Creation of i18n folder containing translations of the libreboot project. Added french one, not finished.

9 files changed, 2711 insertions, 0 deletions

diff --git a/i18n/fr_FR/docs/gnulinux/configuring_parabola.md b/i18n/fr_FR/docs/gnulinux/configuring_parabola.md
new file mode 100644
index 00000000..935ff099
--- /dev/null
+++ b/i18n/fr_FR/docs/gnulinux/configuring_parabola.md
@@ -0,0 +1,526 @@
+---
+title: Configuring Parabola (Post-Install)
+x-toc-enable: true
+...
+
+This is the guide for setting up Parabola GNU+Linux-Libre, after completing
+the installation steps outlined in [Installing Parabola or Arch GNU+Linux-Libre with Full-Disk Encryption (including /boot)](encrypted_parabola.md).
+It will cover installing and configuring a graphical desktop environment,
+as well as some applications that make the system more user friendly.
+
+For this example, we chose the *MATE Desktop Environment* as our graphical interface.
+
+*This guide was valid on 2017-06-02. If you see any changes that should
+to be made at the present date, please get in touch with the Libreboot
+project (or [make those changes yourself](https://libreboot.org/git.html#editing-the-website-and-documentation-wiki-style))!*
+
+While Parabola can seem daunting at first glance (especially for new GNU+Linux users),
+with a simple guide, it can provide all the same usability
+as any Debian-based GNU+Linux distribution (e.g., Trisquel, Debian, and Devuan),
+without hiding any details from the user.
+
+Paradoxically, as you get more advanced, Parabola can actually become
+*easier to use*, when you want to set up your system in a special way,
+compared to what most distributions provide. You will find over time
+that other distributions tend to *get in your way*.
+
+A lot of the steps in this guide will refer to ArchWiki. Arch is
+the upstream distribution that Parabola uses. Most of this guide will
+also tell you to read wiki articles, other pages, manuals, and so on. In
+general, it tries to cherry-pick the most useful information, but
+nonetheless, you are encouraged to learn as much as possible.
+
+**NOTE: It might take you a few days to fully install your system how you like,
+depending on how much you need to read. Patience is key, especially for new users.**
+
+The ArchWiki will sometimes use bad language, such as calling the whole
+system Linux, using the term **open-source**/**closed-source**,
+and it will sometimes recommend the use of proprietary software.
+You need to be careful about this when reading anything on ArchWiki.
+
+Some of these steps require internet access. To get initial access
+for setting up the system (I'll go into networking later),
+just connect your system to a router, via an ethernet cable,
+and run the following command:
+
+    # systemctl start dhcpcd.service
+
+You can stop it later (if needed), by using systemd's `stop` option:
+
+    # systemctl stop dhcpcd.service
+
+For most people, this should be enough, but if you don't have DHCP enabled
+on your network, then you should setup your network connection first:
+[Set Up Network Connection in Parabola](#network).
+
+## Configure pacman
+`pacman` (*pac*kage *man*ager) is the name of the package management system
+in Arch, which Parabola (as a deblobbed, parallel effort) also uses.
+Like with `apt-get` on Trisquel, Debian, or Devuan, this can be used to
+add, remove, and update the software on your computer.
+
+For more information related to `pacman`, review the following articles on the Arch Wiki:
+
+*    [Configuring pacman](https://wiki.parabolagnulinux.org/Installation_Guide#Configure_pacman)
+*    [Using pacman](https://wiki.archlinux.org/index.php/Pacman)
+*    [Additional Repositories](https://wiki.parabolagnulinux.org/Official_Repositories)
+
+## Updating Parabola
+Parabola is kept up-to-date, using `pacman`. When you are updating Parabola,
+make sure to refresh the package list, *before* installing any new updates:
+
+    # pacman -Syy
+
+**NOTE: According to the Wiki,** `-Syy` **is better than** `-Sy` **, because it refreshes
+the package list (even if it appears to be up-to-date), which can be useful
+when switching to another mirror.**
+
+Then, actually update the system:
+
+    # pacman -Syu
+
+**NOTE: Before installing packages with** `pacman -S`**, always update first,
+using the two commands above.**
+
+Keep an eye out on the output, or read it in **/var/log/pacman.log**.
+Sometimes, `pacman` will show messages about maintenance steps that you
+will need to perform with certain files (typically configurations) after
+the update. Also, you should check both the [Parabola home page](https://www.parabola.nu/) and [Arch home page](https://www.archlinux.org/),
+to see if they mention any issues. If a new kernel is installed, you should also
+update to be able to use it (the currently running kernel will also be fine).
+
+It's generally good enough to update Parabola once every week, or maybe twice.
+As a rolling release distribution, it's a never a good idea to leave your installation
+too outdated. This is simply because of the way the project works;
+old packages are deleted from the repositories quickly, once they are updated.
+A system that hasn't been updated for quite a while will mean potentially more
+reading of previous posts through the website, and more maintenance work.
+
+The Arch forum can also be useful, if others have the same issue as you.
+The *Parabola* IRC channel ([**\#parabola**](https://webchat.freenode.net/) on freenode) can also help you.
+
+Due to this, and the volatile nature of Parabola/Arch, you should only
+update when you have at least a couple hours of spare time, in case of
+issues that need to be resolved. You should never update, for example,
+if you need your system for an important event, like a presentation, or
+sending an email to an important person before an allocated deadline,
+and so on.
+
+Relax! Packages are well-tested, when new updates are made to
+the repositories; separate 'testing' repositories exist for this exact
+reason. Despite what many people may tell you, Parabola is fairly
+stable and trouble-free, so long as you are aware of how to check for
+issues, and are willing to spend some time fixing issues, in the rare
+event that they do occur (this is why Arch/Parabola provide such extensive documenatation).
+
+## Maintaining Parabola
+Parabola is a very simple distro, in the sense that you are in full
+control, and everything is made transparent to you. One consequence is
+that you also need to know what you are doing, and what you have done
+before. In general, keeping notes (such as what I have done with this
+page) can be very useful as a reference in the future (e.g, if you wanted to
+re-install it, or install the distro on another computer).
+
+You should also read the ArchWiki article on [System Maintenance](https://wiki.archlinux.org/index.php/System_maintenance),
+before continuing. Also, read their article on [enhancing system stability](https://wiki.archlinux.org/index.php/Enhance_system_stability).
+This is important, so make sure to read them both!*
+
+Install `smartmontools`; it can be used to check smart data. HDDs use
+non-free firmware inside; it's transparent to you, but the smart
+data comes from it. Therefore, don't rely on it too much), and then read
+the ArchWiki [article](https://wiki.archlinux.org/index.php/S.M.A.R.T.) on it, to learn how to use it:
+
+    # pacman -S smartmontools
+
+### Cleaning the Package Cache
+*This section provides a brief overview of how to manage the directory that stores
+a cache of all downloaded packages. For more information,
+check out the Arch Wiki guide for [Cleaning the Package Cache](https://wiki.archlinux.org/index.php/Pacman#Cleaning_the_package_cache).*
+
+Here's how to use `pacman`, to clean out all old packages that are cached:
+
+    # pacman -Sc
+
+The Wiki cautions that this should be used with care. For example, since
+older packages are deleted from the repository, if you encounter issues
+and want to revert back to an older package, then it's useful to have the
+caches available. Only do this ,if you are sure that you won't need it.
+
+The Wiki also mentions this method for removing everything from the
+cache, including currently installed packages that are cached:
+
+    # pacman -Scc
+
+This is inadvisable, since it means re-downloading the package again, if
+you wanted to quickly re-install it. This should only be used when disk
+space is at a premium.
+
+### pacman Command Equivalents
+If you are coming from another GNU+Linux distribution, you probably want to know
+the command equivalents for the various `apt-get`-related commands that you often use.
+For that information, refer to [Pacman/Rosetta](https://wiki.archlinux.org/index.php/Pacman/Rosetta),
+so named, because it serves as a Rosetta Stone to the esoteric pacman language.
+
+## your-freedom
+`your-freedom` is a package specific to Parabola, and it is installed by
+default. What it does is conflict with packages from Arch that are known
+to be non-free (proprietary) software. When migrating from Arch (there
+is a guide on the Parabola wiki for migrating (i.e,. converting) an existing
+Arch system to a Parabola system), installing it will also
+fail, if these packages are installed, citing them as conflicts; the
+recommended solution is then to delete the offending packages, and
+continue installing `your-freedom`.
+
+## Add a User
+This is based on the Arch Wiki guide to [Users and Groups](https://wiki.archlinux.org/index.php/Users_and_Groups).
+
+It is important (for security reasons) to create and use a non-root
+(non-admin) user account for everyday use. The default **root** account
+is intended only for critical administrative work, since it has complete
+access to the entire operating system.
+
+Read the entire document linked to above, and then continue.
+
+Add your user with the `useradd` command (self explanatory):
+
+    # useradd -m -G wheel -s /bin/bash *your_user_name*
+
+Set a password, using `passwd`:
+
+    # passwd *your_user_name*
+
+Like with the installation of Parabola, use of the [*diceware method*](http://world.std.com/~reinhold/diceware.html) is recommended,
+for generating secure passphrases.
+
+### Configure sudo
+Now that we have a normal user account, we'll want to configure `sudo`,
+so that user is able to run commands as **root** (e.g., installing software);
+this will be necessary to flash the ROM later on. Refer to ArchWiki's [sudo](https://wiki.archlinux.org/index.php/Sudo) documentation.
+
+The first step is to install the `sudo` package:
+
+    # pacman -S sudo
+
+After installation, we must configure it. To do so, we must modify **/etc/sudoers**.
+This file must *always* be modified with the `visudo` command. `visudo` can be
+difficult for beginners to use, so we'll want to edit the file with `nano`,
+but the trick is that we just can't do this:
+
+    # nano /etc/sudoers
+
+Because, this will cause us to edit the file directly, which is not the way
+it was designed to be edited, and could lead to problems with the system.
+Instead, to temporarily allow us to use `nano` to edit the file,
+we need to type this into the terminal:
+
+    # EDITOR=nano visudo
+
+This will open the **/etc/sudoers** file in `nano`, and we can now safely make changes to it.
+
+To give the user we created earlier to ability to use `sudo`, we need to navigate
+to the end of the file, and add this line on the end:
+
+    your_username ALL=(ALL) ALL
+
+Obviously, type in the name of the user you created, instead of **your_username**.
+Save the file, and exit `nano`; your user now has the ability to use `sudo`.
+
+## systemd
+`systemd` is the name of the program for managing services in Parabola;
+It is a good idea to become familiar with it. Read the Arch Wiki article on [systemd](https://wiki.archlinux.org/index.php/systemd),
+as well as their [Basic systemctl usage](https://wiki.archlinux.org/index.php/systemd#Basic_systemctl_usage) article,
+to gain a full understanding. *This is very important! Make sure to read them.*
+
+An example of a **service** could be a VPN (allowing you to connect to an outside network),
+an applet in the system tray that tells you the weather for your city,
+a sound manager (to make sure you can hear sound through speakers or headphones),
+or DHCP (which allows you to get an IP address, to connect to the internet).
+These are just a few examples; there are countless others.
+
+`systemd` is a controversial init system; A [forum post](https://bbs.archlinux.org/viewtopic.php?pid=1149530#p1149530)
+has an explanation behind the Arch development team's decision to use it.
+
+The **manpage** should also help:
+
+    # man systemd
+
+The section on **unit types** is especially useful.
+
+According to the wiki, `systemd's` journal keeps logs of a size up to 10% of the
+total size that your root partition takes up. On a 60GB root, this would mean 6GB.
+That's not exactly practical, and can have performance implications later,
+when the log gets too big. Based on instructions from the wiki,
+I will reduce the total size of the journal to 50MiB (that's what the wiki recommends).
+
+Open **/etc/systemd/journald.conf**, and find this line:
+
+    #SystemMaxUse=
+
+Change it to this:
+
+    SystemMaxUse=50M
+
+Restart `journald`:
+
+    # systemctl restart systemd-journald
+
+The wiki recommends that if the journal gets too large, you can also
+simply delete (`rm -Rf`) everything inside **/var/log/journald**, but
+recommends backing it up. This shouldn't be necessary, since you
+already set the size limit above, and `systemd` will automatically start
+to delete older records, when the journal size reaches it's limit (according to systemd developers).
+
+Finally, the wiki mentions **temporary files**, and the utility for
+managing them.
+
+    # man systemd-tmpfiles
+
+To delete the temporary files, you can use the `clean` option:
+
+    # systemd-tmpfiles --clean
+
+According to the **manpage**, this *"cleans all files and directories with
+an age parameter"*. According to ArchWiki, this reads information
+in **/etc/tmpfiles.d** and **/usr/lib/tmpfiles.d**, to know what actions to perform.
+Therefore, it is a good idea to read what's stored in these locations, to get a better understanding.
+
+I looked in **/etc/tmpfiles.d/** and found that it was empty on my system.
+However, **/usr/lib/tmpfiles.d** contained some files. The first one was
+**etc.conf**, containing information and a reference to this **manpage**:
+
+    # man tmpfiles.d
+
+Read that **manpage**, and then continue studying all the files.
+
+The `systemd` developers tell me that it isn't usually necessary
+to manually touch the `systemd-tmpfiles utility`, at all.
+
+## Interesting Repositories
+In their [kernels](https://wiki.parabolagnulinux.org/Repositories#kernels) article,
+the Parabola wiki mentions a repository called `\[kernels\]`, for custom kernels
+that aren't in the default **base**. It might be worth looking into what is available there,
+depending on your use case.
+
+I enabled it on my system, to see what was in it. Edit **/etc/pacman.conf**,
+and below the **extra** section add:
+
+    [kernels]
+    Include = /etc/pacman.d/mirrorlist*
+
+Now, sync with the newly-added repository:
+
+    # pacman -Syy
+
+Lastly, list all available packages in this repository:
+
+    # pacman -Sl kernels
+
+In the end, I decided not to install anything from it,
+but I kept the repository enabled regardless.
+
+## Setup a Network Connection in Parabola
+Read the ArchWiki guide to [Configuring the Network](https://wiki.archlinux.org/index.php/Configuring_Network).
+
+### Set the Hostname
+This should be the same as the hostname that you set in **/etc/hostname**,
+when installing Parabola. You should also do it with `systemd`.
+If you chose the hostname *parabola*, do it this way:
+
+    # hostnamectl set-hostname parabola
+
+This writes the specified hostname to **/etc/hostname**.
+More information can be found in these **manpages**:
+
+    # man hostname
+    # info hostname
+    # man hostnamectl
+
+Check **/etc/hosts**, to make sure that the hostname that you put in there
+during installation is still on each line:
+
+    127.0.0.1 localhost.localdomain localhost parabola
+    ::1       localhost.localdomain localhost parabola
+
+You'll note that I set both lines; the second line is for IPv6. Since more and
+more ISPs are providing this now, it's good to be have it enabled, just in case.
+
+The `hostname` utility is part of the `inetutils` package, and is in the **core** repository,
+installed by default (as part of the **base** package).
+
+### Network Status
+According to ArchWiki, [udev](https://wiki.archlinux.org/index.php/Udev) should already detect
+the ethernet chipset, and automatically load the driver for it at boot time.
+You can check this in the **Ethernet controller** section, when running the `lspci` command:
+
+    # lspci -v
+
+Look at the remaining sections **Kernel driver in use** and **Kernel modules**.
+In my case, it was as follows:
+
+    Kernel driver in use: e1000e
+    Kernel modules: e1000e
+
+Check that the driver was loaded, by issuing `dmesg | grep module_name`.
+In my case, I did:
+
+    # dmesg | grep e1000e
+
+### Network Device Names
+According to the ArchWiki guide on [Configuring Network Device Names](https://wiki.archlinux.org/index.php/Configuring_Network#Device_names),
+it is important to note that the old interface names that you might be used to
+(e.g., `eth0`, `wlan0`, `wwan0`, etc.), if you come from a distribution like Debian or Trisquel,
+are no longer applicable. Instead, `systemd` creates device names
+starting with `en` (for ethernet), `wl` (for wi-fi), and `ww` (for wwan),
+with a fixed identifier that it automatically generates.
+An example device name for your ethernet chipset would be `enp0s25`,
+and is never supposed to change.
+
+If you want to enable the old names, ArchWiki recommends adding `net.ifnames=0`
+to your kernel parameters (in Libreboot context, this would be accomplished by following
+the instructions in [How to replace the default GRUB configuration file](grub_cbfs.md)).
+
+For background information, read [Predictable Network Interface Names](http://www.freedesktop.org/wiki/Software/systemd/PredictableNetworkInterfaceNames/).
+
+To show what the device names are for your system, run the following command:
+
+    # ls /sys/class/net
+
+[Changing the device names](https://wiki.archlinux.org/index.php/Configuring_Network#Change_device_name) is possible,
+but for the purposes of this guide, there is no reason to do it.
+
+### Network Setup
+Aside from the steps mentioned above, I choose to ignore most of Networking section on the wiki;
+this is because I will be installing the *MATE Desktop Environment*, and thus will
+be using the `NetworkManger` client (with its accompanying applet) to manage the network.
+
+If you wish to choose a different program, here are some other
+[network manager options](https://wiki.archlinux.org/index.php/List_of_applications/Internet#Network_managers)
+that you could use.
+
+## Configuring the Graphical Desktop Environment
+Since we are going with the *MATE Desktop Environment*, we will primarily be following
+the instructions on the [Arch Linux Package Repository](https://wiki.mate-desktop.org/archlinux_custom_repo) page,
+but will also refer to the [General Recommendations](https://wiki.archlinux.org/index.php/General_recommendations#Graphical_user_interface)
+on ArchWiki.
+
+### Installing Xorg
+The first step is to install [**Xorg**](https://wiki.archlinux.org/index.php/Xorg);
+this provides an implementation of the `X Window System`, which is used to provide
+a graphical intefrace in GNU+Linux:
+
+    # pacman -S xorg-server
+
+We also need to install the driver for our hardware. Since I am using a Thinkpad X200,
+I will use `xf86-video-intel`; it should be the same on the other Thinkpads,
+as well as the Macbook 1,1 and 2,1.
+
+    # pacman -S xf86-video-intel
+
+For other systems, you can try:
+
+    # pacman -Ss xf86-video- | less
+
+When this is combined with looking at your `lspci` output, you can determine which
+driver is needed. By default, `Xorg` will revert to `xf86-video-vesa`,
+which is a generic driver, and doesn't provide true hardware acceleration.
+
+Other drivers (not just video) can be found by looking at the `xorg-drivers` group:
+
+    # pacman -Sg xorg-drivers
+
+### Xorg Keyboard Layout
+`xorg` uses a different configuration method for keyboard layouts than Parabola,
+so you will notice that the layout you set in **/etc/vconsole.conf** earlier might
+not actually be the same in `xorg`.
+
+Check ArchWiki's article on [Xorg's keyboard configuration](https://wiki.archlinux.org/index.php/Keyboard_configuration_in_Xorg), for more information.
+
+To see what layout you currently use, try this on a terminal emulator in `xorg`:
+
+    # setxkbmap -print -verbose 10
+
+I'm simply using the default Qwerty (US) keyboard, so there isn't anything I need
+to change here; if you do need to make any changes, ArchWiki recommends two ways
+of doing it: manually updating [configuration files](https://wiki.archlinux.org/index.php/Keyboard_configuration_in_Xorg#Using_X_configuration_files) or using the [localectl](https://wiki.archlinux.org/index.php/Keyboard_configuration_in_Xorg#Using_localectl) command.
+
+### Installing MATE
+Now we have to install the desktop environment itself. According to the Arch Linux Package Repository,
+if we want all of the MATE Desktop, we need to install two packages:
+
+    # pacman -Syy mate mate-extra
+
+The last step is to install a Display Manager; for MATE, we will be using `lightdm`
+(it's the recommended Display Manager for the MATE Desktop); for this, we'll folow the instructions [on the MATE wiki](https://wiki.mate-desktop.org/archlinux_custom_repo#display_manager_recommended),
+with one small change: the `lightdm-gtk3-greeter` package doesn't exist in Parabola's repositories.
+So, instead we will install the `lightdm-gtk-greeter` package; it performs the same function.
+
+We'll also need the `accountsservice` package, which gives us the login window itself: 
+
+    # pacman -Syy lightdm-gtk3-greeter accountsservice
+
+After installing all the required packages, we need to make it so that the MATE Desktop Environment
+will start automatically, whenever we boot our computer; to do this, we have to enable the display manager, `lightdm`,
+as well as the service that will prompt us with a login window, `accounts-daemon`:
+
+    # systemctl enable lightdm
+    # systemctl enable accounts-daemon
+
+Now you have installed the *MATE Desktop Environment*,If you wanted
+to install another desktop environment, check out some [other options](https://wiki.archlinux.org/index.php/Desktop_environment) on ArchWiki.
+
+### Configuring Network Manager in MATE
+Now that we have installed the Mate Desktop environment, and booted into it,
+we need to set up the network configuration in our graphical environment.
+
+The MATE Desktop wiki recommends that we use Network Manager; an
+article about Network Manager can be found
+[on ArchWiki](https://wiki.archlinux.org/index.php/NetworkManager).
+
+We need to install the NetworkManager package:
+
+    # pacman -S networkmanager
+
+We will also need the Network Manager applet, which will allow us to manage our 
+networks from the system tray:
+
+    # pacman -S network-manager-applet
+
+Finally, we need to start the service (if we want to use it now), or enable it,
+(so that it will activate automatically, at startup).
+
+    # systemctl enable NetworkManager.service
+
+If you need VPN support, you will also want to install the `networkmanager-openvpn` package.
+
+**NOTE: You do not want multiple networking services running at the same time;
+they will conflict, so, if using Network Manager, you want to stop/disable any
+others from running. Examples of other services that will probably intefere
+with Network Manager are** `dhcpcd` **and** `wifi-menu`**.**
+
+You can see all currently-running services with this command:
+
+    #  systemctl --type=service
+
+And you can stop them using this command:
+
+    # systemctl stop service_name.service
+
+If you want to disable those services, meaning that you no longer want them to start
+when the computer boots up, you will need to use `systemctl's` `disable` option,
+instead of `stop`.
+
+Now you have a fully-functional graphical environment for your Parabola installation,
+including networking. All you have to do is reboot, and you will be prompted to log in,
+with a familiar graphical login prompt. You can also now, more easily [modify the GRUB configuration](grub_cbfs.md),
+install new applications, and/or make whatever other changes you want to your system.
+
+Copyright © 2014, 2015 Leah Rowe <info@minifree.org>
+
+Copyright © 2017 Elijah Smith <esmith1412@posteo.net>
+
+Permission is granted to copy, distribute and/or modify this document
+under the terms of the GNU Free Documentation License Version 1.3 or any later
+version published by the Free Software Foundation
+with no Invariant Sections, no Front Cover Texts, and no Back Cover Texts.
+A copy of this license is found in [../fdl-1.3.md](../fdl-1.3.md)
+
diff --git a/i18n/fr_FR/docs/gnulinux/encrypted_debian.md b/i18n/fr_FR/docs/gnulinux/encrypted_debian.md
new file mode 100644
index 00000000..23b4503f
--- /dev/null
+++ b/i18n/fr_FR/docs/gnulinux/encrypted_debian.md
@@ -0,0 +1,318 @@
+---
+title: Installing Debian or Devuan GNU+Linux with full disk encryption (including /boot)
+...
+
+This guide is written for the Debian distribution, but it should also
+work for Devuan with the net installer.
+
+Gigabyte GA-G41M-ES2L
+=====================
+
+To boot the Trisquel net installer, make sure to specify fb=false on the linux
+kernel parameters in GRUB. This will boot the installer in text mode instead
+of using a framebuffer.
+
+Moving on...
+============
+
+Libreboot on x86 uses the GRUB
+[payload](http://www.coreboot.org/Payloads#GRUB_2) by default, which
+means that the GRUB configuration file (where your GRUB menu comes from)
+is stored directly alongside libreboot and its GRUB payload executable,
+inside the flash chip. In context, this means that installing
+distributions and managing them is handled slightly differently compared
+to traditional BIOS systems.
+
+On most systems, the /boot partition has to be left unencrypted while
+the others are encrypted. This is so that GRUB, and therefore the
+kernel, can be loaded and executed since the firmware can't open a LUKS
+volume. Not so with libreboot! Since GRUB is already included directly
+as a payload, even /boot can be encrypted. This protects /boot from
+tampering by someone with physical access to the system.
+
+This guide is written for Debian net installer. You can download the ISO
+from the homepage on [debian.org](https://www.debian.org/). Use this on
+the GRUB terminal to boot it from USB (for 64-bit Intel or AMD):
+
+    set root='usb0'
+    linux /install.amd/vmlinuz
+    initrd /install.amd/initrd.gz
+    boot
+    
+If you are on a 32-bit system (e.g. X60):
+
+    set root='usb0'
+    linux /install.386/vmlinuz
+    initrd /install.386/initrd.gz
+    boot
+    
+[This guide](grub_boot_installer.md) shows how to create a boot USB
+drive with the Debian ISO image.
+
+*This guide is only for the GRUB payload. If you use the depthcharge payload,
+ignore this section entirely.*
+
+Note: on some thinkpads, a faulty DVD drive can cause the cryptomount -a step
+during boot to fail. If this happens to you, try removing the drive.
+
+Set a strong user password (lots of lowercase/uppercase, numbers and symbols).
+
+Use of the *diceware method* is recommended, for generating secure passphrases
+(instead of passwords).
+
+When the installer asks you to set up encryption (ecryptfs) for your home
+directory, select 'Yes' if you want to: *LUKS is already secure and performs
+well. Having ecryptfs on top of it will add noticeable performance penalty, for
+little security gain in most use cases. This is therefore optional, and not
+recommended. Choose 'no'.*
+
+*Your user password should be different from the LUKS password which
+you will set later on. Your LUKS password should, like the user
+password, be secure.*
+
+Partitioning
+============
+
+Choose 'Manual' partitioning:
+
+-   Select drive and create new partition table
+-   Single large partition. The following are mostly defaults:
+    -   Use as: physical volume for encryption
+    -   Encryption: aes
+    -   key size: whatever default is given to you
+    -   IV algorithm: whatever default is given to you
+    -   Encryption key: passphrase
+    -   erase data: Yes (only choose 'No' if it's a new drive that
+        doesn't contain your private data)
+
+-   Select 'configure encrypted volumes'
+    -   Create encrypted volumes
+    -   Select your partition
+    -   Finish
+    -   Really erase: Yes
+    -   (erase will take a long time. be patient)
+    -   (if your old system was encrypted, just let this run for about a
+        minute to make sure that the LUKS header is wiped out)
+-   Select encrypted space:
+    -   use as: physical volume for LVM
+    -   Choose 'done setting up the partition'
+-   Configure the logical volume manager:
+    -   Keep settings: Yes
+-   Create volume group:
+    -   Name: `matrix` (use this exact name)
+    -   Select crypto partition
+-   Create logical volume
+    -   select `matrix` (use this exact name)
+    -   name: `rootvol` (use this exact name)
+    -   size: default, minus 2048 MB
+-   Create logical volume
+    -   select `matrix` (use this exact name)
+    -   name: `swap` (user this exact name)
+    -   size: press enter
+
+Further partitioning
+====================
+
+Now you are back at the main partitioning screen. You will simply set
+mountpoints and filesystems to use.
+
+-   LVM LV rootvol
+    -   use as: btrfs
+    -   mount point: /
+    -   done setting up partition
+-   LVM LV swap
+    -   use as: swap area
+    -   done setting up partition
+-   Now you select 'Finished partitioning and write changes to disk'.
+
+Kernel
+======
+
+Installation will ask what kernel you want to use. linux-generic is
+fine.
+
+Tasksel
+=======
+
+For Debian, use the *MATE* option, or one of the others if you want. The
+libreboot project recommends MATE, unless you're saavy enough to choose
+something else.
+
+If you want debian-testing, then you should only select barebones
+options here and change the entries in /etc/apt/sources.list after
+install to point to the new distro, and then run `apt-get update` and
+`apt-get dist-upgrade` as root, then reboot and run `tasksel` as
+root. This is to avoid downloading large packages twice.
+
+NOTE: If you want the latest up to date version of the Linux kernel,
+Debian's kernel is sometimes outdated, even in the testing distro. You
+might consider using [this repository](https://jxself.org/linux-libre/)
+instead, which contains the most up to date versions of the Linux
+kernel. These kernels are also deblobbed, like Debian's kernels, so you
+can be sure that no binary blobs are present.
+
+Postfix configuration
+=====================
+
+If asked, choose *"No Configuration"* here (or maybe you want to
+select something else. It's up to you.)
+
+Install the GRUB boot loader to the master boot record
+======================================================
+
+Choose 'Yes'. It will fail, but don't worry. Then at the main menu,
+choose 'Continue without a bootloader'. You could also choose 'No'.
+Choice is irrelevant here.
+
+*Don't forget to have grub-coreboot package installed, even though installing grub to MBR is irrelevant
+on libreboot system, grub tools are still needed to eg. generate config (`grub-mkconfig`)*
+
+Clock UTC
+=========
+
+Just say 'Yes'.
+
+Booting your system
+===================
+
+At this point, you will have finished the installation. At your GRUB
+payload, press C to get to the command line, and enter:
+
+    grub> cryptomount -a
+    grub> set root='lvm/matrix-rootvol'
+    grub> linux /vmlinuz root=/dev/mapper/matrix-rootvol cryptdevice=/dev/mapper/matrix-rootvol:root
+    grub> initrd /initrd.img
+    grub> boot
+
+ecryptfs
+========
+
+If you didn't encrypt your home directory, then you can safely ignore
+this section.
+
+Immediately after logging in, do that:
+
+    $ sudo ecryptfs-unwrap-passphrase
+
+This will be needed in the future if you ever need to recover your home
+directory from another system, so write it down and keep the note
+somewhere secret. Ideally, you should memorize it and then burn the note
+(or not even write it down, and memorize it still)>
+
+Modify grub.cfg (CBFS)
+======================
+
+Now you need to set it up so that the system will automatically boot,
+without having to type a bunch of commands.
+
+Modify your grub.cfg (in the firmware) [using this
+tutorial](grub_cbfs.md); just change the default menu entry 'Load
+Operating System' to say this inside:
+
+    cryptomount -a
+    set root='lvm/matrix-rootvol'
+    linux /vmlinuz root=/dev/mapper/matrix-rootvol cryptdevice=/dev/mapper/matrix-rootvol:root
+    initrd /initrd.img
+    
+Without specifying a device, the *-a* parameter tries to unlock all
+detected LUKS volumes. You can also specify -u UUID or -a (device).
+
+[Refer to this guide](grub_hardening.md) for further guidance on
+hardening your GRUB configuration, for security purposes.
+
+Flash the modified ROM using [this tutorial](../install/#flashrom).
+
+Troubleshooting
+===============
+
+A user reported issues when booting with a docking station attached on
+an X200, when decrypting the disk in GRUB. The error *AHCI transfer
+timed out* was observed. The workaround was to remove the docking
+station.
+
+Further investigation revealed that it was the DVD drive causing
+problems. Removing that worked around the issue.
+
+    "sudo wodim -prcap" shows information about the drive:
+    Device was not specified. Trying to find an appropriate drive...
+    Detected CD-R drive: /dev/sr0
+    Using /dev/cdrom of unknown capabilities
+    Device type    : Removable CD-ROM
+    Version        : 5
+    Response Format: 2
+    Capabilities   : 
+    Vendor_info    : 'HL-DT-ST'
+    Identification : 'DVDRAM GU10N    '
+    Revision       : 'MX05'
+    Device seems to be: Generic mmc2 DVD-R/DVD-RW.
+
+    Drive capabilities, per MMC-3 page 2A:
+
+      Does read CD-R media
+      Does write CD-R media
+      Does read CD-RW media
+      Does write CD-RW media
+      Does read DVD-ROM media
+      Does read DVD-R media
+      Does write DVD-R media
+      Does read DVD-RAM media
+      Does write DVD-RAM media
+      Does support test writing
+
+      Does read Mode 2 Form 1 blocks
+      Does read Mode 2 Form 2 blocks
+      Does read digital audio blocks
+      Does restart non-streamed digital audio reads accurately
+      Does support Buffer-Underrun-Free recording
+      Does read multi-session CDs
+      Does read fixed-packet CD media using Method 2
+      Does not read CD bar code
+      Does not read R-W subcode information
+      Does read raw P-W subcode data from lead in
+      Does return CD media catalog number
+      Does return CD ISRC information
+      Does support C2 error pointers
+      Does not deliver composite A/V data
+
+      Does play audio CDs
+      Number of volume control levels: 256
+      Does support individual volume control setting for each channel
+      Does support independent mute setting for each channel
+      Does not support digital output on port 1
+      Does not support digital output on port 2
+
+      Loading mechanism type: tray
+      Does support ejection of CD via START/STOP command
+      Does not lock media on power up via prevent jumper
+      Does allow media to be locked in the drive via PREVENT/ALLOW command
+      Is not currently in a media-locked state
+      Does not support changing side of disk
+      Does not have load-empty-slot-in-changer feature
+      Does not support Individual Disk Present feature
+
+      Maximum read  speed:  4234 kB/s (CD  24x, DVD  3x)
+      Current read  speed:  4234 kB/s (CD  24x, DVD  3x)
+      Maximum write speed:  4234 kB/s (CD  24x, DVD  3x)
+      Current write speed:  4234 kB/s (CD  24x, DVD  3x)
+      Rotational control selected: CLV/PCAV
+      Buffer size in KB: 1024
+      Copy management revision supported: 1
+      Number of supported write speeds: 4
+      Write speed # 0:  4234 kB/s CLV/PCAV (CD  24x, DVD  3x)
+      Write speed # 1:  2822 kB/s CLV/PCAV (CD  16x, DVD  2x)
+      Write speed # 2:  1764 kB/s CLV/PCAV (CD  10x, DVD  1x)
+      Write speed # 3:   706 kB/s CLV/PCAV (CD   4x, DVD  0x)
+
+    Supported CD-RW media types according to MMC-4 feature 0x37:
+      Does write multi speed       CD-RW media
+      Does write high  speed       CD-RW media
+      Does write ultra high speed  CD-RW media
+      Does not write ultra high speed+ CD-RW media
+
+Copyright © 2014, 2015, 2016 Leah Rowe <info@minifree.org>\
+
+Permission is granted to copy, distribute and/or modify this document
+under the terms of the GNU Free Documentation License Version 1.3 or any later
+version published by the Free Software Foundation
+with no Invariant Sections, no Front Cover Texts, and no Back Cover Texts.
+A copy of this license is found in [../fdl-1.3.md](../fdl-1.3.md)
diff --git a/i18n/fr_FR/docs/gnulinux/encrypted_parabola.md b/i18n/fr_FR/docs/gnulinux/encrypted_parabola.md
new file mode 100644
index 00000000..9424ec3b
--- /dev/null
+++ b/i18n/fr_FR/docs/gnulinux/encrypted_parabola.md
@@ -0,0 +1,507 @@
+---
+title: Installing Parabola or Arch GNU+Linux-Libre, with Full-Disk Encryption (including /boot)
+x-toc-enable: true
+...
+
+Also see:
+[Installing Hyperbola GNU+Linux, with Full-Disk Encryption (including /boot)](https://wiki.hyperbola.info/en:guide:encrypted_installation)
+
+This guide covers how to install Parabola GNU+Linux-Libre, with full disk encryption,
+including **/boot** (the boot directory). On most systems, **/boot** has
+to be left unencrypted, while the other partition(s) are encrypted.
+This is so that GRUB (and therefore the kernel) can be loaded and executed,
+because most firmware can’t open a LUKS volume; however, with libreboot,
+GRUB is already included as a [payload](http://www.coreboot.org/Payloads#GRUB_2),
+so even **/boot** can be encrypted; this protects **/boot** from tampering
+by someone with physical access to the system.
+
+**NOTE: This guide is *only* for the GRUB payload.
+If you use the depthcharge payload, ignore this section entirely.**
+
+This guide borrows heavily from the Parabola wiki, and will constantly link to it.
+For those new to Parabola GNU+Linux-Libre, check their [Beginner section](https://wiki.parabola.nu/Beginners%27_guide#Beginners) for an overview.
+
+## Minumum Requirements
+You can find the minimum requirements to run Parabola GNU+Linux
+[on the Parabola wiki](https://wiki.parabola.nu/Beginners%27_guide#Minimum_system_requirements).
+
+## Preparation
+
+### Download the latest ISO
+For this guide, I used the *2016.11.03* ISO; the most current image is
+available on Parabola's
+[downloads page](https://wiki.parabola.nu/Get_Parabola#Main_live_ISO).
+
+If you are a complete beginner with GNU+Linux, choose the *Mate Desktop ISO*.
+it is easier to install Parabola with this version, because it allows you
+access to a web browser, so you can copy and paste commands right into the terminal,
+without worrying about typos.
+
+**NOTE: You should never blindly copy-and-paste any commands. In this guide,
+copying and pasting is to ensure that no errors are made when entering the commands,
+so that you don't effectively "brick" your installation, and have to start over.
+It's important to understand what each command does before you use it,
+so be sure to read the Parabola/Archi Wiki documentation on the command,
+as well as its** `man` **page.**
+
+If you are not a beginner, choose the *Main Live ISO*.
+
+Only choose the *TalkingParabola ISO*, if you are blind or visually impaired.
+
+### Choose the Installation Device
+Refer to the Parabola wiki, for finding and choosing the proper installation device,
+whether you are using an [Optical Disk](https://wiki.parabola.nu/Beginners%27_guide#Optical_Disks),
+or a [USB drive](https://wiki.parabola.nu/Beginners%27_guide#USB_flash_drive).
+
+### Boot Parabola's Install Environment
+After downloading the ISO, and creating some kind of bootable media,
+you will need to boot into the Live image. If you are unsure of how to do so,
+see [How to boot a GNU+Linux installer](grub_boot_installer.md),
+and move on to the next step; otherwise, just go to the next step.
+
+Once booted into the environment, either open the **`MATE Terminal`** application 
+(if using the MATE Desktop ISO), or simply just enter the commands listed below
+(if using any of the other ISO's).
+
+## Setting Up Keyboard Layout
+To begin the installation, you must first select the proper [keyboard layout](https://wiki.parabola.nu/Beginners%27_guide#Changing_Keyboard).
+
+## Establish an Internet Connection
+You will also need to [set up a network connection](https://wiki.parabola.nu/Beginners%27_guide#Establish_an_internet_connection),
+to install packages.
+
+## Preparing the Storage Device for Installation
+
+You need to prepare the storage device that we will use to install the operating system.
+You can use same [device name](https://wiki.parabola.nu/Beginners%27_guide#USB_flash_drive)
+that you used earlier, to determine the installation device for the ISO.
+
+### Wipe Storage Device
+You want to make sure that the device you're using doesn't contain any plaintext
+copies of your personal data. If the drive is new, then you can skip the rest of this section;
+if it's not new, then there are two ways to handle it:
+
+1. If the drive were not previously encrypted, securely wipe it with the `dd` command;
+you can either choose to fill it with zeroes or random data; I chose random data (e.g., `urandom`),
+because it's more secure. Depending on the size of the drive, this could take a while to complete:
+
+    ~~~
+    # dd if=/dev/urandom of=/dev/sdX; sync
+    ~~~
+
+2. If the drive were previously encrypted, all you need to do is wipe the LUKS header.
+The size of the header depends upon the specific model of the hard drive;
+you can find this information by doing some research online.
+Refer to this [article](https://www.lisenet.com/2013/luks-add-keys-backup-and-restore-volume-header/), for more information about LUKS headers.
+You can either fill the header with zeroes, or with random data; again, I chose random data, using `urandom`:
+
+    ~~~
+    # head -c 3145728 /dev/urandom > /dev/sdX; sync
+    ~~~
+
+Also, if you're using an SSD, there are a two things you should keep in mind:
+
+-    There are issues with TRIM; it's not enabled by default through LUKS,
+and there are security issues, if you do enable it. See [this page](https://wiki.archlinux.org/index.php/Dm-crypt#Specialties) for more info.
+-    Make sure to read [this article](https://wiki.archlinux.org/index.php/Solid_State_Drives),
+for information on managing SSD's in Arch Linux (the information applies to Parabola, as well).
+
+### Formatting the Storage Device
+Now that all the personal data has been deleted from the disk, it's time to format it.
+We'll begin by creating a single, large partition on it, and then encrypting it using LUKS.
+
+#### Create the LUKS partition
+You will need the `device-mapper` kernel module during the installation;
+this will enable us to set up our encrypted disk. To load it, use the following command:
+
+    # modprobe dm_mod
+
+We then need to select the **device name** of the drive we're installing the operating system on;
+see the above method, if needed, for figuring out device names.
+
+Now that we have the name of the correct device, we need to create the partition on it.
+For this, we will use the `cfdisk` command:
+
+    # cfdisk /dev/sdX
+
+1. Use the arrow keys to select your partition, and if there is already a partition
+on the drive, select **Delete**, and then **New**.
+2. For the partition size, leave it as the default, which will be the entire drive.
+3. You will see an option for **Primary** or **Logical**; choose **Primary**,
+and make sure that the partition type is **Linux (83)**.
+4. Select **Write**; it will ask you if you are sure that you want to overwrite the drive.
+5. Type **yes**, and press enter. A message at the bottom will appear, telling you that
+the partition table has been altered.
+6. Select **Quit**, to return you to the main terminal.
+
+Now that you have created the partition, it's time to create the encrypted volume on it,
+using the `cryptsetup` command, like this:
+
+    # cryptsetup -v --cipher serpent-xts-plain64 --key-size 512 --hash whirlpool \
+    --iter-time 500 --use-random --verify-passphrase --type luks1 luksFormat /dev/sdXY
+
+These are just recommended defaults; if you want to use anything else,
+or to find out what options there are, run `man cryptsetup`.
+
+>**NOTE: the default iteration time is 2000ms (2 seconds),
+>if not specified when running the cryptsetup command. You should set a lower time than this;
+>otherwise, there will be an approximately 20-second delay when booting your
+>system. We recommend 500ms (0.5 seconds), and this is included in the
+>prepared** `cryptsetup` **command above. Keep in mind that the iteration time
+>is for security purposes (it mitigates brute force attacks), so anything lower
+>than 0.5 seconds is probably not very secure.**
+
+You will now be prompted to enter a passphrase; be sure to make it *secure*.
+For passphrase security, length is more important than complexity
+(e.g., **correct-horse-battery-staple** is more secure than **bf20$3Jhy3**), 
+but it's helpful to include several different types of characters 
+(e.g., uppercase/lowercase letters, numbers, special characters).
+The password length should be as long as you are able to remember,
+without having to write it down, or store it anywhere.
+
+Use of the [**diceware**](http://world.std.com/~reinhold/diceware.html) method
+is recommended, for generating secure passphrases (rather than passwords).
+
+#### Create the Volume Group and Logical Volumes
+The next step is to create two Logical Volumes within the LUKS-encrypted partition:
+one will contain your main installation, and the other will contain your swap space.
+
+We will create this using, the [Logical Volume Manager (LVM)](https://wiki.archlinux.org/index.php/LVM).
+
+First, we need to open the LUKS partition, at **/dev/mapper/lvm**:
+
+    # cryptsetup luksOpen /dev/sdXY lvm
+
+Then, we create LVM partition:
+
+    # pvcreate /dev/mapper/lvm
+
+Check to make sure tha the partition was created:
+
+    # pvdisplay
+
+Next, we create the volume group, inside of which the logical volumes will
+be created. In libreboot's case, we will call this group **matrix**.
+If you want to have it work via *Load Operating System (incl. fully
+encrypted disks)  [o]* it needs to be called **matrix** (as it is harcoded
+in libreboot's grub.cfg on the flash)
+
+    # vgcreate matrix /dev/mapper/lvm
+
+Check to make sure that the group was created:
+
+    # vgdisplay
+
+Lastly, we need to create the logical volumes themselves, inside the volume group;
+one will be our swap, cleverly named **swapvol**, and the other will be our root partition,
+equally cleverly named as **rootvol**.
+
+1. We will create the **swapvol** first (again, choose your own name, if you like).
+Also, make sure to [choose an appropriate swap size](http://www.linux.com/news/software/applications/8208-all-about-linux-swap-space)
+(e.g., **2G** refers to two gigabytes; change this however you see fit):
+
+    ~~~
+    # lvcreate -L 2G matrix -n swapvol
+    ~~~
+
+2. Now, we will create a single, large partition in the rest of the space, for **rootvol**:
+
+    ~~~
+    # lvcreate -l +100%FREE matrix -n rootvol
+    ~~~
+
+You can also be flexible here, for example you can specify a **/boot**, a **/**,
+a **/home**, a **/var**, or a **/usr** volume. For example, if you will be running a
+web/mail server then you want **/var** (where logs are stored) in its own partition,
+so that if it fills up with logs, it won't crash your system.
+For a home/laptop system (typical use case), just a root and a swap will do.
+
+Verify that the logical volumes were created correctly:
+
+    # lvdisplay
+
+#### Make the rootvol and swapvol Partitions Ready for Installation
+The last steps of setting up the drive for installation are turning **swapvol**
+into an active swap partition, and formatting **rootvol**.
+
+To make **swapvol** into a swap partition, we run the `mkswap` (i.e., make swap) command:
+
+    # mkswap /dev/mapper/matrix-swapvol
+
+Activate the **swapvol**, allowing it to now be used as swap,
+using `swapon` (i.e., turn swap on) command:
+
+    # swapon /dev/matrix/swapvol
+
+Now I have to format **rootvol**, to make it ready for installation;
+I do this with the `mkfs` (i.e., make file system) command.
+I choose the **ext4** filesystem, but you could use a different one,
+depending on your use case:
+
+    # mkfs.ext4 /dev/mapper/matrix-rootvol
+
+Lastly, I need to mount **rootvol**. Fortunately, GNU+Linux has a directory
+for this very purpose: **/mnt**:
+
+    # mount /dev/matrix/rootvol /mnt
+
+#### Separate boot and home logical volumes
+You could also create two separate logical volumes for **/boot** and **/home**,
+but such a setup would be for advanced users,
+and is thus not covered in this guide.
+If separate boot logical volume is used, it has to be named **boot**
+in order for libreboot to use it.
+
+The setup of the drive and partitions is now complete; it's time to actually install Parabola.
+
+## Select a Mirror
+The first step of the actual installation is to choose the server from where
+we will need to download the packages; for this, we will again refer to the [Parabola Wiki](https://wiki.parabola.nu/Beginners%27_guide#Select_a_mirror).
+For beginners, I recommend that the edit the file using `nano` (a command-line text editor);
+you can learn more about it on [their website](https://www.nano-editor.org/); for non-beginners,
+simply edit it with your favorite text editor.
+
+## Install the Base System
+We need to install the essential applications needed for your Parabola installation to run;
+refer to [Install the Base System](https://wiki.parabola.nu/Beginners%27_guide#Install_the_base_system), on the Parabola wiki.
+
+## Generate an fstab
+The next step in the process is to generate a file known as an **fstab**;
+the purpose of this file is for the operating system to identify the storage device
+used by your installation. [On the Parabola beginner's guide](https://wiki.parabola.nu/Beginners%27_guide#Generate_an_fstab) are the instructions to generate that file.
+
+## Chroot into and Configure the System
+Now, you need to `chroot` into your new installation, to complete the setup
+and installation process. **Chrooting** refers to changing the root directory
+of an operating system  to a different one; in this instance, it means changing your root
+directory to the one you created in the previous steps, so that you can modify files
+and install software onto it, as if it were the host operating system.
+
+To `chroot` into your installation, follow the instructions [on the
+Parabola beginner's guide](https://wiki.parabola.nu/Beginners%27_guide#Chroot_and_configure_the_base_system).
+
+### Setting up the Locale
+Locale refers to the language that your operating system will use, as well as some
+other considerations related to the region in which you live. To set this up,
+follow the instructions [in the Parabola beginner's guide](https://wiki.parabola.nu/Beginners%27_guide#Locale).
+
+### Setting up the Consolefont and Keymap
+This will determine the keyboard layout of your new installation; follow the instructions [in the Parabola beginner's guide](https://wiki.parabola.nu/Beginners%27_guide#Console_font_and_keymap).
+
+### Setting up the Time Zone
+You'll need to set your current time zone in the operating system; this will enable applications
+that require accurate time to work properly (e.g., the web browser).
+To do this, follow the instructions [in the Parabola beginner's guide](https://wiki.parabola.nu/Beginners%27_guide#Time_zone).
+
+### Setting up the Hardware Clock
+To make sure that your computer has the right time, you'll have to set the time in your computer's internal clock.
+Follow the instructions [in the Parabola beginner's guide](https://wiki.parabola.nu/Beginners%27_guide#Hardware_clock) to do that.
+
+### Setting up the Kernel Modules
+Now we need to make sure that the kernel has all the modules that it needs
+to boot the operating system. To do this, we need to edit a file called **mkinitcpio.conf**.
+More information about this file can be found [in the Parabola beginner's guide](https://wiki.parabola.nu/Mkinitcpio),
+but for the sake of this guide, you simply need to run the following command.
+
+    # nano /etc/mkinitcpio.conf
+
+There are several modifications that we need to make to the file:
+
+1.  Change the value of the uncommented `MODULES` line to `i915`.
+
+    * This forces the driver to load earlier, so that the console font you selected earlier
+      isn’t wiped out after getting to login.
+    * If you are using a **Macbook 2,1** you will also need to add `hid-generic`,
+      `hid`, and `hid-apple` inside the quotation marks, in order to have
+      a working keyboard when asked to enter the LUKS password.
+      Make sure to separate each module by one space.
+
+2.  Change the value of the uncommented `HOOKS` line to the following:
+
+    ~~~
+    base udev autodetect modconf block keyboard keymap consolefont encrypt lvm2 filesystems fsck shutdown
+    ~~~
+
+    here's what each module does:
+
+    * `keymap` adds to *initramfs* the keymap that you specified in **/etc/vconsole.conf**
+    * `consolefont` adds to *initramfs* the font that you specified in **/etc/vconsole.conf**
+    * `encrypt` adds LUKS support to the initramfs - needed to unlock your disks at boot time
+    * `lvm2` adds LVM support to the initramfs - needed to mount the LVM partitions at boot time
+    * `shutdown` is needed according to Parabola wiki, for unmounting devices (such as LUKS/LVM) during shutdown
+
+After modifying the file and saving it, we need to update the kernel(s) with the new settings.
+Before doing this, we want to install a Long-Term Support (LTS) kernel as a backup, in the event
+that we encounter problems with the default Linux-Libre kernel (which is continually updated).
+
+We will also install the `grub` package, which we will need later,
+to make our modifications to the GRUB configuration file:
+
+    # pacman -S linux-libre-lts grub
+
+Then, we update both kernels like this, using the `mkinitcpio` command:
+
+    # mkinitcpio -p linux-libre
+    # mkinitcpio -p linux-libre-lts
+
+### Setting up the Hostname
+Now we need to set up the hostname for the system; this is so that our device
+can be identified by the network. Refer to [the hostname section](https://wiki.parabola.nu/Beginners%27_guide#Hostname)
+of the Parabola wiki's Beginner's Guide. You can make the hostname anything you like;
+for example, if you wanted to choose the hostname **parabola**,
+you would run the `echo` command, like this:
+
+    # echo parabola > /etc/hostname
+
+And then you would modify **/etc/hosts** like this, adding the hostname to it:
+
+    # nano /etc/hosts
+
+    #<ip-address> <hostname.domain.org>   <hostname>
+    127.0.0.1     localhost.localdomain   localhost   parabola
+    ::1           localhost.localdomain   localhost   parabola
+
+### Configure the Network
+Now that we have a hostname, we need to configure the settings for the rest of the network.
+Instructions for setting up a wired connection are [in the Parabola beginner's guide](https://wiki.parabola.nu/Beginners%27_guide#Wired),
+and instructions for setting up a wireless connection are [in the Parabola beginner's guide](https://wiki.parabola.nu/Beginners%27_guide#Wireless_2).
+
+### Set the root Password
+The **root** account has control over all the files in the computer; for security,
+we want to protect it with a password. The password requirements given above,
+for the LUKS passphrase, apply here as well. You will set this password with the `passwd` command:
+
+    # passwd
+
+### Extra Security Tweaks
+There are some final changes that we can make to the installation, to make it
+significantly more secure; these are based on the [Security](https://wiki.archlinux.org/index.php/Security) section of the Arch wiki.
+
+#### Key Strengthening
+We will want to open the configuration file for password settings, and increase
+the strength of our **root** password:
+
+    # nano /etc/pam.d/passwd
+
+Add `rounds=65536` at the end of the uncommented 'password' line; in simple terms,
+this will force an attacker to take more time with each password guess, mitigating
+the threat of brute force attacks.
+
+#### Restrict Access to Important Directories
+You can prevent any user, other than the root user, from accessing the most important
+directories in the system, using the `chmod` command; to learn more about this command,
+run `man chmod`:
+
+    # chmod 700 /boot /etc/{iptables,arptables}
+
+#### Lockout User After Three Failed Login Attempts
+We can also setup the system to lock a user's account, after three failed login attempts.
+
+To do this, we will need to edit the file **/etc/pam.d/system-login**,
+and comment out this line:
+
+    auth required pam\_tally.so onerr=succeed file=/var/log/faillog*\
+
+You could also just delete it. Above it, put the following line:
+
+    auth required pam\_tally.so deny=2 unlock\_time=600 onerr=succeed file=/var/log/faillog
+
+This configuration will lock the user out for ten minutes.
+You can unlock a user's account manually, using the **root** account, with this command:
+
+    # pam_tally --user *theusername* --reset
+    
+#### Generate grub.cfg
+Edit configuration in `/etc/default/grub`, remembering to use UUID when poitning to mbr/gpt partition.
+Use `blkid` to get list of devices with their respective UUIDs.
+For details see [parabola wiki.](https://wiki.parabola.nu/Dm-crypt/Encrypting_an_entire_system#Configuring_the_boot_loader_5)
+
+Next generate grub.cfg with:
+
+    # grub-mkconfig -o /boot/grub/grub.cfg
+    
+If you have separate `/boot` partition, don't forget to add `boot` symlink inside that points to current directory
+
+    # cd /boot; ln -s . boot
+
+## Unmount All Partitions and Reboot
+Congratulations! You have finished the installation of Parabola GNU+Linux-Libre.
+Now it is time to reboot the system, but first, there are several preliminary steps:
+
+Exit from `chroot`, using the `exit` command:
+
+    # exit
+
+Unmount all of the partitions from **/mnt**, and "turn off" the swap volume:
+
+    # umount -R /mnt
+    # swapoff -a
+
+Deactivate the **rootvol** and **swapvol** logical volumes:
+
+    # lvchange -an /dev/matrix/rootvol
+    # lvchange -an /dev/matrix/swapvol
+
+Lock the encrypted partition (i.e., close it):
+
+    # cryptsetup luksClose lvm
+
+Shutdown the machine:
+
+    # shutdown -h now
+
+After the machine is off, remove the installation media, and turn it on.
+
+## Booting the installation manually from GRUB
+When you forget to configure or misconfigure grub on your hdd, you have to manually boot
+the system by entering a series of commands into the GRUB command line.
+
+
+After the computer starts, Press `C` to bring up the GRUB command line.
+You can either boot the normal kernel, or the LTS kernel we installed;
+here are the commands for the normal kernel:
+
+    grub> cryptomount -a
+    grub> set root='lvm/matrix-rootvol'
+    grub> linux /boot/vmlinuz-linux-libre root=/dev/matrix/rootvol cryptdevice=/dev/sda1:root
+    grub> initrd /boot/initramfs-linux-libre.img
+    grub> boot
+
+If you're trying to boot the LTS kernel, simply add **-lts** to the end
+of each command that contains the kernel (e.g., **/boot/vmlinuz-linux-libre**
+would be **/boot/vmlinuz/linux-libre-lts**).
+
+**NOTE: on machines with native sata, during boot a (faulty) optical disc drive (like dvd) can cause
+the** `cryptomount -a` **command to fail/hang, as well as the error** `AHCI transfer timed out`
+**The workaround was to remove the DVD drive.**
+
+## Follow-Up Tutorial: Configuring Parabola
+The next step of the setup process is to modify the configuration file that
+GRUB uses, so that we don't have to manually type in those commands above, each time we want
+to boot our system.
+
+To make this process much easier, we need to install a graphical interface,
+as well as install some other packages that will make the system more user-friendly.
+These additions will also sharply reduce the probability of "bricking" our computer.
+
+[Configuring Parabola (Post-Install)](configuring_parabola.md) provides an example setup, but don't feel
+as if you must follow it verbatim (of course, you can, if you want to);
+Parabola is user-centric and very customizable, which means that you have maximum control
+of the system, and a near-limitless number of options for setting it up. For more information,
+read [The Arch Way](https://wiki.archlinux.org/index.php/The_Arch_Way) (Parabola also follows it).
+
+After setting up the graphical interface, refer to [How to Modify GRUB Configuration](grub_cbfs.md),
+for instructions on doing just that, as well as flashing the ROM (if necessary).
+
+Copyright © 2014, 2015, 2016 Leah Rowe <info@minifree.org>
+
+Copyright © 2015 Jeroen Quint <jezza@diplomail.ch>
+
+Copyright © 2017 Elijah Smith <esmith1412@posteo.net>
+
+Permission is granted to copy, distribute and/or modify this document
+under the terms of the GNU Free Documentation License Version 1.3 or any later
+version published by the Free Software Foundation
+with no Invariant Sections, no Front Cover Texts, and no Back Cover Texts.
+A copy of this license is found in [../fdl-1.3.md](../fdl-1.3.md)
+
diff --git a/i18n/fr_FR/docs/gnulinux/encrypted_trisquel.md b/i18n/fr_FR/docs/gnulinux/encrypted_trisquel.md
new file mode 100644
index 00000000..32ff87f6
--- /dev/null
+++ b/i18n/fr_FR/docs/gnulinux/encrypted_trisquel.md
@@ -0,0 +1,190 @@
+---
+title: Installing Trisquel GNU+Linux with Full-Disk Encryption (including /boot)
+x-toc enable: true
+...
+
+This guide is written for the Trisquel 7.0 (Belenos) GNU+Linux distribution, but it should also work for Trisquel 6.0 (Toutatis).
+
+## Gigabyte GA-G41M-ES2L
+
+To boot the Trisquel net installer, make sure to specify fb=false on the linux
+kernel parameters in GRUB. This will boot the installer in text mode instead
+of using a framebuffer.
+
+## Boot the Installation Media
+Boot your operating system, with the installation media. If you don't know how to do so, refer to [How to Prepare and Boot a USB Installer in Libreboot Systems](grub_boot_installer.md).
+
+When the Trisquel GRUB screen appears, select the `Install Trisquel in Text Mode` option.
+
+## Select a Language
+The first part of the installation is to select your system's language; I chose `English`.
+
+## Select Your Location
+You will need to select your location; I choose `United States`.
+
+## Configure the Keyboard
+You need to select the right layout for your keyboard; if you want to installer to do it automatically, choose `Yes`, and it will ask you whether or not a series of keys are present on your keyboard. Simply choose `Yes` or `No`, accordingly.
+
+If you don't want the installer to automatically detect your keyboard layout, choose `No`, and simply select it from a list.
+
+## Configure the Network
+
+### Choose the Network Inteface
+You will need to select the network interface to be used for the installation. If you have an ethernet (i.e., wired) connection, choose `etho0`; otherwise, choose `wlan0` (for wireless).
+
+If you choose `wlan0`, enter the passphrase that corresponds to your wireless network's WPA/WPA2 key (Your wireless network should have a password, and no modern router should be using the [WEP protocol](https://en.wikipedia.org/wiki/Wired_Equivalent_Privacy)).
+
+### Choose Your Hostname
+You will need to choose a hostname for the system, which identifies your computer to the network; it can be anything, but it must only consist of numbers, uppercase and lowercase letters, and dashes `-`.
+
+### Choose a Mirror of the Trisquel Archive
+Choose the server from where you will download the Trisquel packages needed for the installation. The choices are separated by country; simply select the one that is closest to where you are.
+
+After you select the country, you will be taken to a list of different individual servers. If there is more than one option, choose the one that is closest to you; otherwise, select whichever one is available.
+
+The last step of setting up the network will be entering an HTTP proxy (if you need one to access the network). If you have one, type it here; otherwise, press `Tab`, and then choose `Continue` (using the arrow keys).
+
+## Loading Additional Components
+Now the installer needs to download some more packages, to continue the installation. Depending on your network bandwidth, this could take up to a few minutes to complete.
+
+## Set Up Users and Passwords
+Enter the full name of the user here. You can use your real name, or just a pseudonym; then, choose `Continue`.
+
+Then it will ask you to enter a *username*. Pick whatever you like, and enter it here. Select `Continue`.
+
+Choose a passphrase (better than a password). The [diceware](http://world.std.com/~reinhold/diceware.html) method is highly recommended for coming up with one.
+
+I recommend combining the *diceware* method with something personal about yourself. An example of this would be to choose four words from the *diceware* list, and then come up with a fifth "word" (i.e., a combination of characters that is unique to you, like some name plus a number/special character); this combination dramatically increases the security of a *diceware* passphrase (i.e., even if someone had the entire *diceware* word list, they couldn't figure out your passphrase through brute force).
+
+**NOTE: This would be difficult for a person to do, even if you *only* used words from the list**.
+
+For example, say that your cat's name is **Max**, and he is three years old; you could do something like this:
+
+    diceware_word_1 diceware_word_2 diceware_word_3 diceware_word_4 Max=3old
+
+This has a large degree of randomness (due to the usage of the *diceware* method), and also contains a unique piece of personal information that someone would need to know you, in order to guess; it's a very potent combination.
+
+After entering this password twice, choose `Continue`.
+
+It will now ask you if you want to encrypt your home directory. Remember, this is *NOT* to be confused with encrypting your entire disk (the purpose of this guide); it will just be the files that reside in `~`, and it uses a different encryption protocol (`ecryptfs`). If you want to encrypt your home directory here, choose `Yes`; however, since we are going to encrypt the entire installation, that would not only be redundant, but it would also add a noticeable performance penalty, for little security gain in most use cases. This is therefore optional, and *NOT* recommended. Choose `No`.
+
+## Configure the Clock
+The installer will try to auto-detect your time zone; if it chooses correctly, select `Yes`; otherwise, choose `No`, and it will prompt you to select the correct one.
+
+## Partition Disks
+Now it's time to partition the disk; you will be shown several options; choose `Manual` partitioning.
+
+1. Use the arrow keys to select the drive (look for a matching size and manufacturer name in the description), and press `Enter`. It will ask you if you want to create a new, empty partition table on the device; choose `Yes`.
+
+2. Your drive will now show as having a single partition, labeled `#1`; select it (it will say `FREE SPACE` beside it), and press `Enter`.
+
+3. Choose `Create a new partition`. By default, the partition size will be the whole drive; leave it as-is, and select `Continue`.
+
+4. When it asks for partition type, go with `Primary`; you'll be taken to a screen with a list of information about your new partition; make sure to fill out each field as follows (using the up and down arrows to navigate, and `Enter` to modify an option):
+
+    * Use as: `physical volume for encryption`
+    * Encryption method: `Device-mapper (dm-crypt)`
+    * Encryption: `aes`
+    * key size: `256`
+    * IV algorithm: `xts-plain64`
+    * Encryption key: `passphrase`
+    * Erase data: `Yes`
+
+        For the `Erase data` field, only choose `No`, if this is either a new drive that doesn't have any of your plaintext data, or else if it previously had full-disk encryption.
+
+5. Choose `Done setting up the partition`. It will take you back to the main partitioning menu.
+
+6. Choose `Configure encrypted volumes`; the installer will ask if you want to write the changes to disk, and configure the encrypted volumes; choose `Yes`.
+
+7. Select `Create encrypted volumes`.
+
+8. Select your partition with the arrow keys (pressing `Spacebar` will make an `*` appear between the brackets; that's how you know it's been selected). Press `Tab`, and choose `Continue`.
+
+9. Select `Finish`. You will be asked if you really want to erase the drive; choose `Yes` (Erase will take a long time, so be patient. If your old system were encrypted, just let this run for about a minute, and then choose `Cancel`; this will make sure that the LUKS header is completely wiped out).
+
+10. Now you need to enter a passphrase for encrypting the entire disk. Make sure that this is different from your user password that you created earlier, but still use the [diceware](http://world.std.com/~reinhold/diceware.html) method to create it. You will have to enter the password twice; afterwards, you will be returned to the main partitioning menu.
+
+11. You will now see your encrypted device at the top of the device list. It will begin with something like this: `Encrypted volume (sdXY_crypt)`. Choose the partition labeled `#1`.
+
+12. Change the value of `Use as` to `physical volume for LVM`. Then choose `Done setting up the partition`; you will be taken back to the main partitioning menu.
+
+13. Choose `Configure the Logical Volume Manager`. You will be asked if you want to `Keep current partition layout and configure LVM`; choose `Yes`.
+
+14. Choose `Create volume group`. You will have to enter a name for the group; use **grubcrypt**. Select the encrypted partition as the device (by pressing `Spacebar`, which will make an `*` appear between the brackets; that's how you know it's been selected). Press `Tab`, and choose `Continue`.
+
+15. Choose `Create logical volume`. Select the volume group you created in the previous step (i.e., **grubcrypt**), and name it **trisquel**; make the size the entire drive minus 2048 MB (for the swap space). Press `Enter`.
+
+16. Choose `Create logical volume` again, and select **grubcrypt**. Name this one **swap**, and make the size the default value (it should be about 2048MB). Press `Enter`, and then choose `Finish`.
+
+17. Now you are back at the main partitioning screen. You will simply set the mount points and filesystems to use for each partition you just created. Under `LVM VG grubcrypt, LV trisquel`, select the first partition: `#1`. Change the values in this section to reflect the following; then choose `Done setting up partition`:
+
+    * use as: `ext4`
+    * mount point: `/`
+
+18. Under `LVM VG grubcrypt, LV swap`, select the first partition: `#1`. Change the value of `use as` to `swap area`. Choose `Done setting up partition`.
+
+19. Finally, when back at the main partitioning screen, choose `Finish partitioning and write changes to disk`. It will ask you to verify that you want to do this; choose `Yes`.
+
+## Installing the Base System
+The hardest part of the installation is done; the installer will now download and install the packages necessary for your system to boot/run. The rest of the process will be mostly automated, but there will be a few things that you have to do yourself.
+
+### Choose a Kernel
+It will ask you which kernel you want to use; choose `linux-generic`.
+
+**NOTE: After installation, if you want the most up-to-date version of the Linux kernel (Trisquel's kernel is sometimes outdated, even in the testing distro), you might consider using [this repository](https://jxself.org/linux-libre/) instead. These kernels are also deblobbed, like Trisquel's (meaning there are no binary blobs present).**
+
+### Update Policy
+You have to select a policy for installing security updates; I recommend that you choose `Install security updates automatically`, but you can choose not to, if you prefer.
+
+### Choose a Desktop Environment
+When prompted to choose a desktop environment, use the arrow keys to navigate the choices, and press `Spacebar` to choose an option; here are some guidelines:
+
+* If you want *GNOME*, choose **Trisquel Desktop Environment**
+* If you want *LDXE*, choose **Trisquel-mini Desktop Environment**
+* If you want *KDE*, choose **Triskel Desktop Environment**
+
+You might also want to choose some of the other package groups (or none of them, if you want a basic shell); it's up to you. Once you've chosen the option you want, press `Tab`, and then choose `Continue`.
+
+## Install the GRUB boot loader to the master boot record
+The installer will ask you if you want to install the GRUB bootloader to the master boot record; choose `No`. You do not need to install GRUB at all, since in Libreboot, you are using the GRUB payload on the ROM to boot your system.
+
+The next window will prompt you to enter a `Device for boot loader installation`. Leave the line blank; press `Tab`, and choose `Continue`.
+
+## System Clock
+The installer will ask if your system clock is set to UTC; choose `Yes`.
+
+## Finishing the Installation
+The installer will now give you a message that the installation is complete. Choose `Continue`, remove the installation media, and the system will automatically reboot.
+
+## Booting your system
+At this point, you will have finished the installation. At your GRUB boot screen, press `C` to get to the command line, and enter the following commands at the `grub>` prompt:
+
+    grub> cryptomount -a
+    grub> set root='lvm/grubcrypt-trisquel'
+    grub> linux /vmlinuz root=/dev/mapper/grubcrypt-trisquel \
+    >cryptdevice=/dev/mapper/grubcrypt-trisquel:root
+    grub> initrd /initrd.img
+    grub> boot
+
+Without specifying a device, **cryptomount's** `-a` parameter tries to unlock *all* detected LUKS volumes (i.e., any LUKS-encrypted device that is connected to the system). You can also specify `-u` (for a UUID). Once logged into the operating system, you can find the UUID by using the `blkid` command:
+
+    $ sudo blkid
+
+## ecryptfs
+If you didn't encrypt your home directory, then you can safely ignore this section; if you did choose to encrypt it, then after you log in, you'll need to run this command:
+
+    $ sudo ecryptfs-unwrap-passphrase
+
+This will be needed in the future, if you ever need to recover your home directory from another system. Write it down, or (preferably) store it using a password manager (I recommend `keepass`,`keepasX`, or `keepassXC`).
+
+## Modify grub.cfg (CBFS)
+The last step of the proccess is to modify your **grub.cfg** file (in the firmware), and flash the new configuration, [using this tutorial](grub_cbfs.md); this is so that you don't have to manually type in the commands above, every single time you want to boot your computer. You can also make your GRUB configuration much more secure, by following [this guide](grub_hardening.md).
+
+## Troubleshooting
+During boot, some Thinkpads have a faulty DVD drive, which can cause the `cryptomount -a` command to fail, as well as the error `AHCI transfer timed out` (when the Thinkpad X200 is connected to an UltraBase). For both issues, the workaround was to remove the DVD drive (if using the UltraBase, then the whole device must be removed).
+
+Copyright © 2014, 2015 Leah Rowe <info@minifree.org>
+
+Copyright © 2017 Elijah Smith <esmith1412@posteo.net>
+
+Permission is granted to copy, distribute and/or modify this document under the terms of the GNU Free Documentation License Version 1.3 or any later version published by the Free Software Foundation with no Invariant Sections, no Front Cover Texts, and no Back Cover Texts. A copy of this license is found in [../fdl-1.3.md](../fdl-1.3.md)
diff --git a/i18n/fr_FR/docs/gnulinux/grub_boot_installer.md b/i18n/fr_FR/docs/gnulinux/grub_boot_installer.md
new file mode 100644
index 00000000..48ecaa37
--- /dev/null
+++ b/i18n/fr_FR/docs/gnulinux/grub_boot_installer.md
@@ -0,0 +1,144 @@
+---
+title: How to Prepare and Boot a USB Installer on Libreboot Systems
+x-toc-enable: true
+...
+
+This guide explains how to prepare a bootable USB for Libreboot systems that can be used to install several GNU+Linux distributions. For this guide, you will only need a USB flash drive and the `dd` utility (it's installed into all GNU+Linux distributions, by default).
+
+For information on actually installing specific GNU+Linux distributions, refer to [this page](index.md).
+
+## Prepare the USB Drive in GNU+Linux
+If you downloaded your ISO while on an existing GNU+Linux system, here is how to create the bootable GNU+Linux USB drive:
+
+Connect the USB drive. Check `lsblk`, to confirm its device name (e.g., **/dev/sdX**):
+
+    $ lsblk
+
+For this example, let's assume that our drive's name is `sdb`. Make sure that it's not mounted:
+
+    $ sudo umount /dev/sdb
+
+Overwrite the drive, writing your distro ISO to it with `dd`. For example, if we are installing Trisquel 7.0 64-bit, and it's located in our Downloads folder, this is the command we would run:
+
+    $ sudo dd if=~/Downloads/trisquel_7.0_amd64.iso of=/dev/sdb bs=8M; sync
+
+That's it! You should now be able to boot the installer from your USB drive (the instructions for doing so will be given later).
+
+## Prepare the USB drive in NetBSD
+[This page](https://wiki.netbsd.org/tutorials/how_to_install_netbsd_from_an_usb_memory_stick/) on the NetBSD website shows how to create a NetBSD bootable USB drive, from within NetBSD itself. You should the `dd` method documented there. This will work with any GNU+Linux ISO image.
+
+## Prepare the USB drive in FreeBSD
+[This page](https://www.freebsd.org/doc/handbook/bsdinstall-pre.html) on the FreeBSD website shows how to create a bootable USB drive for installing FreeBSD. Use the `dd` method documented. This will work with any GNU+Linux ISO image.
+
+## Prepare the USB drive in LibertyBSD or OpenBSD
+If you downloaded your ISO on a LibertyBSD or OpenBSD system, here is
+how to create the bootable GNU+Linux USB drive:
+
+Connect the USB drive. Run `lsblk` to determine which drive it is:
+
+    $ lsblk
+
+To confirm that you have the correct drive, use `disklabel`. For example, if you thought the correct drive were **sd3**, run this command:
+
+    $ disklabel sd3
+
+Make sure that the device isn't mounted, with `doas`; if it is, this command will unmount it:
+
+    $ doas umount /dev/sd3i
+
+`lsblk` told you what device it is. Overwrite the drive, writing the OpenBSD installer to it with `dd`. Here's an example:
+
+    $ doas dd if=gnulinux.iso of=/dev/rsdXc bs=1M; sync
+
+That's it! You should now be able to boot the installer from your USB drive (the instructions for doing so will be given later).
+
+## Debian or Devuan net install
+Download the Debian or Devuan net installer. You can download the Debian ISO
+from [the Debian homepage](https://www.debian.org/), or the Devuan ISO from
+[the Devuan homepage](https://www.devuan.org/).
+
+Secondly, create a bootable USB drive using the commands in
+[#prepare-the-usb-drive-in-gnulinux](#prepare-the-usb-drive-in-gnulinux).
+
+Thirdly, boot the USB and enter these commands in the GRUB terminal
+(for 64-bit Intel or AMD):
+
+    grub> set root='usb0'
+    grub> linux /install.amd/vmlinuz
+    grub> initrd /install.amd/initrd.gz
+    grub> boot
+
+If you are on a 32-bit system (e.g. some Thinkpad X60's) then you will need to
+use these commands (this is also true for 32-bit running on 64-bit machines):
+
+    grub> set root='usb0'
+    grub> linux /install.386/vmlinuz
+    grub> initrd /install.386/initrd.gz
+    grub> boot
+
+NOTE FOR G41M USERS (32 bit, 64 bit): On the *linux* line, specify fb=false to
+boot in text mode or the installer won't have a display on your monitor.
+
+## Booting ISOLINUX Images (Automatic Method)
+Boot it in GRUB using the `Parse ISOLINUX config (USB)` option. A new menu should appear in GRUB, showing the boot options for that distro; this is a GRUB menu, converted from the usual ISOLINUX menu provided by that distro.
+
+## Booting ISOLINUX Images (Manual Method)
+These are generic instructions. They may or may not be correct for your distribution. You must adapt them appropriately, for whatever GNU+Linux distribution it is that you are trying to install.
+
+If the `ISOLINUX parser` or `Search for GRUB configuration` options won't work, then press `C` in GRUB to access the command line, then run the `ls` command:
+
+    grub> ls
+
+Get the device name from the above output (e.g., `usb0`). Here's an example:
+
+    grub> cat (usb0)/isolinux/isolinux.cfg
+
+Either the output of this command will be the ISOLINUX menuentries for that ISO, or link to other `.cfg` files (e.g, **/isolinux/foo.cfg**). For example, if the file found were **foo.cfg**, you would use this command:
+
+    grub> cat (usb0)/isolinux/foo.cfg
+
+And so on, until you find the correct menuentries for ISOLINUX.
+
+For Debian-based distros (e.g., Trisquel, Devuan), there are typically menuentries listed in **/isolinux/txt.cfg** or **/isolinux/gtk.cfg**. For dual-architecture ISO images (i686 and x86\_64), there may be separate files directories for each architecture.  Just keep searching through the image, until you find the correct ISOLINUX configuration file.
+
+**NOTE: Debian 8.6 ISO only lists 32-bit boot options in txt.cfg. This is important, if you want 64-bit booting on your system. Devuan versions based on Debian 8.x may also have the same issue.**
+
+Now, look at the ISOLINUX menuentry; it'll look like this:
+
+    kernel /path/to/kernel append PARAMETERS initrd=/path/to/initrd ...
+
+GRUB works similarly; here are some example GRUB commands:
+
+    grub> set root='usb0'
+    grub> linux /path/to/kernel PARAMETERS MAYBE\_MORE\_PARAMETERS
+    grub> initrd /path/to/initrd
+    grub> boot
+
+Note: `usb0` may be incorrect. Check the output of the `ls` command (in GRUB), to see a list of USB devices/partitions. Of course, this will vary from distro to distro. If you did all of that correctly, then it should now be booting your USB drive in the way that you specified.
+
+## Troubleshooting
+Most of these issues occur when using Libreboot with Coreboot's `text-mode`, instead of the Coreboot framebuffer. This mode is useful for booting payloads, like `MemTest86+`, which expect `text-mode`, but for GNU+Linux distributions, it can be problematic when they are trying to switch to a framebuffer, because it doesn't exist.
+
+In most cases, you should use the **vesafb** ROM images. An example filename would be **libreboot\_ukdvorak\_vesafb.rom**.
+
+### Parabola Won't Boot in Text-Mode
+Use one of the ROM images with `vesafb` in the filename (uses Coreboot framebuffer, instead of `text-mode`).
+
+### debian-installer Graphical Corruption in Text-Mode (Debian and Devuan)
+When using the ROM images that use Coreboot's `text mode`, instead of the Coreboot framebuffer, booting the Debian or Devuan net installer results in graphical corruption, because it is trying to switch to a framebuffer, which doesn't exist. Use that kernel parameter on the `linux` line, when booting it:
+
+    vga=normal fb=false
+
+This forces debian-installer to start in `text-mode`, instead of trying to switch to a framebuffer.
+
+If selecting `text-mode` from a GRUB menu created using the ISOLINUX parser, you can press `E` on the menu entry to add this. Or, if you are booting manually (from GRUB terminal), then just add the parameters.
+
+This workaround was found on the [Debian site](https://www.debian.org/releases/stable/i386/ch05s04.html). It should also work for Devuan, and any other `apt-get` distro that provides the debian-installer (i.e., text-mode) net install method.
+
+Copyright © 2014, 2015, 2016 Leah Rowe <info@minifree.org>
+
+Copyright © 2016 Scott Bonds <scott@ggr.com>
+
+Copyright © 2017 Elijah Smith <esmith1412@posteo.net>
+
+Permission is granted to copy, distribute and/or modify this document under the terms of the GNU Free Documentation License Version 1.3 or any later version published by the Free Software Foundation with no Invariant Sections, no Front Cover Texts, and no Back Cover Texts. A copy of this license is found in [../fdl-1.3.md](../fdl-1.3.md)
diff --git a/i18n/fr_FR/docs/gnulinux/grub_cbfs.md b/i18n/fr_FR/docs/gnulinux/grub_cbfs.md
new file mode 100644
index 00000000..f6c99332
--- /dev/null
+++ b/i18n/fr_FR/docs/gnulinux/grub_cbfs.md
@@ -0,0 +1,398 @@
+---
+title: Modifying the GRUB Configuration in Libreboot Systems
+x-toc enable: true
+...
+
+
+This guide will go through all the steps to modify a GRUB configuration file
+in Libreboot; this is so that the user doesn't have to manually boot
+their operating system each time, by typing in commands at the GRUB command line.
+
+For the purposes of this guide, you can either modify the GRUB configuration file
+that resides in the computer's ROM, or else you could modify the version that
+exists within the operating system itself; both options will be explained here.
+
+## How to Get the GRUB Configuration File
+The first step of the process is to actually get a hold of the GRUB configuration file
+that we need to modify. There are two ways to do this:
+
+1. We can extract the one that already exists within the ROM
+2. We can use one of the pre-compiled ROMS supplied by the Libreboot project
+
+However, both ways will require us to download the Libreboot Utility Archive.
+
+### Download the Libreboot Utility Archive
+The Libreboot Utility Archive contains the programs that we'll need
+to get our **grubtest.cfg** file. The latest release of the Libreboot Utility Archive
+can be downloaded [from libreboot.org](https://www.mirrorservice.org/sites/libreboot.org/release/stable/20160907/libreboot_r20160907_util.tar.xz).
+The quickest way to download it would be to use the `wget` program,
+which (if you don't know) allows you to download files from the internet.
+
+If you don't already have it installed, you can install it,
+using the `apt-get` command (in Debian-based distributions):
+
+    $ sudo apt-get install wget
+
+You can install it in Arch-based systems, using `pacman`:
+
+    $ sudo pacman -S wget
+
+Once you've installed `wget`, use it to download the file,
+simply by passing it the URL as an argument; you can save the file anywhere,
+but for the purpose of this guide, save it in **~/Downloads**
+(your **Home** directory's downloads folder).
+First, change the current working directory to **~/Downloads**:
+
+    $ cd ~/Downloads
+
+This guide assumes you are using the **20160907** version of Libreboot;
+if using a different version, modify the following commands accordingly:
+
+    $ wget https://www.mirrorservice.org/sites/libreboot.org/release/stable/20160907/\
+    >libreboot_r20160907_util.tar.xz
+
+After the file is downloaded, use the `tar` command to extract its contents:
+
+    $ tar -xf libreboot_r20160907_util.tar.xz
+
+After extraction, the folder will have the same name as the archive: in this case,
+**libreboot\_r20160907\_util**. For simplicity's sake, we'll rename it **libreboot\_util**,
+using the `mv` command:
+
+    $ mv "libreboot_r20160907_util" "libreboot_util"
+
+Now you have the folder with all the utilities necessary to read and modify the contents of the ROM.
+
+### Get the Necessary Utilities
+Once you have the **libreboot\_util** archive, you can find the `cbfstool` and `flashrom`
+utilities in **libreboot\_util/cbfstools/x86\_64/cbfstool**,
+and **libreboot\_util/flashrom/x86\_64/flashrom**, respectively.
+
+**NOTE: This guide assumes that you are using a device with the** x86\_64 **architecture;
+if you are using a device with a different architecture (e.g.,** i686 **or** armv7l**),
+the proper version of** `cbfstool` **and** `flashrom` **will be in that folder,
+inside their respective directories.**
+
+You could also compile both of these utilities; see [How to Build flashrom](../git/#build_flashrom).
+
+`flashrom` is also available from the repositories; if using an Arch-based distribution,
+use `pacman`:
+
+    $ sudo pacman -S flashrom
+
+Or, if you have a Debian-based distribution, use `apt-get`:
+
+    $ sudo apt-get install flashrom
+
+### Get the ROM Image
+You can either work directly with one of the ROM images already included
+in the libreboot ROM archives, or re-use the ROM that you have currently
+flashed. For the purpose of this tutorial, it is assumed that your ROM
+image file is named **libreboot.rom**, so please make sure to adapt.
+
+There are two ways to get a pre-compiled ROM image:
+
+#### 1. Download a Pre-Compiled Image from the Libreboot Website
+For the current release, **20160907**, they can be found [on a Libreboot mirror](https://www.mirrorservice.org/sites/libreboot.org/release/stable/20160907/rom/grub/);
+please adopt this guide, if using a different version of Libreboot.
+
+You also need to make sure that you select both the correct ROM for the device you're using,
+as well as the correct flash chip size (if applicable): **4mb**, **8mb**, or **16mb**;
+variable flash chip sizes only apply for the Thinkpads that Libreboot supports (excluding the X60 and T60).
+
+You can find the flash chip size, by running the following command:
+
+    # flashrom -p internal
+
+Look for a line like this:
+
+    Found Macronix flash chip "MX25L6406E/MX25L6408E" (8192 kB, SPI) \
+    mapped at physical address 0x00000000ff800000.
+
+Running this command on my Thinkpad X200 gives me the above result, so I know that
+my flash chip size is **8mb**.
+
+Once you've determined the correct ROMs and flash chip size, download them from the website.
+Since I'm currently using an X200 to write this guide, I'll demonstrate how
+to download the correct ROM images for that model.
+
+First, we're going to navigate to the **libreboot\_util** folder:
+
+    $ cd ~/Downloads/libreboot_util/
+
+Then, we will download the ROM images, using `wget`:
+
+    $ wget https://www.mirrorservice.org/sites/libreboot.org/release/stable/\
+    >20160907/rom/grub/libreboot_r20160907_grub_x200_8mb.tar.xz
+
+Extract the archive, using `tar`:
+
+    $ tar -xf libreboot_r20160907_grub_x200_8mb.tar.xz
+
+Navigate to the directory that you just created:
+
+    $ cd libreboot_r20160907_grub_x200_8mb
+
+Now that we are in the archive, we must choose the correct ROM image.
+To figure out the correct image, we must first parse the filenames for each ROM.
+For example, for the file named **x200_8mb_usqwerty_vesafb.rom**:
+
+    Model Name: x200
+    Flash Chip Size: 8mb
+    Country: us
+    Keyboard Layout: qwerty
+    ROM Type: vesafb or txtmode
+
+Since I am using a QWERTY keyboard, I will ignore all the non-QWERTY options.
+Note that there are two types of ROMs: **vesafb** and **txtmode**;
+The **vesafb** ROM images are recommended, in most cases; **txtmode** ROM images
+come with `MemTest86+`, which requires text-mode, instead of the usual framebuffer
+used by coreboot native graphics initialization.
+
+I'll choose **x200_8mb_usqwerty_vesafb.rom**; I'll copy the file (to the `cbfstool` directory),
+and rename it with one command:
+
+    $ mv "x200_8mb_usqwerty_vesafb.rom" ../cbfstool/x86_64/libreboot.rom
+
+#### 2. Create an Image from the Current ROM
+The simpler way to get a ROM image is to just create it from your current ROM,
+using `flashrom`, making sure to save it in the `cbfstool` folder, inside **libreboot\_util**:
+
+    $ sudo flashrom -p internal -r ~/Downloads/libreboot_util/cbfstool/x86_64/libreboot.rom
+
+If you are told to specify the chip, add the option `-c {your chip}` to the command, like this:
+
+    $ sudo flashrom -c MX25L6405 -p internal -r ~/Downloads/libreboot_util/cbfstool/x86_64/libreboot.rom
+
+Now you are ready to extract the GRUB configuration files from the ROM, and modify them the way you want.
+
+
+### Copy grubtest.cfg from the ROM Image
+You can check the contents of the ROM image, inside CBFS, using `cbfstool`.
+First, navigate to the cbfstool folder:
+
+    $ cd ~/Downloads/libreboot_util/cbfstool/x86_64/
+
+Then, run the `cbfstool` commmand, with the `print` option; this will display
+a list of all the files located in the ROM:
+
+    $ ./cbfstool libreboot.rom print
+
+You should see **grub.cfg** and **grubtest.cfg** in the list. **grub.cfg** is
+loaded by default, with a menu entry for switching to **grubtest.cfg**. In
+this tutorial, you will first modify and test **grubtest.cfg**. This is to
+reduce the possibility of bricking your device, so *DO NOT SKIP THIS!*
+
+Extract (i.e., get a copy of ) **grubtest.cfg** from the ROM image:
+
+    $ ./cbfstool libreboot.rom extract -n grubtest.cfg -f grubtest.cfg
+
+By default `cbfstool` will extract files to the current working directory;
+so, **grubtest.cfg** should appear in the same folder as **libreboot.rom**.
+
+## How to Modify the GRUB Configuration File
+This section will instruct the user *how* to modify their GRUB configuration file;
+whether they decide to use the version located in their operating system's **/** folder,
+or the one located in the ROM, the modifications will be the same.
+
+Once the file is open, look for the following line (it will be towards the bottom of the file):
+
+    menuentry 'Load Operating System [o]' --hotkey='o' --unrestricted
+
+After this line, there will be an opening bracket **{**, followed by a several lines
+of code, and then a closing  bracket **}**; delete everything that is between those two brackets,
+and replace it with the following code, if you're using an Arch-based disribution (e.g., Parabola GNU+Linux-Libre):
+
+    cryptomount -a
+    set root='lvm/matrix-root'
+    linux /boot/vmlinuz-linux-libre root=/dev/matrix/root cryptdevice=/dev/sda1:root \
+    cryptkey=rootfs:/etc/mykeyfile
+    initrd /boot/initramfs-linux-libre.img
+
+Or, replace it with this, if you are using a Debian-based distribution (e.g., Trisquel GNU+Linux):
+
+    cryptomount -a
+    set root='lvm/matrix-rootvol'
+    linux /vmlinuz root=/dev/mapper/matrix-rootvol cryptdevice=/dev/mapper/matrix-rootvol:root
+    initrd /initrd.img
+
+Remember, that these names come from the instructions to install GNU+Linux
+on Libreboot systems, located [in the docs](index.md). If you followed different instructions,
+(or for some other reason, used different names), simply put the names
+of your **root** and **swap** volumes, in place of the ones used here.
+
+This covers the basic changes that we can make to GRUB; however, there are some more
+changes that you could make, to increase the security of your GRUB configuration.
+If you are interested in those modifications, see the Libreboot guide on [Hardening GRUB](grub_hardening.md).
+
+That's it for the modifications! Now all you need to do is follow the instructions below,
+in order to use this new configuration to boot your system.
+
+## Change the GRUB Configuration File that the Operating System Uses
+Now that we have explained *how* to modify the file itself, we need to explain
+how to actually make our system *use* the new GRUB configuration file to boot.
+
+### Without Re-Flashing the ROM
+To change the GRUB Configuration that our system uses, without having to re-flash the ROM,
+we need to take our **grubest.cfg** file, rename it to **libreboot\_grub**;
+this is because that, by default, GRUB in Libreboot is configured to scan all partitions on
+the main storage for **/boot/grub/libreboot\_grub.cfg** or **/grub/libreboot\_grub.cfg**
+(for systems where **/boot** is on a dedicated partition), and then use it automatically.
+
+Therefore, we need to either copy **libreboot\_grub.cfg** to **/grub**, or to **/boot/grub**:
+
+    $ sudo cp ~/Downloads/libreboot_util/cbfstool/x86_64/libreboot_grub.cfg /boot/grub    # or /grub
+
+Now, the next time we boot our computer, GRUB (in Libreboot) will automatically switch
+to this configuration file. *This means that you do not have to re-flash,
+recompile, or otherwise modify Libreboot at all!*
+
+### With Re-Flashing the ROM
+Changing the GRUB configuration that resides in ROM is a bit more complicated
+that the one in **/**, but most of the hard work is already done.
+
+#### Change grubtest.cfg in ROM
+Now that you have the modified **grubtest.cfg**, we need to remove
+the old **grubtest.cfg** from the ROM, and put in our new one. To remove
+the old one, we will use `cbfstool`:
+
+    $ ./cbfstool libreboot.rom remove -n grubtest.cfg
+
+Then, add the new one to the ROM:
+
+    $ ./cbfstool libreboot.rom add -n grubtest.cfg -f grubtest.cfg -t raw
+
+#### Change MAC address in ROM {#changeMAC}
+The last step before flashing the new ROM, is to change the MAC address inside it.
+Every libreboot ROM image contains a generic MAC address; you want to make sure
+that your ROM image contains yours, so as to not create any problems on your network
+(say, for example, that multiple family members had libreboot computers, and used
+the same ROM image to flash those computers).
+
+To do this, we will use the `ich9gen` utility, also located in **libreboot_util**.
+
+First, you need to find the current MAC address of your computer; there are
+two ways to do this:
+
+1. Read the white label on the bottom of the case (however, this will only work,
+if your motherboard has never been replaced).
+2. Run `ifconfig`; look for your ethernet device (e.g., **enpXXX**
+in Arch-based distributions, or **eth0** in Debian-based distributions),
+and look for a set of characters like this: `00:f3:f0:45:91:fe`.
+
+Next, you need to move **libreboot.rom** to the following folder; this is where
+the executable for `ich9gen` is located:
+
+    $ mv libreboot.rom ~/Downloads/libreboot_r20160907_util/ich9deblob/x86_64
+
+Once there, run the following command, making sure to use your own MAC address,
+instead of what's written below:
+
+    $ ./ich9gen --macaddress XX:XX:XX:XX:XX:XX
+
+Three new files will be created:
+
+*     **ich9fdgbe_4m.bin**: this is for GM45 laptops with the 4MB flash chip.
+*     **ich9fdgbe_8m.bin**: this is for GM45 laptops with the 8MB flash chip.
+*     **ich9fdgbe_16m.bin**: this is for GM45 laptops with the 16MB flash chip.
+
+Look for the one that corresponds to the size of your ROM image; for example,
+if your flash chip size is **8mb**, you'll want to use **ich9fdgbe_8m.bin**.
+
+Now, insert this file (called the `descriptor+gbe`) into the ROM image, using `dd`:
+
+    $ dd if=ich9fdgbe_8m.bin of=libreboot.rom bs=1 count=12k conv=notrunc
+
+Move **libreboot.rom** back to the **libreboot\_util** directory:
+
+    $ mv libreboot.rom ~/Downloads/libreboot_util
+
+You are finally ready to flash the ROM!
+
+#### Flash Updated ROM Image
+The last step of flashing the ROM requires us to change our current working directory
+to **libreboot\_util**:
+
+    $ cd ~/Downloads/libreboot_util
+
+Now, all we have to do is use the `flash` script in this directory,
+with the `update` option, using **libreboot.rom** as the argument:
+
+    $ sudo ./flash update libreboot.rom
+
+Ocassionally, coreboot changes the name of a given board. If `flashrom`
+complains about a board mismatch, but you are sure that you chose the
+correct ROM image, then run this alternative command:
+
+    $ sudo ./flash forceupdate libreboot.rom
+
+You will see the `flashrom` program running for a little while, and you might see errors,
+but if it says `Verifying flash... VERIFIED` at the end, then it’s flashed,
+and should boot. If you see errors, try again (and again, and again).
+The message, `Chip content is identical to the requested image` is also
+an indication of a successful installation.
+
+#### Reboot the Computer
+Now that you have flashed the image, reboot the computer. Keep pressing `spacebar`
+right after you turn it on, until you see the GRUB menu, to prevent libreboot
+from automatically trying to load the operating system.
+
+Scroll down with the arrow keys, and choose the `Load test configuration (grubtest.cfg) inside of CBFS` option;
+this will switch the GRUB configuration to your test version. If all goes well,
+it should prompt you for a GRUB username and password, and then your LUKS password.
+
+Once the operating system starts loading, it will prompt you for your LUKS password again.
+If it continues, and loads into the OS without errors, then that means your flashing
+attempt was a success.
+
+#### Final Steps
+When you are satisfied booting from **grubtest.cfg**, you can create a copy
+of **grubtest.cfg**, called **grub.cfg**.
+
+First, go to the `cbfstool` directory:
+
+    $ cd ~/Downloads/libreboot_util/cbfstool/x86_64/
+
+Then, create a copy of **grubest.cfg**, named **grub.cfg**:
+
+    $ cp grubtest.cfg ./grub.cfg
+
+Now you will use the `sed` command to make several changes to the file:
+the menu entry `'Switch to grub.cfg'` will be changed to `Switch to grubtest.cfg`,
+and inside it, all instances of **grub.cfg** to **grubtest.cfg**.
+This is so that the main configuration still links (in the menu) to **grubtest.cfg**,
+so that you don't have to manually switch to it, in case you ever want to follow
+this guide again in the future (modifying the already modified config).:
+
+    $ sed -e 's:(cbfsdisk)/grub.cfg:(cbfsdisk)/grubtest.cfg:g' -e \
+    >'s:Switch to grub.cfg:Switch to grubtest.cfg:g' < grubtest.cfg > \
+    >grub.cfg
+
+Move **libreboot.rom** from **libreboot\_util** to your current directory:
+
+    $ mv ~/Downloads/libreboot_util/libreboot.rom .
+
+Delete the **grub.cfg** that's already inside the ROM:
+
+    $ ./cbfstool libreboot.rom remove -n grub.cfg
+
+Add your modified **grub.cfg** to the ROM:
+
+    $ ./cbfstool libreboot.rom add -n grub.cfg -f grub.cfg -t raw
+
+Move **libreboot.rom** back to **libreboot\_util**:
+
+    $ mv libreboot.rom ../..
+
+If you don't remember how to flash it, refer back to the *Flash Updated ROM Image*, above; it's the same method as you used before. Afterwards, reboot the machine with your new configuration.
+
+Copyright © 2014, 2015, 2016 Leah Rowe <info@minifree.org>
+
+Copyright © 2017 Elijah Smith <esmith1412@posteo.net>
+
+Permission is granted to copy, distribute and/or modify this document
+under the terms of the GNU Free Documentation License Version 1.3 or any later
+version published by the Free Software Foundation
+with no Invariant Sections, no Front Cover Texts, and no Back Cover Texts.
+A copy of this license is found in [../fdl-1.3.md](../fdl-1.3.md)
+
diff --git a/i18n/fr_FR/docs/gnulinux/grub_hardening.md b/i18n/fr_FR/docs/gnulinux/grub_hardening.md
new file mode 100644
index 00000000..e1329f21
--- /dev/null
+++ b/i18n/fr_FR/docs/gnulinux/grub_hardening.md
@@ -0,0 +1,185 @@
+---
+title: GRUB hardening
+...
+
+This guide deals with various ways in which you can harden your GRUB
+configuration, for security purposes. These steps are optional, but
+highly recommended by the Libreboot project.
+
+GRUB secure boot with GPG
+=========================
+
+This uses the free implementation of the GPG standard for encryption and
+signing/verifying data. We will be using this for checking the signature
+of a Linux kernel at boot time. More information about GPG can be found
+on the [GPG project website](https://www.gnu.org/software/gnupg/). GRUB
+has some GPG support built in, for checking signatures.
+
+This tutorial assumes you have a libreboot image (rom) that you wish to
+modify, to which we shall henceforth refer to as "my.rom". This
+tutorial modifies grubtest.cfg, this means signing and password
+protection will work after switching to it in the main boot menu and
+bricking due to incorrect configuration will be impossible. After you
+are satisfied with the setup, you should transfer the new settings to
+grub.cfg to make your machine actually secure.
+
+First extract the old grubtest.cfg and remove it from the libreboot
+image:
+
+    cbfstool my.rom extract -n grubtest.cfg -f my.grubtest.cfg
+    cbfstool my.rom remove -n grubtest.cfg
+
+Helpful links:
+
+-   [GRUB manual](https://www.gnu.org/software/grub/manual/html_node/Security.html#Security)
+-   [GRUB info pages](http://git.savannah.gnu.org/cgit/grub.git/tree/docs/grub.texi)
+-   [SATA connected storage considered dangerous.](../../faq.md#hddssd-firmware)
+-   [Coreboot GRUB security howto](https://www.coreboot.org/GRUB2#Security)
+
+GRUB Password
+=============
+
+The security of this setup depends on a good GRUB password as GPG
+signature checking can be disabled through the interactive console:
+
+    set check_signatures=no
+
+This is good in that it allows you to occasionally boot unsigned liveCDs
+and such. You may think of supplying signatures on an usb key, but the
+signature checking code currently looks for
+</path/to/filename>.sig when verifying </path/to/filename>
+and as such it is not possible to supply signatures in an alternate
+location.
+
+Note that this is not your LUKS password, but it's a password that you
+have to enter in order to use "restricted" functionality (such as
+console). This protects your system from an attacker simply booting a
+live USB and re-flashing your firmware. *This should be different than
+your LUKS passphrase and user password.*
+
+Use of the *diceware method* is recommended, for generating secure
+passphrases (as opposed to passwords). Diceware method involves using
+dice to generate random numbers, which are then used as an index to pick
+a random word from a large dictionary of words. You can use any language
+(e.g. English, German). Look it up on a search engine. Diceware method
+is a way to generate secure passphrases that are very hard (almost
+impossible, with enough words) to crack, while being easy enough to
+remember. On the other hand, most kinds of secure passwords are hard to
+remember and easier to crack. Diceware passphrases are harder to crack
+because of far higher entropy (there are many words available to use,
+but only about 50 commonly used symbols in pass*words*).
+
+-->
+The GRUB password can be entered in two ways:
+
+-   plaintext
+-   protected with [PBKDF2](https://en.wikipedia.org/wiki/Pbkdf2)
+
+We will (obviously) use the later. Generating the PBKDF2 derived key is
+done using the `grub-mkpasswd-pbkdf2` utility. You can get it by
+installing GRUB version 2. Generate a key by giving it a password:
+    grub-mkpasswd-pbkdf2
+
+Its output will be a string of the following form:
+
+    grub.pbkdf2.sha512.10000.HEXDIGITS.MOREHEXDIGITS
+
+Now open my.grubtest.cfg and put the following before the menu entries
+(prefered above the functions and after other directives). Of course use
+the pbdkf string that you had generated yourself:
+
+    set superusers="root"
+    password_pbkdf2 root grub.pbkdf2.sha512.10000.711F186347156BC105CD83A2ED7AF1EB971AA2B1EB2640172F34B0DEFFC97E654AF48E5F0C3B7622502B76458DA494270CC0EA6504411D676E6752FD1651E749.8DD11178EB8D1F633308FD8FCC64D0B243F949B9B99CCEADE2ECA11657A757D22025986B0FA116F1D5191E0A22677674C994EDBFADE62240E9D161688266A711
+
+Obviously, replace it with the correct hash that you actually got for
+the password that you entered. Meaning, not the hash that you see above!
+
+As enabling password protection as above means that you have to input it
+on every single boot, we will make one menu entry work without it.
+Remember that we will have GPG signing active, thus a potential attacker
+will not be able to boot an arbitrary operating system. We do this by
+adding option `--unrestricted` to a menuentry definition:
+
+    menuentry 'Load Operating System (incl. fully encrypted disks)  [o]' --hotkey='o' --unrestricted {
+    ...
+
+Another good thing to do, if we chose to load signed on-disk GRUB
+configurations, is to remove (or comment out) `unset superusers` in
+function try\_user\_config:
+
+    function try_user_config {
+       set root="${1}"
+       for dir in boot grub grub2 boot/grub boot/grub2; do
+          for name in '' autoboot_ libreboot_ coreboot_; do
+             if [ -f /"${dir}"/"${name}"grub.cfg ]; then
+                #unset superusers
+                configfile /"${dir}"/"${name}"grub.cfg
+             fi
+          done
+       done
+    }
+
+Why? We allowed booting normally without entering a password above. When
+we unset superusers and then load a signed GRUB configuration file, we
+can easily use the command line as password protection will be
+completely disabled. Disabling signature checking and booting whatever
+an attacker wants is then just a few GRUB commands away.
+
+As far as basic password setup is concerned we are done and we can now
+move on to signing.
+
+GPG keys
+========
+
+First generate a GPG keypair to use for signing. Option RSA (sign only)
+is ok.
+
+Warning: GRUB does not read ASCII armored keys. When attempting to
+trust ... a key filename it will print error: bad signature
+
+    mkdir --mode 0700 keys
+    gpg --homedir keys --gen-key
+    gpg --homedir keys --export-secret-keys --armor > boot.secret.key # backup
+    gpg --homedir keys --export > boot.key
+
+Now that we have a key, we can sign some files with it. We have to sign:
+
+-   a kernel
+-   (if we have one) an initramfs
+-   (if we wish to transfer control to it) an on-disk grub.cfg
+-   grubtest.cfg (this is so one can go back to grubtest.cfg after
+    signature checking is enforced. You can always get back to grub.cfg
+    by pressing ESC, but afterwards grubtest.cfg is not signed and it
+    will not load.
+
+Suppose that we have a pair of `my.kernel` and `my.initramfs` and an
+on-disk `libreboot_grub.cfg`. We sign them by issuing the following
+commands:
+
+    gpg --homedir keys --detach-sign my.initramfs
+    gpg --homedir keys --detach-sign my.kernel
+    gpg --homedir keys --detach-sign libreboot_grub.cfg
+    gpg --homedir keys --detach-sign my.grubtest.cfg
+
+Of course some further modifications to my.grubtest.cfg will be
+required. We have to trust the key and enable signature enforcement (put
+this before menu entries):
+
+    trust (cbfsdisk)/boot.key
+    set check_signatures=enforce
+
+What remains now is to include the modifications into the image (rom):
+
+    cbfstool my.rom add -n boot.key -f boot.key -t raw
+    cbfstool my.rom add -n grubtest.cfg -f my.grubtest.cfg -t raw
+    cbfstool my.rom add -n grubtest.cfg.sig -f my.grubtest.cfg.sig -t raw
+
+... and flashing it.
+
+Copyright © 2017 Fedja Beader <fedja@protonmail.ch>\
+
+Permission is granted to copy, distribute and/or modify this document
+under the terms of the GNU Free Documentation License Version 1.3 or any later
+version published by the Free Software Foundation
+with no Invariant Sections, no Front Cover Texts, and no Back Cover Texts.
+A copy of this license is found in [../fdl-1.3.md](../fdl-1.3.md)
diff --git a/i18n/fr_FR/docs/gnulinux/guix_system.md b/i18n/fr_FR/docs/gnulinux/guix_system.md
new file mode 100644
index 00000000..2fad5d99
--- /dev/null
+++ b/i18n/fr_FR/docs/gnulinux/guix_system.md
@@ -0,0 +1,383 @@
+---
+title: Guix System with Full Disk Encryption on Libreboot
+...
+
+Objective
+=========
+
+To provide step-by-step guide for setting up guix system (stand-alone guix)
+with full disk encryption (including /boot) on devices powered by libreboot.
+
+Scope
+=====
+
+Any users, for their generalised use cases, need not stumble away from this
+guide to accomplish the setup.
+
+Advanced users, for deviant use cases, will have to explore outside this
+guide for customisation; although this guide provides information that is
+of paramount use.
+
+Process
+=======
+
+Preparation
+-----------
+
+In your current GNU/Linux System, open terminal as root user.
+
+Insert USB drive and get the USB device name /dev/sdX, where “X” is the
+variable to make a note of.
+
+`lsblk`
+
+Unmount the USB drive just in case if it’s auto-mounted.
+
+`umount /dev/sdX`
+
+Download the latest (a.b.c) Guix System ISO Installer Package (sss) and
+it’s GPG Signature; where “a.b.c” is the variable for version number and
+“sss” is the variable for system architecture.
+
+`wget https://ftp.gnu.org/gnu/guix/guix-system-install-a.b.c.sss-linux.iso.xz`
+
+`wget https://ftp.gnu.org/gnu/guix/guix-system-install-a.b.c.sss-linux.iso.xz.sig`
+
+Import required public key.
+
+`gpg --keyserver pool.sks-keyservers.net --recv-keys 3CE464558A84FDC69DB40CFB090B11993D9AEBB5`
+
+Verify the GPG Signature of the downloaded package.
+
+`gpg --verify guix-system-install-a.b.c.sss-linux.iso.xz.sig`
+
+Extract the ISO Image from the downloaded package.
+
+`xz -d guix-system-install-a.b.c.sss-linux.iso.xz`
+
+Write the extracted ISO Image to the USB drive.
+
+`dd if=guix-system-install-a.b.c.sss-linux.iso of=/dev/sdX; sync`
+
+Reboot the device.
+
+`reboot`
+
+Pre-Installation
+----------------
+
+On reboot, as soon as you see the Libreboot Graphic Art, press arrow keys
+to change the menu entry.
+
+Choose “Search for GRUB2 configuration on external media [s]” and wait
+for the Guix System from USB drive to load.
+
+Set your keyboard layout lo, where “lo” is the two-letter keyboard layout
+code (example: us or uk).
+
+`loadkeys lo`
+
+Unblock network interfaces (if any).
+
+`rfkill unblock all`
+
+Get the names of your network interfaces.
+
+`ifconfig -a`
+
+Bring your required network interface nwif (wired or wireless) up, where
+“nwif” is the variable for interface name. For wired connections,
+this should be enough.
+
+`ifconfig nwif up`
+
+For wireless connection, create a configuration file using text editor,
+where “fname” is the variable for any desired filename.
+
+`nano fname.conf`
+
+Choose, type and save ONE of the following snippets, where ‘nm’ is the
+name of the network you want to connect, ‘pw’ is the corresponding
+network’s password or passphrase and ‘un’ is user identity.
+
+For most private networks:
+```
+network={
+  ssid="nm"
+  key_mgmt=WPA-PSK
+  psk="pw"
+}
+```
+
+(or)
+
+For most public networks:
+```
+network={
+  ssid="nm"
+  key_mgmt=NONE
+}
+```
+
+(or)
+
+For most organisational networks:
+```
+network={
+  ssid="nm"
+  scan_ssid=1
+  key_mgmt=WPA-EAP
+  identity="un"
+  password="pw"
+  eap=PEAP
+  phase1="peaplabel=0"
+  phase2="auth=MSCHAPV2"
+}
+```
+
+Connect to the configured network, where “fname” is the filename and
+“nwif” is the network interface name.
+
+`wpa_supplicant -c fname.conf -i nwif -B`
+
+Assign an IP address to your network interface, where “nwif” is the
+network interface name.
+
+`dhclient -v nwif`
+
+Obtain the device name /dev/sdX in which you would like to deploy and
+install Guix System, where “X” is the variable to make a note of.
+
+`lsblk`
+
+Wipe the respective device. Wait for the command operation to finish.
+
+`dd if=/dev/urandom of=/dev/sdX; sync`
+
+Load device-mapper module in the current kernel.
+
+`modprobe dm_mod`
+
+Partition the respective device. Just do, GPT --> New --> Write --> Quit;
+defaults will be set.
+
+`cfdisk /dev/sdX`
+
+Encrypt the respective partition.
+
+`cryptsetup -v --cipher serpent-xts-plain64 --key-size 512 --hash whirlpool --iter-time 500 --use-random --verify-passphrase luksFormat /dev/sdX1`
+
+Obtain and note down the “LUKS UUID”.
+
+`cryptsetup luksUUID /dev/sdX1`
+
+Open the respective encrypted partition, where “partname” is any
+desired partition name.
+
+`cryptsetup luksOpen /dev/sdX1 partname`
+
+Make filesystem on the respective partition, where “fsname” is any
+desired filesystem name.
+
+`mkfs.btrfs -L fsname /dev/mapper/partname`
+
+Mount the respective filesystem under the current system.
+
+`mount LABEL=fsname /mnt`
+
+Create a swap file and make it readable cum writable only by root.
+
+`dd if=/dev/zero of=/mnt/swapfile bs=1MiB count=2048`
+
+`chmod 600 /mnt/swapfile`
+
+`mkswap /mnt/swapfile`
+
+`swapon /mnt/swapfile`
+
+Installation
+------------
+
+Make the installation packages to be written on the respective
+mounted filesystem.
+
+`herd start cow-store /mnt`
+
+Create the required directory.
+
+`mkdir /mnt/etc`
+
+Create, edit and save the configuration file by typing the following
+code snippet. WATCH-OUT for variables in the code snippet and
+replace them with your relevant values.
+
+`nano /mnt/etc/config.scm`
+
+Snippet:
+
+```
+(use-modules
+	(gnu)
+	(gnu system nss))
+(use-service-modules
+	xorg
+	desktop)
+(use-package-modules
+	certs
+	gnome)
+(operating-system
+	(host-name "hostname")
+	(timezone "Zone/SubZone")
+	(locale "ab_XY.1234")
+	(keyboard-layout
+		(keyboard-layout
+			"xy"
+			"altgr-intl"))
+	(bootloader
+		(bootloader-configuration
+			(bootloader
+				(bootloader
+					(inherit grub-bootloader)
+					(installer #~(const #t))))
+			(keyboard-layout keyboard-layout)))
+	(mapped-devices
+		(list
+			(mapped-device
+				(source
+					(uuid "luks-uuid"))
+					(target "partname")
+					(type luks-device-mapping))))
+	(file-systems
+		(append
+			(list
+				(file-system
+					(device
+						(file-system-label "fsname"))
+					(mount-point "/")
+					(type "btrfs")
+					(dependencies mapped-devices)))
+			%base-file-systems))
+	(users
+		(append
+			(list
+				(user-account
+					(name "username")
+					(comment "Full Name")
+					(group "users")
+					(supplementary-groups '("wheel" "netdev" "audio" "video" "lp" "cdrom" "tape" "kvm"))))
+			%base-user-accounts))
+	(packages
+		(append
+			(list
+				nss-certs)
+			%base-packages))
+	(services
+		(append
+			(list
+				(extra-special-file "/usr/bin/env"
+					(file-append coreutils "/bin/env"))
+				(set-xorg-configuration
+					(xorg-configuration
+						(keyboard-layout keyboard-layout)))
+				(service gnome-desktop-service-type))
+			%desktop-services))
+	(name-service-switch %mdns-host-lookup-nss))
+```
+    
+Initialise new Guix System.
+
+`guix system init /mnt/etc/config.scm /mnt`
+
+Reboot the device.
+
+`reboot`
+
+Post-Installation
+------------
+
+On reboot, as soon as you see the Libreboot Graphic Art, choose
+the option 'Load Operating System [o]'
+
+Enter LUKS Key, for libreboot's grub, as prompted.
+
+You may have to go through warning prompts by repeatedly
+pressing the "enter/return" key.
+
+You will now see guix's grub menu from which you can go with the
+default option.
+
+Enter LUKS Key again, for kernel, as prompted.
+
+Upon GNOME Login Screen, login as "root" with password field empty.
+
+Open terminal from the GNOME Dash.
+
+Set passkey for "root" user. Follow the prompts.
+
+`passwd root`
+
+Set passkey for "username" user. Follow the prompts.
+
+`passwd username`
+
+Update the guix distribution. Wait for the process to finish.
+
+`guix pull`
+
+Update the search paths.
+
+`export PATH="$HOME/.config/guix/current/bin:$PATH"`
+
+`export INFOPATH="$HOME/.config/guix/current/share/info:$INFOPATH"`
+
+Update the guix system. Wait for the process to finish.
+
+`guix system reconfigure /etc/config.scm`
+
+Reboot the device.
+
+`reboot`
+
+Conclusion
+==========
+
+Everything should be stream-lined from now. You can follow your
+regular boot steps without requiring manual intervention. You can
+start logging in as regualar user with the respective "username".
+
+You will have to periodically (at your convenient time) login as root
+and do the update/upgrade part of post-installation section, to keep your
+guix distribution and guix system updated.
+
+That is it! You have now setup guix system with full-disk encryption
+on your device powered by libreboot. Enjoy!
+
+References
+==========
+
+[1] Guix Manual (http://guix.gnu.org/manual/en/).
+
+[2] Libreboot Documentation (https://libreboot.org/docs/).
+
+Acknowledgements
+================
+
+[1] Thanks to Guix Developer, Clement Lassieur (clement@lassieur.org),
+for helping me with the Guile Scheme Code for the Bootloader Configuration.
+
+[2] Thanks to Libreboot Founder and Developer,
+Leah Rowe (leah@libreboot.org), for helping me to understand the
+libreboot’s functionalities better.
+
+License
+=======
+
+Copyright (C) 2019  RAGHAV "RG" GURURAJAN (raghavgururajan@disroot.org).
+
+Permission is granted to copy, distribute and/or modify this document
+under the terms of the GNU Free Documentation License, Version 1.3
+or any later version published by the Free Software Foundation;
+with no Invariant Sections, no Front-Cover Texts, and no Back-Cover Texts.
+
+A copy of the license can be found at
+"https://www.gnu.org/licenses/fdl-1.3.en.html".
\ No newline at end of file
diff --git a/i18n/fr_FR/docs/gnulinux/index.md b/i18n/fr_FR/docs/gnulinux/index.md
new file mode 100644
index 00000000..c5da22e9
--- /dev/null
+++ b/i18n/fr_FR/docs/gnulinux/index.md
@@ -0,0 +1,60 @@
+---
+title: Instructions d'installations de distributions GNU+Linux
+...
+
+Cette sections explique comment se débrouiller avec des systèmes d'exploitations variés (GNU+Linux and non-GNU+Linux) dans Libreboot (e.g. Créer des clef USB démarrables, Installer des systèmes d'exploitations, Changer le menu par défaut de GRUB, etc.).
+
+**NOTE: Cette section est seulement pour la charge utile GRUB. Pour la charge utile depthcharge (utilisée sur les appareils CrOS, comme le Chromebook ASUS C201), des instructions sont encore à écrire.**
+
+Libreboot utilise la charge utile GRUB par défaut, ce qui veut dire que le fichier de configuration GRUB (d'où le menu GRUB apparait) est stocké directement aux côtés de Libreboot et sa charge utile exécutable GRUB, dans la puce de flashage.
+Dans le contexte, celà veut dire qu'installer des distributions et les administrer est légérement différent comparé à un système BIOS traditionnel.
+
+Dans la majorité des systèmes, **/boot** (le dossier qui contient tout les fichiers nécessaires pour le démarrage de votre système d'exploitation) doit être sur sa propre partition et non chiffré (alors que les autres partitions sont chiffrées); c'est pour celà que GRUB (et donc le kernel) peut être chargé et exécuté puisque un micrologiciel traditionnel ne peut pas ouvrir un volume LUKS.
+
+Cependant avec Libreboot, GRUB est déjà inclus en tant que charge utile donc même *boot* peut être chiffré : celà protège **/boot** des altérations apportés par quelqu'un qui aurait un accès physique à la machine.
+
+- [Comment préparer et démarrer un installateur USB dans les systèmes Libreboot](grub_boot_installer.md)
+
+- [Modifier la configuration GRUB dans les systèmes Libreboot](grub_cbfs.md)
+
+- [Distribution Guix avec chiffrement du disque en entier sur Libreboot](guix_system.md)
+
+- [Installer Parabola ou Arch GNU+Linux-libre, avec chiffrement du disque en entier (incluant /boot)](encrypted_parabola.md)
+  
+  - Tutoriel suivant [Configurer Parabola (Après l'installation)](configuring_parabola.md)
+
+- [Installer Hyperbola GNU+Linux, avec chiffrement du disque en entier (incluant /boot)](https://wiki.hyperbola.info/en:guide:encrypted_installation)
+
+- [Installer Trisquel GNU+Linux-Libre, avec chiffrement du disque en entier (incluant /boot)](encrypted_trisquel.md)
+
+- [Installer Debian ou Devuan GNU+Linux-Libre, avec chiffrement du disque en entier (incluant /boot)](encrypted_debian.md)
+
+- [Comment renforcer en sécurité votre configuration GRUB](grub_hardening.md)
+
+
+Fedora ne veut pas démarrer ?
+------------------
+
+Ce qui suit peut s'appliquer aussi à CentOS ou Redhat.
+Quand vous utilisez la configuration GRUB par défaut de Libreboot, et que libreboot-grub utilise
+le grub.cfg (dans /boot/grub2/grub.cfg) de Fedora, Fedora utilise par défaut la commande
+`linux16`, alors que ça devrait être `linux`
+
+Faites ceci dans Fedora:
+
+- Ouvrez `/etc/grub.d/10_linux`
+
+- Mettez la variable `sixteenbit` à jour avec une chaîne de charactères vide puis exécutez :
+
+   grub2-mkconfig -o /boot/grub2/grub.cfg
+
+
+Copyright © 2014, 2015 Leah Rowe <info@minifree.org>
+
+Copyright © 2017 Elijah Smith <esmith1412@posteo.net>
+
+Permission est donnée de copier, distribuer et/ou modifier ce document
+sous les termes de la Licence de documentation libre GNU version 1.3 ou
+quelconque autre versions publiées plus tard par la Free Software Foundation
+sans Sections Invariantes,  Textes de Page de Garde, et Textes de Dernière de Couverture.
+Une copie de cette license peut être trouvé dans [fdl-1.3.md](fdl-1.3.md).