B0FA116F1D5191E0A22677674C994EDBFADE62240E9D161688266A711</b>
+ </pre>
- <p>
- The GRUB utility can be used like so:<br/>
- $ <b>grub-mkpasswd-pbkdf2</b>
- </p>
+ <p>
+ Obviously, replace it with the correct hash that you actually got for the password that you entered. Meaning, not the hash that you see above!
+ </p>
- <p>
- Give it a password (remember, it has to be secure) and it'll output something like:<br/>
- <b>grub.pbkdf2.sha512.10000.711F186347156BC105CD83A2ED7AF1EB971AA2B1EB2640172F34B0DEFFC97E654AF48E5F0C3B7622502B76458DA494270CC0EA6504411D676E6752FD1651E749.8DD11178EB8D1F633308FD8FCC64D0B243F949B9B99CCEADE2ECA11657A757D22025986B0FA116F1D5191E0A22677674C994EDBFADE62240E9D161688266A711</b>
- </p>
+ <p>
+ After this, you will have a modified ROM with the menu entry for cryptomount, and the entry before that for the GRUB password. Flash the modified ROM
+ using <a href="../install/index.html#flashrom">this tutorial</a>.
+ </p>
+
+ </div>
- <p>
- Put that in the grub.cfg (the one for CBFS inside the ROM) before the 'Load Operating System' menu entry like so (example):<br/>
- </p>
- <pre>
-<b>set superusers=&quot;root&quot;</b>
-<b>password_pbkdf2 root grub.pbkdf2.sha512.10000.711F186347156BC105CD83A2ED7AF1EB971AA2B1EB2640172F34B0DEFFC97E654AF48E5F0C3B7622502B76458DA494270CC0EA6504411D676E6752FD1651E749.8DD11178EB8D1F633308FD8FCC64D0B243F949B9B99CCEADE2ECA11657A757D22025986B0FA116F1D5191E0A22677674C994EDBFADE62240E9D161688266A711</b>
- </pre>
+ <div class="section">
<p>
- Obviously, replace it with the correct hash that you actually got for the password that you entered. Meaning, not the hash that you see above!
+ Copyright &copy; 2014, 2015 Francis Rowe &lt;info@gluglug.org.uk&gt;<br/>
+ This document is released under the Creative Commons Attribution-ShareAlike 4.0 International Public License and all future versions.
+ A copy of the license can be found at <a href="../license.txt">../license.txt</a>.
</p>
<p>
- After this, you will have a modified ROM with the menu entry for cryptomount, and the entry before that for the GRUB password. Flash the modified ROM
- using <a href="../install/index.html#flashrom">this tutorial</a>.
+ This document is distributed in the hope that it will be useful,
+ but WITHOUT ANY WARRANTY; without even the implied warranty of
+ MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See <a href="../license.txt">../license.txt</a> for more information.
</p>
-
-<hr/>
-
- <p>
- Copyright &copy; 2014 Francis Rowe &lt;info@gluglug.org.uk&gt;<br/>
- This document is released under the Creative Commons Attribution-ShareAlike 4.0 International Public License and all future versions.
- A copy of the license can be found at <a href="../license.txt">../license.txt</a>.
- </p>
-
- <p>
- This document is distributed in the hope that it will be useful,
- but WITHOUT ANY WARRANTY; without even the implied warranty of
- MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See <a href="../license.txt">../license.txt</a> for more information.
- </p>
+
+ </div>
</body>
</html>
diff --git a/docs/gnulinux/grub_boot_installer.html b/docs/gnulinux/grub_boot_installer.html
index 8a5a8f8..3a99d00 100644
--- a/docs/gnulinux/grub_boot_installer.html
+++ b/docs/gnulinux/grub_boot_installer.html
@@ -12,144 +12,168 @@
</head>
<body>
- <header>
+ <div class="section">
<h1>Boot a GNU/Linux installer on USB</h1>
- <aside>Or <a href="index.html">back to main index</a></aside>
- </header>
-
- <h2>Prepare the USB drive (in GNU/Linux)</h2>
-
- <p>
- Connect the USB drive. Check dmesg:<br/>
- <b>$ dmesg</b><br/>
-
- Check lsblk to confirm which drive it is:<br/>
- <b>$ lsblk</b>
- </p>
-
- <p>
- Check that it wasn't automatically mounted. If it was, unmount it. For example:<br/>
- <b>$ sudo umount /dev/sdb*</b><br/>
- <b># umount /dev/sdb*</b>
- </p>
+ <p>
+ <a href="index.html">Back to previous index</a>
+ </p>
+ </div>
- <p>
- dmesg told you what device it is. Overwrite the drive, writing your distro ISO to it with dd. For example:<br/>
- <b>$ sudo dd if=gnulinux.iso of=/dev/sdb bs=8M; sync</b><br/>
- <b># dd if=gnulinux.iso of=/dev/sdb bs=8M; sync</b>
- </p>
+ <div class="section">
- <h2>GNU Guix System Distribution?</h2>
+ <h2>Prepare the USB drive (in GNU/Linux)</h2>
- <p>
- Guix USB installers use the GRUB bootloader, unlike most GNU/Linux installers which will likely use ISOLINUX.
- </p>
- <p>
- To boot the Guix live USB install, select <b><i>Search for GRUB configuration (grub.cfg) outside of CBFS</i></b> from
- the GRUB payload menu. After you have done that, a new menuentry will appear at the very bottom with text like
- <b><i>Load Config from (usb0)</i></b>; select that, and it should boot.
- </p>
- <p>
- Once you have installed Guix onto the main storage device, check
- <a href="grub_cbfs.html#libreboot_grub_config_ondisk">grub_cbfs.html#libreboot_grub_config_ondisk</a> for hints on how
- to boot it.
- </p>
+ <p>
+ Connect the USB drive. Check dmesg:<br/>
+ <b>$ dmesg</b><br/>
- <h2>Booting ISOLINUX images</h2>
+ Check lsblk to confirm which drive it is:<br/>
+ <b>$ lsblk</b>
+ </p>
- <p>
- Boot it in GRUB using the <i>Parse ISOLINUX config (USB)</i> option.
+ <p>
+ Check that it wasn't automatically mounted. If it was, unmount it. For example:<br/>
+ <b>$ sudo umount /dev/sdb*</b><br/>
+ <b># umount /dev/sdb*</b>
+ </p>
- A new menu should appear in GRUB, showing the boot options for that distro; this is a GRUB menu, converted from the usual
- ISOLINUX menu provided by that distro.
- </p>
+ <p>
+ dmesg told you what device it is. Overwrite the drive, writing your distro ISO to it with dd. For example:<br/>
+ <b>$ sudo dd if=gnulinux.iso of=/dev/sdb bs=8M; sync</b><br/>
+ <b># dd if=gnulinux.iso of=/dev/sdb bs=8M; sync</b>
+ </p>
+
+ </div>
- <h2>Booting manually</h2>
-
- <p>
- If the ISOLINUX parser or <i>Search for GRUB configuration</i> options won't work, then press C to get to the GRUB command line.<br/>
- grub&gt; <b>ls</b><br/>
-
- Get the device from above output, eg (usb0). Example:<br/>
- grub&gt; <b>cat (usb0)/isolinux/isolinux.cfg</b><br/>
+ <div class="section">
+
+ <h2>GNU Guix System Distribution?</h2>
- Either this will show the ISOLINUX menuentries for that ISO, or link to other .cfg files, for example /isolinux/foo.cfg.<br/>
+ <p>
+ Guix USB installers use the GRUB bootloader, unlike most GNU/Linux installers which will likely use ISOLINUX.
+ </p>
+ <p>
+ To boot the Guix live USB install, select <b><i>Search for GRUB configuration (grub.cfg) outside of CBFS</i></b> from
+ the GRUB payload menu. After you have done that, a new menuentry will appear at the very bottom with text like
+ <b><i>Load Config from (usb0)</i></b>; select that, and it should boot.
+ </p>
+ <p>
+ Once you have installed Guix onto the main storage device, check
+ <a href="grub_cbfs.html#libreboot_grub_config_ondisk">grub_cbfs.html#libreboot_grub_config_ondisk</a> for hints on how
+ to boot it.
+ </p>
+
+ </div>
- If it did that, then you do:<br/>
- grub&gt; <b>cat (usb0)/isolinux/foo.cfg</b><br/>
+ <div class="section">
+
+ <h2>Booting ISOLINUX images</h2>
- And so on, until you find the correct menuentries for ISOLINUX.
- </p>
+ <p>
+ Boot it in GRUB using the <i>Parse ISOLINUX config (USB)</i> option.
- <p>
- Now look at the ISOLINUX menuentry. It'll look like:<br/>
- <b>
- kernel /path/to/kernel<br/>
- append PARAMETERS initrd=/path/to/initrd MAYBE_MORE_PARAMETERS<br/>
- </b>
-
- GRUB works the same way, but in it's own way. Example GRUB commands:<br/>
- grub&gt; <b>linux (usb0)/path/to/kernel PARAMETERS MAYBE_MORE_PARAMETERS</b><br/>
- grub&gt; <b>initrd (usb0)/path/to/initrd</b><br/>
- grub&gt; <b>boot</b><br/>
-
- Of course this will vary from distro to distro. If you did all that correctly, it should now be booting the ISO
- the way you specified.
- </p>
+ A new menu should appear in GRUB, showing the boot options for that distro; this is a GRUB menu, converted from the usual
+ ISOLINUX menu provided by that distro.
+ </p>
+
+ </div>
+
+ <div class="section">
+
+ <h2>Booting manually</h2>
- <h1>Troubleshooting</h1>
+ <p>
+ If the ISOLINUX parser or <i>Search for GRUB configuration</i> options won't work, then press C to get to the GRUB command line.<br/>
+ grub&gt; <b>ls</b><br/>
- <p>
- Most of these issues occur when using libreboot with coreboot's 'text mode' instead of the coreboot framebuffer.
- This mode is useful for booting payloads like memtest86+ which expect text-mode, but for GNU/Linux distributions
- it can be problematic when they are trying to switch to a framebuffer because it doesn't exist.
- </p>
+ Get the device from above output, eg (usb0). Example:<br/>
+ grub&gt; <b>cat (usb0)/isolinux/isolinux.cfg</b><br/>
- <p>
- In most cases, you should use the vesafb ROM's. Example filename: libreboot_ukdvorak_vesafb.rom.
- </p>
+ Either this will show the ISOLINUX menuentries for that ISO, or link to other .cfg files, for example /isolinux/foo.cfg.<br/>
- <h2>parabola won't boot in text-mode</h2>
+ If it did that, then you do:<br/>
+ grub&gt; <b>cat (usb0)/isolinux/foo.cfg</b><br/>
- <p>
- Use one of the ROM images with vesafb in the filename (uses coreboot framebuffer instead of text-mode).
+ And so on, until you find the correct menuentries for ISOLINUX.
</p>
- <h2>debian-installer (trisquel net install) graphical corruption in text-mode</h2>
<p>
- When using the ROM images that use coreboot's &quot;text mode&quot; instead of the coreboot framebuffer,
- booting the Trisquel net installer results in graphical corruption because it is trying to switch to a framebuffer which doesn't
- exist. Use that kernel parameter on the 'linux' line when booting it:<br/>
- <b>vga=normal fb=false</b>
+ Now look at the ISOLINUX menuentry. It'll look like:<br/>
+ <b>
+ kernel /path/to/kernel<br/>
+ append PARAMETERS initrd=/path/to/initrd MAYBE_MORE_PARAMETERS<br/>
+ </b>
+
+ GRUB works the same way, but in it's own way. Example GRUB commands:<br/>
+ grub&gt; <b>linux (usb0)/path/to/kernel PARAMETERS MAYBE_MORE_PARAMETERS</b><br/>
+ grub&gt; <b>initrd (usb0)/path/to/initrd</b><br/>
+ grub&gt; <b>boot</b><br/>
+
+ Of course this will vary from distro to distro. If you did all that correctly, it should now be booting the ISO
+ the way you specified.
</p>
+
+ </div>
- <p>
- Tested in Trisquel 6 (and 7). This forces debian-installer to start in text-mode, instead of trying to switch to a framebuffer.
- </p>
+ <div class="section">
+
+ <h1>Troubleshooting</h1>
<p>
- If selecting text-mode from a GRUB menu created using the ISOLINUX parser, you can press E on the menu entry to add this.
- Or, if you are booting manually (from GRUB terminal) then just add the parameters.
+ Most of these issues occur when using libreboot with coreboot's 'text mode' instead of the coreboot framebuffer.
+ This mode is useful for booting payloads like memtest86+ which expect text-mode, but for GNU/Linux distributions
+ it can be problematic when they are trying to switch to a framebuffer because it doesn't exist.
</p>
<p>
- This workaround was found on the page: <a href="https://www.debian.org/releases/stable/i386/ch05s04.html">https://www.debian.org/releases/stable/i386/ch05s04.html</a>.
- It should also work for gNewSense, Debian and any other apt-get distro that provides debian-installer (text mode) net install method.
+ In most cases, you should use the vesafb ROM's. Example filename: libreboot_ukdvorak_vesafb.rom.
</p>
-<hr/>
+ <h2>parabola won't boot in text-mode</h2>
+
+ <p>
+ Use one of the ROM images with vesafb in the filename (uses coreboot framebuffer instead of text-mode).
+ </p>
+
+ <h2>debian-installer (trisquel net install) graphical corruption in text-mode</h2>
+ <p>
+ When using the ROM images that use coreboot's &quot;text mode&quot; instead of the coreboot framebuffer,
+ booting the Trisquel net installer results in graphical corruption because it is trying to switch to a framebuffer which doesn't
+ exist. Use that kernel parameter on the 'linux' line when booting it:<br/>
+ <b>vga=normal fb=false</b>
+ </p>
+
+ <p>
+ Tested in Trisquel 6 (and 7). This forces debian-installer to start in text-mode, instead of trying to switch to a framebuffer.
+ </p>
- <p>
- Copyright &copy; 2014 Francis Rowe &lt;info@gluglug.org.uk&gt;<br/>
- This document is released under the Creative Commons Attribution-ShareAlike 4.0 International Public License and all future versions.
- A copy of the license can be found at <a href="../license.txt">../license.txt</a>.
- </p>
+ <p>
+ If selecting text-mode from a GRUB menu created using the ISOLINUX parser, you can press E on the menu entry to add this.
+ Or, if you are booting manually (from GRUB terminal) then just add the parameters.
+ </p>
- <p>
- This document is distributed in the hope that it will be useful,
- but WITHOUT ANY WARRANTY; without even the implied warranty of
- MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See <a href="../license.txt">../license.txt</a> for more information.
- </p>
+ <p>
+ This workaround was found on the page: <a href="https://www.debian.org/releases/stable/i386/ch05s04.html">https://www.debian.org/releases/stable/i386/ch05s04.html</a>.
+ It should also work for gNewSense, Debian and any other apt-get distro that provides debian-installer (text mode) net install method.
+ </p>
+
+ </div>
+
+ <div class="section">
+
+ <p>
+ Copyright &copy; 2014, 2015 Francis Rowe &lt;info@gluglug.org.uk&gt;<br/>
+ This document is released under the Creative Commons Attribution-ShareAlike 4.0 International Public License and all future versions.
+ A copy of the license can be found at <a href="../license.txt">../license.txt</a>.
+ </p>
+
+ <p>
+ This document is distributed in the hope that it will be useful,
+ but WITHOUT ANY WARRANTY; without even the implied warranty of
+ MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See <a href="../license.txt">../license.txt</a> for more information.
+ </p>
+
+ </div>
</body>
</html>
diff --git a/docs/gnulinux/grub_cbfs.html b/docs/gnulinux/grub_cbfs.html
index c22d71d..73cce0c 100644
--- a/docs/gnulinux/grub_cbfs.html
+++ b/docs/gnulinux/grub_cbfs.html
@@ -12,444 +12,467 @@
</head>
<body>
- <header>
+ <div class="section">
<h1 id="pagetop">How to change your default GRUB menu</h1>
- <aside>Or <a href="index.html">back to main index</a></aside>
- </header>
-
- <p>
- Libreboot uses the GRUB <a href="http://www.coreboot.org/Payloads#GRUB_2">payload</a>
- by default, which means that the GRUB configuration file
- (where your GRUB menu comes from) is stored directly alongside libreboot
- and it's GRUB payload executable, inside
- the flash chip. In context, this means that installing distributions and managing them
- is handled slightly differently compared to traditional BIOS systems.
- </p>
-
- <p>
- A libreboot (or coreboot) ROM image is not simply &quot;flat&quot;; there is an actual
- filesystem inside called CBFS (coreboot filesystem). A utility called 'cbfstool'
- allows you to change the contents of the ROM image. In this case, libreboot is configured
- such that the 'grub.cfg' and 'grubtest.cfg' files exists directly inside CBFS instead of
- inside the GRUB payload 'memdisk' (which is itself stored in CBFS).
- </p>
- <p>
- You can either modify
- the GRUB configuration stored in the flash chip, or you can modify a GRUB configuration
- file on the main storage which the libreboot GRUB payload will automatically search for.
- </p>
-
- <p>
- Here is an excellent writeup about CBFS (coreboot filesystem):
- <a href="http://lennartb.home.xs4all.nl/coreboot/col5.html">http://lennartb.home.xs4all.nl/coreboot/col5.html</a>.
- </p>
-
-<hr/>
-
- <h2>Table of Contents</h2>
-
- <ul>
- <li><a href="#getting_started">Getting started</a></li>
- <li><a href="#libreboot_grub_config_ondisk">Don't want to flash a new ROM image?</a></li>
- <li><a href="#build_cbfstool">Build 'cbfstool' from source</a></li>
- <li><a href="#which_rom">Which ROM image should I use?</a></li>
- <li><a href="#extract_grubtest">Extract grubtest from the ROM image</a>
- <li>
- <a href="#example_modifications">Example modifications for <i>grubtest.cfg</i></a>
- <ul>
- <li><a href="#example_modifications_trisquel">Trisquel GNU/Linux-libre</a></li>
- <li><a href="#example_modifications_parabola">Parabola GNU/Linux-libre</a></li>
- </ul>
- </li>
- <li><a href="#reinsert_modified_grubtest">Re-insert the modified grubtest.cfg into the ROM image</a></li>
- <li><a href="#test_it">Test it!</a>
- <li><a href="#final_steps">Final steps</a></li>
- <li><a href="#troubleshooting">Troubleshooting</a></li>
- </ul>
-
-<hr/>
-
- <h2 id="getting_started">Getting started</h2>
+ <p>
+ Libreboot uses the GRUB <a href="http://www.coreboot.org/Payloads#GRUB_2">payload</a>
+ by default, which means that the GRUB configuration file
+ (where your GRUB menu comes from) is stored directly alongside libreboot
+ and it's GRUB payload executable, inside
+ the flash chip. In context, this means that installing distributions and managing them
+ is handled slightly differently compared to traditional BIOS systems.
+ </p>
+ <p>
+ A libreboot (or coreboot) ROM image is not simply &quot;flat&quot;; there is an actual
+ filesystem inside called CBFS (coreboot filesystem). A utility called 'cbfstool'
+ allows you to change the contents of the ROM image. In this case, libreboot is configured
+ such that the 'grub.cfg' and 'grubtest.cfg' files exists directly inside CBFS instead of
+ inside the GRUB payload 'memdisk' (which is itself stored in CBFS).
+ </p>
+ <p>
+ You can either modify
+ the GRUB configuration stored in the flash chip, or you can modify a GRUB configuration
+ file on the main storage which the libreboot GRUB payload will automatically search for.
+ </p>
+ <p>
+ Here is an excellent writeup about CBFS (coreboot filesystem):
+ <a href="http://lennartb.home.xs4all.nl/coreboot/col5.html">http://lennartb.home.xs4all.nl/coreboot/col5.html</a>.
+ </p>
+ <p>
+ <a href="index.html">Back to previous index</a>
+ </p>
+ </div>
- <p>
- Download the latest release from
- <a href="http://libreboot.org/">http://libreboot.org/</a>
- <br/><b>If you downloaded from git, refer to
- <a href="../git/index.html#build_meta">../git/index.html#build_meta</a> before continuing.</b>
- </p>
+ <div class="section">
+
+ <h1>Table of Contents</h1>
+
+ <ul>
+ <li><a href="#getting_started">Getting started</a></li>
+ <li><a href="#libreboot_grub_config_ondisk">Don't want to flash a new ROM image?</a></li>
+ <li><a href="#build_cbfstool">Build 'cbfstool' from source</a></li>
+ <li><a href="#which_rom">Which ROM image should I use?</a></li>
+ <li><a href="#extract_grubtest">Extract grubtest from the ROM image</a>
+ <li>
+ <a href="#example_modifications">Example modifications for <i>grubtest.cfg</i></a>
+ <ul>
+ <li><a href="#example_modifications_trisquel">Trisquel GNU/Linux-libre</a></li>
+ <li><a href="#example_modifications_parabola">Parabola GNU/Linux-libre</a></li>
+ </ul>
+ </li>
+ <li><a href="#reinsert_modified_grubtest">Re-insert the modified grubtest.cfg into the ROM image</a></li>
+ <li><a href="#test_it">Test it!</a>
+ <li><a href="#final_steps">Final steps</a></li>
+ <li><a href="#troubleshooting">Troubleshooting</a></li>
+ </ul>
+
+ </div>
- <p>
- <a href="../git/index.html#build_dependencies">Install the build dependencies</a>.
- </p>
+ <div class="section">
- <p>
- <a href="#pagetop">Back to top of page.</a>
- </p>
+ <h2 id="getting_started">Getting started</h2>
-<hr/>
-
- <h2 id="libreboot_grub_config_ondisk">Don't want to flash a new ROM image?</h2>
+ <p>
+ Download the latest release from
+ <a href="http://libreboot.org/">http://libreboot.org/</a>
+ <br/><b>If you downloaded from git, refer to
+ <a href="../git/index.html#build_meta">../git/index.html#build_meta</a> before continuing.</b>
+ </p>
- <p>
- There are several advantages to modifying the GRUB configuration stored in CBFS, but
- this also means that you have to flash a new libreboot ROM image on your machine (some users
- feel intimidated by this, to say the least).
- Doing so can be risky if not handled correctly, because it can result in a bricked
- machine (recovery is easy if you have the <a href="../install/bbb_setup.html">equipment</a>
- for it, but most people don't). If you aren't up to that then don't worry; it is possible
- to use a custom GRUB menu without flashing a new image, by loading a GRUB configuration
- from a partition on the main storage instead.
- </p>
+ <p>
+ <a href="../git/index.html#build_dependencies">Install the build dependencies</a>.
+ </p>
- <p>
- By default, GRUB in libreboot is configured to scan all partitions on the main storage
- for /boot/grub/libreboot_grub.cfg or /grub/libreboot_grub.cfg(for systems where /boot
- is on a dedicated partition), and then use it automatically.
- </p>
- <p>
- Simply create your custom GRUB configuration and save it to <b>/boot/grub/libreboot_grub.cfg</b>
- on the running system. The next time you boot, GRUB (in libreboot) will automatically switch to
- this configuration file. <b>This means that you do not have to re-flash, recompile or otherwise
- modify libreboot at all!</b>
- </p>
+ <p>
+ <a href="#pagetop">Back to top of page.</a>
+ </p>
+
+ </div>
- <p>
- Ideally, your distribution should automatically generate a libreboot_grub.cfg file that is written
- specifically under the assumption that it will be read and used on a libreboot system that uses
- GRUB as a payload. If your distribution does not do this, then you can try to add that feature
- yourself or politely ask someone involved with or otherwise knowledgeable about the distribution
- to do it for you. The libreboot_grub.cfg could either contain the full configuration, or it could
- chainload another GRUB ELF executable (built to be used as a coreboot payload) that is located in
- a partition on the main storage.
- </p>
+ <div class="section">
- <p>
- If you want to adapt a copy of the existing <i>libreboot</i> GRUB configuration and use that for the libreboot_grub.cfg file, then
- follow <a href="#build_cbfstool">#build_cbfstool</a>, <a href="#which_rom">#which_rom</a> and
- <a href="#extract_grubtest">#extract_grubtest</a> to get the <b><i>grubtest.cfg</i></b>.
- Rename <b><i>grubtest.cfg</i></b> to <b><i>libreboot_grub.cfg</i></b> and save it to <b><i>/boot/grub/</i></b>
- on the running system where it is intended to be used. Modify the file at that location however you see fit,
- and then stop reading this guide (the rest of this page is irrelevant to you); <b>in libreboot_grub.cfg on disk,
- if you are adapting it based on grub.cfg from CBFS then remove the check for libreboot_grub.cfg otherwise it will loop.</b>.
- </p>
-
- <p>
- <a href="#pagetop">Back to top of page.</a>
- </p>
-
-<hr/>
+ <h2 id="libreboot_grub_config_ondisk">Don't want to flash a new ROM image?</h2>
- <h2 id="build_cbfstool">Build 'cbfstool' from source</h2>
-
- <p>
- If you are working with libreboot_src, then you can run <b><i>make</i></b> command in
- libreboot_src/coreboot/util/cbfstool to build the <b><i>cbfstool</i></b> and <b><i>rmodtool</i></b>
- executable.
- </p>
- <p>
- Alternatively if you are working with libreboot_bin, you will find binaries under ./cbfstool/
- </p>
+ <p>
+ There are several advantages to modifying the GRUB configuration stored in CBFS, but
+ this also means that you have to flash a new libreboot ROM image on your machine (some users
+ feel intimidated by this, to say the least).
+ Doing so can be risky if not handled correctly, because it can result in a bricked
+ machine (recovery is easy if you have the <a href="../install/bbb_setup.html">equipment</a>
+ for it, but most people don't). If you aren't up to that then don't worry; it is possible
+ to use a custom GRUB menu without flashing a new image, by loading a GRUB configuration
+ from a partition on the main storage instead.
+ </p>
- <p>
- <a href="#pagetop">Back to top of page.</a>
- </p>
+ <p>
+ By default, GRUB in libreboot is configured to scan all partitions on the main storage
+ for /boot/grub/libreboot_grub.cfg or /grub/libreboot_grub.cfg(for systems where /boot
+ is on a dedicated partition), and then use it automatically.
+ </p>
+ <p>
+ Simply create your custom GRUB configuration and save it to <b>/boot/grub/libreboot_grub.cfg</b>
+ on the running system. The next time you boot, GRUB (in libreboot) will automatically switch to
+ this configuration file. <b>This means that you do not have to re-flash, recompile or otherwise
+ modify libreboot at all!</b>
+ </p>
-<hr/>
+ <p>
+ Ideally, your distribution should automatically generate a libreboot_grub.cfg file that is written
+ specifically under the assumption that it will be read and used on a libreboot system that uses
+ GRUB as a payload. If your distribution does not do this, then you can try to add that feature
+ yourself or politely ask someone involved with or otherwise knowledgeable about the distribution
+ to do it for you. The libreboot_grub.cfg could either contain the full configuration, or it could
+ chainload another GRUB ELF executable (built to be used as a coreboot payload) that is located in
+ a partition on the main storage.
+ </p>
+
+ <p>
+ If you want to adapt a copy of the existing <i>libreboot</i> GRUB configuration and use that for the libreboot_grub.cfg file, then
+ follow <a href="#build_cbfstool">#build_cbfstool</a>, <a href="#which_rom">#which_rom</a> and
+ <a href="#extract_grubtest">#extract_grubtest</a> to get the <b><i>grubtest.cfg</i></b>.
+ Rename <b><i>grubtest.cfg</i></b> to <b><i>libreboot_grub.cfg</i></b> and save it to <b><i>/boot/grub/</i></b>
+ on the running system where it is intended to be used. Modify the file at that location however you see fit,
+ and then stop reading this guide (the rest of this page is irrelevant to you); <b>in libreboot_grub.cfg on disk,
+ if you are adapting it based on grub.cfg from CBFS then remove the check for libreboot_grub.cfg otherwise it will loop.</b>.
+ </p>
- <h2 id="which_rom">Which ROM image should I use?</h2>
+ <p>
+ <a href="#pagetop">Back to top of page.</a>
+ </p>
+
+ </div>
- <p>
- You can work directly with one of the ROM images already included in the libreboot ROM archives. For the purpose of
- this tutorial it is assumed that your ROM image file is named <i>libreboot.rom</i>, so please make sure to adapt.
- </p>
+ <div class="section">
- <p>
- If you want to re-use the ROM that you currently have flashed (and running) then see
- <a href="../git/index.html#build_flashrom">../git/index.html#build_flashrom</a>
- and then run:<br/>
- <b>$ sudo ./flashrom -p internal -r libreboot.rom</b><br/>
- Notice that this is using <b>&quot;-r&quot;</b> (read) instead of <b>&quot;-w&quot;</b> (write).
- This will create a dump (copy) of your current firmware and name it <b>libreboot.rom</b>.
- You need to take ownership of the file. For example:<br/>
- <b>$ sudo chown yourusername:yourusername libreboot.rom</b><br/>
- <b># chown yourusername:yourusername libreboot.rom</b>
- </p>
+ <h2 id="build_cbfstool">Build 'cbfstool' from source</h2>
- <p>
- If you currently have flashed a ROM image from an older version, it is recommended to update first:
- basically, modify one of the latest ROM images and then flash it.
- </p>
+ <p>
+ If you are working with libreboot_src, then you can run <b><i>make</i></b> command in
+ libreboot_src/coreboot/util/cbfstool to build the <b><i>cbfstool</i></b> and <b><i>rmodtool</i></b>
+ executable.
+ </p>
+ <p>
+ Alternatively if you are working with libreboot_bin, you will find binaries under ./cbfstool/
+ </p>
- <p>
- <a href="#pagetop">Back to top of page.</a>
- </p>
+ <p>
+ <a href="#pagetop">Back to top of page.</a>
+ </p>
+
+ </div>
-<hr/>
+ <div class="section">
- <h2 id="extract_grubtest">Extract grubtest.cfg from the ROM image</h2>
+ <h2 id="which_rom">Which ROM image should I use?</h2>
- <p>
- Display contents of ROM:<br/>
- <b>$ ./cbfstool libreboot.rom print</b>
- </p>
+ <p>
+ You can work directly with one of the ROM images already included in the libreboot ROM archives. For the purpose of
+ this tutorial it is assumed that your ROM image file is named <i>libreboot.rom</i>, so please make sure to adapt.
+ </p>
- <p>
- The libreboot.rom file contains your <i>grub.cfg</i> and <i>grubtest.cfg</i> files.
- You should extract, modify and re-insert the copy first. grub.cfg will load first,
- but it has a menu entry for switching to the copy (grubtest.cfg).
- This reduces your chance of making a mistake that could make your machine unbootable (or very hard to boot).
- </p>
+ <p>
+ If you want to re-use the ROM that you currently have flashed (and running) then see
+ <a href="../git/index.html#build_flashrom">../git/index.html#build_flashrom</a>
+ and then run:<br/>
+ <b>$ sudo ./flashrom -p internal -r libreboot.rom</b><br/>
+ Notice that this is using <b>&quot;-r&quot;</b> (read) instead of <b>&quot;-w&quot;</b> (write).
+ This will create a dump (copy) of your current firmware and name it <b>libreboot.rom</b>.
+ You need to take ownership of the file. For example:<br/>
+ <b>$ sudo chown yourusername:yourusername libreboot.rom</b><br/>
+ <b># chown yourusername:yourusername libreboot.rom</b>
+ </p>
- <p>
- Extract grubtest.cfg from the ROM image:<br/>
- <b>$ ./cbfstool libreboot.rom extract -n grubtest.cfg -f grubtest.cfg</b>
- </p>
+ <p>
+ If you currently have flashed a ROM image from an older version, it is recommended to update first:
+ basically, modify one of the latest ROM images and then flash it.
+ </p>
- <p>
- Now you have a grubtest.cfg in cbfstool directory. Edit it however you wish.
- </p>
+ <p>
+ <a href="#pagetop">Back to top of page.</a>
+ </p>
+
+ </div>
- <p>
- <a href="#pagetop">Back to top of page.</a>
- </p>
+ <div class="section">
-<hr/>
+ <h2 id="extract_grubtest">Extract grubtest.cfg from the ROM image</h2>
- <div class="important">
+ <p>
+ Display contents of ROM:<br/>
+ <b>$ ./cbfstool libreboot.rom print</b>
+ </p>
- <h2 id="example_modifications">Example modifications for <i>grubtest.cfg</i></h2>
+ <p>
+ The libreboot.rom file contains your <i>grub.cfg</i> and <i>grubtest.cfg</i> files.
+ You should extract, modify and re-insert the copy first. grub.cfg will load first,
+ but it has a menu entry for switching to the copy (grubtest.cfg).
+ This reduces your chance of making a mistake that could make your machine unbootable (or very hard to boot).
+ </p>
<p>
- These are some common examples of ways in which the grubtest.cfg file can be modified.
+ Extract grubtest.cfg from the ROM image:<br/>
+ <b>$ ./cbfstool libreboot.rom extract -n grubtest.cfg -f grubtest.cfg</b>
</p>
- <h3 id="example_modifications_trisquel">Trisquel GNU/Linux-libre</h3>
+ <p>
+ Now you have a grubtest.cfg in cbfstool directory. Edit it however you wish.
+ </p>
- <p>
- As an example, on my test system in /boot/grub/grub.cfg (on the HDD/SSD) I see for the main menu entry:
- </p>
- <ul>
- <li><b>linux /boot/vmlinuz-3.15.1-gnu.nonpae root=UUID=3a008e14-4871-497b-95e5-fb180f277951 ro crashkernel=384M-2G:64M,2G-:128M quiet splash $vt_handoff</b></li>
- <li><b>initrd /boot/initrd.img-3.15.1-gnu.nonpae</b></li>
- </ul>
+ <p>
+ <a href="#pagetop">Back to top of page.</a>
+ </p>
+
+ </div>
- <p>
- <b>ro</b>, <b>quiet</b>, <b>splash</b>, <b>crashkernel=384M-2G:64M,2G-:128M</b> and
- <b>$vt_handoff</b> can be safely ignored.
- </p>
+ <div class="section">
- <p>
- I use this to get my partition layout:<br/>
- $ <b>lsblk</b>
- </p>
+ <div class="subsection">
- <p>
- In my case, I have no /boot partition, instead /boot is on the same partition as / on sda1.
- Yours might be different. In GRUB terms, sda means ahci0. 1 means msdos1, or gpt1, depending
- on whether I am using MBR or GPT partitioning. Thus, /dev/sda1 is GRUB is (ahci0,msdos1) or
- (ahci0,gpt1). In my case, I use MBR partitioning so it's (ahci0,msdos1).
- 'msdos' is a GRUB name simply because this partitioning type is traditionally used by MS-DOS.
- It doesn't mean that you have a proprietary OS.
- </p>
+ <h2 id="example_modifications">Example modifications for <i>grubtest.cfg</i></h2>
<p>
- Trisquel doesn't keep the filenames of kernels consistent, instead it keeps old kernels and
- new kernel updates are provided with the version in the filename. This can make GRUB payload
- a bit tricky. Fortunately, there are symlinks /vmlinuz and /initrd.img
- so if your /boot and / are on the same partition, you can set GRUB to boot from that.
- These are also updated automatically when installing kernel updates from your distributions
- apt-get repositories.
- <b>
- Note: when using <a href="http://jxself.org/linux-libre">jxself kernel releases</a>,
- these are not updated at all and you have to update them manually.
- </b>
+ These are some common examples of ways in which the grubtest.cfg file can be modified.
</p>
- <p>
- For the GRUB payload grubtest.cfg (in the 'Load Operating System' menu entry), we therefore have (in this example):<br/>
- <b>set root='ahci0,msdos1'</b><br/>
- <b>linux /vmlinuz root=UUID=3a008e14-4871-497b-95e5-fb180f277951</b><br/>
- <b>initrd /initrd.img</b>
- </p>
+ <h3 id="example_modifications_trisquel">Trisquel GNU/Linux-libre</h3>
+
+ <p>
+ As an example, on my test system in /boot/grub/grub.cfg (on the HDD/SSD) I see for the main menu entry:
+ </p>
+ <ul>
+ <li><b>linux /boot/vmlinuz-3.15.1-gnu.nonpae root=UUID=3a008e14-4871-497b-95e5-fb180f277951 ro crashkernel=384M-2G:64M,2G-:128M quiet splash $vt_handoff</b></li>
+ <li><b>initrd /boot/initrd.img-3.15.1-gnu.nonpae</b></li>
+ </ul>
+
+ <p>
+ <b>ro</b>, <b>quiet</b>, <b>splash</b>, <b>crashkernel=384M-2G:64M,2G-:128M</b> and
+ <b>$vt_handoff</b> can be safely ignored.
+ </p>
+
+ <p>
+ I use this to get my partition layout:<br/>
+ $ <b>lsblk</b>
+ </p>
+
+ <p>
+ In my case, I have no /boot partition, instead /boot is on the same partition as / on sda1.
+ Yours might be different. In GRUB terms, sda means ahci0. 1 means msdos1, or gpt1, depending
+ on whether I am using MBR or GPT partitioning. Thus, /dev/sda1 is GRUB is (ahci0,msdos1) or
+ (ahci0,gpt1). In my case, I use MBR partitioning so it's (ahci0,msdos1).
+ 'msdos' is a GRUB name simply because this partitioning type is traditionally used by MS-DOS.
+ It doesn't mean that you have a proprietary OS.
+ </p>
+
+ <p>
+ Trisquel doesn't keep the filenames of kernels consistent, instead it keeps old kernels and
+ new kernel updates are provided with the version in the filename. This can make GRUB payload
+ a bit tricky. Fortunately, there are symlinks /vmlinuz and /initrd.img
+ so if your /boot and / are on the same partition, you can set GRUB to boot from that.
+ These are also updated automatically when installing kernel updates from your distributions
+ apt-get repositories.
+ <b>
+ Note: when using <a href="http://jxself.org/linux-libre">jxself kernel releases</a>,
+ these are not updated at all and you have to update them manually.
+ </b>
+ </p>
+
+ <p>
+ For the GRUB payload grubtest.cfg (in the 'Load Operating System' menu entry), we therefore have (in this example):<br/>
+ <b>set root='ahci0,msdos1'</b><br/>
+ <b>linux /vmlinuz root=UUID=3a008e14-4871-497b-95e5-fb180f277951</b><br/>
+ <b>initrd /initrd.img</b>
+ </p>
+
+ <p>
+ Optionally, you can convert the UUID to its real device name, for example /dev/sda1 in this case.
+ sdX naming isn't very reliable, though, which is why UUID is used for most distributions.
+ </p>
+
+ <p>
+ Alternatively, if your /boot is on a separate partition then you cannot rely on the /vmlinuz and /initrd.img symlinks.
+ Instead, go into /boot and create your own symlinks (update them manually when you install a new kernel update).<br/>
+ $ <b>sudo -s</b><br/>
+ # <b>cd /boot/</b><br/>
+ # <b>rm -rf vmlinuz initrd.img</b><br/>
+ # <b>ln -s <u>kernel</u> ksym</b><br/>
+ # <b>ln -s <u>initrd</u> isym</b><br/>
+ # <b>exit</b>
+ </p>
+
+ <p>
+ Replace the underlined <b>kernel</b> and <b>initrd</b> filenames above with the actual filenames, of course.
+ </p>
+
+ <p>
+ Then your grubtest.cfg menu entry (for payload) becomes like that, for example if / was on sda2 and /boot was on sda1:<br/>
+ <b>set root='ahci0,msdos1'</b><br/>
+ <b>linux /ksym root=/dev/sda2</b><br/>
+ <b>initrd /isym</b>
+ </p>
+
+ <p>
+ There are lots of possible variations so please try to adapt.
+ </p>
+
+ <h3 id="example_modifications_parabola">Parabola GNU/Linux-libre</h3>
+
+ <p>
+ You can basically adapt the above. Note however that Parabola does not keep old kernels still installed, and the file names
+ are always consistent, so you don't need to boot from symlinks, you can just use the real thing directly.
+ </p>
+
+ </div>
- <p>
- Optionally, you can convert the UUID to its real device name, for example /dev/sda1 in this case.
- sdX naming isn't very reliable, though, which is why UUID is used for most distributions.
- </p>
+ <p>
+ <a href="#pagetop">Back to top of page.</a>
+ </p>
+
+ </div>
- <p>
- Alternatively, if your /boot is on a separate partition then you cannot rely on the /vmlinuz and /initrd.img symlinks.
- Instead, go into /boot and create your own symlinks (update them manually when you install a new kernel update).<br/>
- $ <b>sudo -s</b><br/>
- # <b>cd /boot/</b><br/>
- # <b>rm -rf vmlinuz initrd.img</b><br/>
- # <b>ln -s <u>kernel</u> ksym</b><br/>
- # <b>ln -s <u>initrd</u> isym</b><br/>
- # <b>exit</b>
- </p>
+ <div class="section">
- <p>
- Replace the underlined <b>kernel</b> and <b>initrd</b> filenames above with the actual filenames, of course.
- </p>
+ <h2 id="reinsert_modified_grubtest">Re-insert the modified grubtest.cfg into the ROM image</h2>
- <p>
- Then your grubtest.cfg menu entry (for payload) becomes like that, for example if / was on sda2 and /boot was on sda1:<br/>
- <b>set root='ahci0,msdos1'</b><br/>
- <b>linux /ksym root=/dev/sda2</b><br/>
- <b>initrd /isym</b>
- </p>
+ <p>
+ Delete the grubtest.cfg that remained inside the ROM:<br/>
+ <b>$ ./cbfstool libreboot.rom remove -n grubtest.cfg</b>
+ </p>
- <p>
- There are lots of possible variations so please try to adapt.
- </p>
+ <p>
+ Display ROM contents and now you see grubtest.cfg no longer exists there:<br/>
+ <b>$ ./cbfstool libreboot.rom print</b>
+ </p>
- <h3 id="example_modifications_parabola">Parabola GNU/Linux-libre</h3>
+ <p>
+ Add the modified version that you just made:<br/>
+ <b>$ ./cbfstool libreboot.rom add -n grubtest.cfg -f grubtest.cfg -t raw</b>
+ </p>
- <p>
- You can basically adapt the above. Note however that Parabola does not keep old kernels still installed, and the file names
- are always consistent, so you don't need to boot from symlinks, you can just use the real thing directly.
- </p>
+ <p>
+ Now display ROM contents again and see that it exists again:<br/>
+ <b>$ ./cbfstool libreboot.rom print</b>
+ </p>
+ <p>
+ <a href="#pagetop">Back to top of page.</a>
+ </p>
+
</div>
- <p>
- <a href="#pagetop">Back to top of page.</a>
- </p>
+ <div class="section">
-<hr/>
-
- <h2 id="reinsert_modified_grubtest">Re-insert the modified grubtest.cfg into the ROM image</h2>
-
- <p>
- Delete the grubtest.cfg that remained inside the ROM:<br/>
- <b>$ ./cbfstool libreboot.rom remove -n grubtest.cfg</b>
- </p>
-
- <p>
- Display ROM contents and now you see grubtest.cfg no longer exists there:<br/>
- <b>$ ./cbfstool libreboot.rom print</b>
- </p>
+ <h2 id="test_it">Test it!</h2>
- <p>
- Add the modified version that you just made:<br/>
- <b>$ ./cbfstool libreboot.rom add -n grubtest.cfg -f grubtest.cfg -t raw</b>
- </p>
-
- <p>
- Now display ROM contents again and see that it exists again:<br/>
- <b>$ ./cbfstool libreboot.rom print</b>
- </p>
-
- <p>
- <a href="#pagetop">Back to top of page.</a>
- </p>
+ <p>
+ <b>
+ Now you have a modified ROM. Refer back to <a href="../install/index.html#flashrom">../install/index.html#flashrom</a> for information
+ on how to flash it. Once you have done that, shut down and then boot up with your new test configuration.
+ </b>
+ </p>
-<hr/>
+ <p>
+ Choose (in GRUB) the menu entry that switches to grubtest.cfg. If it works, then your config is safe and you can continue below.
+ </p>
- <h2 id="test_it">Test it!</h2>
+ <p>
+ <b>
+ If it does not work like you want it to, if you are unsure or sceptical in any way,
+ then re-do the steps above until you get it right! Do *not* proceed past this point
+ unless you are 100% sure that your new configuration is safe (or desirable) to use.
+ </b>
+ </p>
- <p>
- <b>
- Now you have a modified ROM. Refer back to <a href="../install/index.html#flashrom">../install/index.html#flashrom</a> for information
- on how to flash it. Once you have done that, shut down and then boot up with your new test configuration.
- </b>
- </p>
+ <p>
+ <a href="#pagetop">Back to top of page.</a>
+ </p>
+
+ </div>
- <p>
- Choose (in GRUB) the menu entry that switches to grubtest.cfg. If it works, then your config is safe and you can continue below.
- </p>
+ <div class="section">
- <p>
- <b>
- If it does not work like you want it to, if you are unsure or sceptical in any way,
- then re-do the steps above until you get it right! Do *not* proceed past this point
- unless you are 100% sure that your new configuration is safe (or desirable) to use.
- </b>
- </p>
+ <h2 id="final_steps">Final steps</h2>
- <p>
- <a href="#pagetop">Back to top of page.</a>
- </p>
+ <p>
+ Create a copy of grubtest.cfg, called grub.cfg, which is the same except for one difference:
+ change the menuentry 'Switch to grub.cfg' to 'Switch to grubtest.cfg' and inside it,
+ change all instances of grub.cfg to grubtest.cfg. This is so that the main config still
+ links (in the menu) to grubtest.cfg, so that you don't have to manually switch to it, in
+ case you ever want to follow this guide again in the future (modifying the already modified config)<br/>
+ $ <b>sed -e 's:(cbfsdisk)/grub.cfg:(cbfsdisk)/grubtest.cfg:g' -e 's:Switch to grub.cfg:Switch to grubtest.cfg:g' &lt; grubtest.cfg &gt; grub.cfg</b><br/>
+ </p>
-<hr/>
+ <p>
+ Delete the grub.cfg that remained inside the ROM:<br/>
+ <b>$ ./cbfstool libreboot.rom remove -n grub.cfg</b>
+ </p>
- <h2 id="final_steps">Final steps</h2>
+ <p>
+ Display ROM contents and now you see grub.cfg no longer exists there:<br/>
+ <b>$ ./cbfstool libreboot.rom print</b>
+ </p>
- <p>
- Create a copy of grubtest.cfg, called grub.cfg, which is the same except for one difference:
- change the menuentry 'Switch to grub.cfg' to 'Switch to grubtest.cfg' and inside it,
- change all instances of grub.cfg to grubtest.cfg. This is so that the main config still
- links (in the menu) to grubtest.cfg, so that you don't have to manually switch to it, in
- case you ever want to follow this guide again in the future (modifying the already modified config)<br/>
- $ <b>sed -e 's:(cbfsdisk)/grub.cfg:(cbfsdisk)/grubtest.cfg:g' -e 's:Switch to grub.cfg:Switch to grubtest.cfg:g' &lt; grubtest.cfg &gt; grub.cfg</b><br/>
- </p>
+ <p>
+ Add the modified version that you just made:<br/>
+ <b>$ ./cbfstool libreboot.rom add -n grub.cfg -f grub.cfg -t raw</b>
+ </p>
- <p>
- Delete the grub.cfg that remained inside the ROM:<br/>
- <b>$ ./cbfstool libreboot.rom remove -n grub.cfg</b>
- </p>
+ <p>
+ Now display ROM contents again and see that it exists again:<br/>
+ <b>$ ./cbfstool libreboot.rom print</b>
+ </p>
- <p>
- Display ROM contents and now you see grub.cfg no longer exists there:<br/>
- <b>$ ./cbfstool libreboot.rom print</b>
- </p>
+ <p>
+ <b>
+ Now you have a modified ROM. Refer back to <a href="../install/index.html#flashrom">../install/index.html#flashrom</a> for information
+ on how to flash it. Once you have done that, shut down and then boot up with your new configuration.
+ </b>
+ </p>
- <p>
- Add the modified version that you just made:<br/>
- <b>$ ./cbfstool libreboot.rom add -n grub.cfg -f grub.cfg -t raw</b>
- </p>
+ <p>
+ <a href="#pagetop">Back to top of page.</a>
+ </p>
+
+ </div>
- <p>
- Now display ROM contents again and see that it exists again:<br/>
- <b>$ ./cbfstool libreboot.rom print</b>
- </p>
+ <div class="section">
- <p>
- <b>
- Now you have a modified ROM. Refer back to <a href="../install/index.html#flashrom">../install/index.html#flashrom</a> for information
- on how to flash it. Once you have done that, shut down and then boot up with your new configuration.
- </b>
- </p>
+ <h2 id="troubleshooting">Troubleshooting</h2>
- <p>
- <a href="#pagetop">Back to top of page.</a>
- </p>
+ <p>
+ A user reported that segmentation faults occur with cbfstool
+ when using this procedure depending on the size of the grub.cfg being re-insterted.
+ In his case, a minimum size of 857 bytes was required. This could (at the time of
+ this release) be a bug in cbfstool that should be investigated with the coreboot
+ community. If cbfstool segfaults, then keep this in mind. 'strace' (or gdb? clang?)
+ could be used for debugging. This was in libreboot 5th release (based on coreboot
+ from late 2013), and I'm not sure if the issue persists in the current releases.
+ I have not been able to reproduce it. strace (from that user) is here:
+ <a href="cbfstool_libreboot5_strace">cbfstool_libreboot5_strace</a>.
+ The issue has been reported by a few users, so it does not happen all the time:
+ this bug (if it still exists) could (should) be reproduced.
+ </p>
-<hr/>
+ <p>
+ <a href="#pagetop">Back to top of page.</a>
+ </p>
+
+ </div>
- <h2 id="troubleshooting">Troubleshooting</h2>
+ <div class="section">
<p>
- A user reported that segmentation faults occur with cbfstool
- when using this procedure depending on the size of the grub.cfg being re-insterted.
- In his case, a minimum size of 857 bytes was required. This could (at the time of
- this release) be a bug in cbfstool that should be investigated with the coreboot
- community. If cbfstool segfaults, then keep this in mind. 'strace' (or gdb? clang?)
- could be used for debugging. This was in libreboot 5th release (based on coreboot
- from late 2013), and I'm not sure if the issue persists in the current releases.
- I have not been able to reproduce it. strace (from that user) is here:
- <a href="cbfstool_libreboot5_strace">cbfstool_libreboot5_strace</a>.
- The issue has been reported by a few users, so it does not happen all the time:
- this bug (if it still exists) could (should) be reproduced.
+ Copyright &copy; 2014, 2015 Francis Rowe &lt;info@gluglug.org.uk&gt;<br/>
+ This document is released under the Creative Commons Attribution-ShareAlike 4.0 International Public License and all future versions.
+ A copy of the license can be found at <a href="../license.txt">../license.txt</a>.
</p>
<p>
- <a href="#pagetop">Back to top of page.</a>
+ This document is distributed in the hope that it will be useful,
+ but WITHOUT ANY WARRANTY; without even the implied warranty of
+ MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See <a href="../license.txt">../license.txt</a> for more information.
</p>
-
-<hr/>
-
- <p>
- Copyright &copy; 2014, 2015 Francis Rowe &lt;info@gluglug.org.uk&gt;<br/>
- This document is released under the Creative Commons Attribution-ShareAlike 4.0 International Public License and all future versions.
- A copy of the license can be found at <a href="../license.txt">../license.txt</a>.
- </p>
-
- <p>
- This document is distributed in the hope that it will be useful,
- but WITHOUT ANY WARRANTY; without even the implied warranty of
- MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See <a href="../license.txt">../license.txt</a> for more information.
- </p>
+
+ </div>
</body>
</html>
diff --git a/docs/gnulinux/index.html b/docs/gnulinux/index.html
index c384575..e58639d 100644
--- a/docs/gnulinux/index.html
+++ b/docs/gnulinux/index.html
@@ -13,39 +13,45 @@
<body>
- <h1 id="pagetop">GNU/Linux distributions</h1>
+ <div class="section">
+
+ <h1 id="pagetop">GNU/Linux distributions</h1>
+ <p>
+ This section relates to dealing with GNU/Linux distributions: preparing bootable USB drives,
+ changing the default GRUB menu and so on.
+ </p>
+ <p>
+ <a href="../index.html">Back to previous index</a>.
+ </p>
+ <ul>
+ <li><a href="grub_boot_installer.html">How to install a GNU/Linux distribution</a></li>
+ <li><a href="grub_cbfs.html">How to change your default GRUB menu</a></li>
+ <li>
+ <a href="encrypted_parabola.html">Installing Parabola GNU/Linux-libre with full disk encryption (including /boot)</a>
+ <ul>
+ <li>Follow-up tutorial: <a href="configuring_parabola.html">Configuring Parabola (post-install)</a></li>
+ </ul>
+ </li>
+ <li><a href="encrypted_trisquel.html">Installing Trisquel GNU/Linux-libre with full disk encryption (including /boot)</a></li>
+ </ul>
+
+ </div>
+
+ <div class="section">
+
<p>
- This section relates to dealing with GNU/Linux distributions: preparing bootable USB drives,
- changing the default GRUB menu and so on.
+ Copyright &copy; 2014, 2015 Francis Rowe &lt;info@gluglug.org.uk&gt;<br/>
+ This document is released under the Creative Commons Attribution-ShareAlike 4.0 International Public License and all future versions.
+ A copy of the license can be found at <a href="../license.txt">../license.txt</a>.
</p>
+
<p>
- Or <a href="../index.html">Back to main index</a>.
+ This document is distributed in the hope that it will be useful,
+ but WITHOUT ANY WARRANTY; without even the implied warranty of
+ MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See <a href="../license.txt">../license.txt</a> for more information.
</p>
- <ul>
- <li><a href="grub_boot_installer.html">How to install a GNU/Linux distribution</a></li>
- <li><a href="grub_cbfs.html">How to change your default GRUB menu</a></li>
- <li>
- <a href="encrypted_parabola.html">Installing Parabola GNU/Linux-libre with full disk encryption (including /boot)</a>
- <ul>
- <li>Follow-up tutorial: <a href="configuring_parabola.html">Configuring Parabola (post-install)</a></li>
- </ul>
- </li>
- <li><a href="encrypted_trisquel.html">Installing Trisquel GNU/Linux-libre with full disk encryption (including /boot)</a></li>
- </ul>
-
-<hr/>
-
- <p>
- Copyright &copy; 2014 Francis Rowe &lt;info@gluglug.org.uk&gt;<br/>
- This document is released under the Creative Commons Attribution-ShareAlike 4.0 International Public License and all future versions.
- A copy of the license can be found at <a href="../license.txt">../license.txt</a>.
- </p>
-
- <p>
- This document is distributed in the hope that it will be useful,
- but WITHOUT ANY WARRANTY; without even the implied warranty of
- MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See <a href="../license.txt">../license.txt</a> for more information.
- </p>
+
+ </div>
</body>
</html>
generated by cgit v0.9.1 at 2024-07-01 06:24:45 (EDT)