diff options
Diffstat (limited to 'docs/gnulinux')
-rw-r--r-- | docs/gnulinux/encrypted_trisquel.md | 184 | ||||
-rw-r--r-- | docs/gnulinux/grub_boot_installer.md | 171 | ||||
-rw-r--r-- | docs/gnulinux/index.md | 30 |
3 files changed, 257 insertions, 128 deletions
diff --git a/docs/gnulinux/encrypted_trisquel.md b/docs/gnulinux/encrypted_trisquel.md new file mode 100644 index 00000000..d8292aba --- /dev/null +++ b/docs/gnulinux/encrypted_trisquel.md @@ -0,0 +1,184 @@ +--- +title: Installing Trisquel GNU+Linux with Full-Disk Encryption (including /boot) +x-toc enable: true +... + +This guide is written for the Trisquel 7.0 (Belenos) GNU+Linux distribution, but it should also work for Trisquel 6.0 (Toutatis). + +## Boot the Installation Media +Boot your operating system, with the installation media. If you don't know how to do so, refer to [How to Prepare and Boot a USB Installer in Libreboot Systems](grub_boot_installer.md). + +When the Trisquel GRUB screen appears, select the `Install Trisquel in Text Mode` option. + +## Select a Language +The first part of the installation is to select your system's language; I chose `English`. + +## Select Your Location +You will need to select your location; I choose `United States`. + +## Configure the Keyboard +You need to select the right layout for your keyboard; if you want to installer to do it automatically, choose `Yes`, and it will ask you whether or not a series of keys are present on your keyboard. Simply choose `Yes` or `No`, accordingly. + +If you don't want the installer to automatically detect your keyboard layout, choose `No`, and simply select it from a list. + +## Configure the Network + +### Choose the Network Inteface +You will need to select the network interface to be used for the installation. If you have an ethernet (i.e., wired) connection, choose `etho0`; otherwise, choose `wlan0` (for wireless). + +If you choose `wlan0`, enter the passphrase that corresponds to your wireless network's WPA/WPA2 key (Your wireless network should have a password, and no modern router should be using the [WEP protocol](https://en.wikipedia.org/wiki/Wired_Equivalent_Privacy)). + +### Choose Your Hostname +You will need to choose a hostname for the system, which identifies your computer to the network; it can be anything, but it must only consist of numbers, uppercase and lowercase letters, and dashes `-`. + +### Choose a Mirror of the Trisquel Archive +Choose the server from where you will download the Trisquel packages needed for the installation. The choices are separated by country; simply select the one that is closest to where you are. + +After you select the country, you will be taken to a list of different individual servers. If there is more than one option, choose the one that is closest to you; otherwise, select whichever one is available. + +The last step of setting up the network will be entering an HTTP proxy (if you need one to access the network). If you have one, type it here; otherwise, press `Tab`, and then choose `Continue` (using the arrow keys). + +## Loading Additional Components +Now the installer needs to download some more packages, to continue the installation. Depending on your network bandwidth, this could take up to a few minutes to complete. + +## Set Up Users and Passwords +Enter the full name of the user here. You can use your real name, or just a pseudonym; then, choose `Continue`. + +Then it will ask you to enter a *username*. Pick whatever you like, and enter it here. Select `Continue`. + +Choose a passphrase (better than a password). The [diceware](http://world.std.com/~reinhold/diceware.html) method is highly recommended for coming up with one. + +I recommend combining the *diceware* method with something personal about yourself. An example of this would be to choose four words from the *diceware* list, and then come up with a fifth "word" (i.e., a combination of characters that is unique to you, like some name plus a number/special character); this combination dramatically increases the security of a *diceware* passphrase (i.e., even if someone had the entire *diceware* word list, they couldn't figure out your passphrase through brute force). + +**NOTE: This would be difficult for a person to do, even if you *only* used words from the list**. + +For example, say that your cat's name is **Max**, and he is three years old; you could do something like this: + + diceware_word_1 diceware_word_2 diceware_word_3 diceware_word_4 Max=3old + +This has a large degree of randomness (due to the usage of the *diceware* method), and also contains a unique piece of personal information that someone would need to know you, in order to guess; it's a very potent combination. + +After entering this password twice, choose `Continue`. + +It will now ask you if you want to encrypt your home directory. Remember, this is *NOT* to be confused with encrypting your entire disk (the purpose of this guide); it will just be the files that reside in `~`, and it uses a different encryption protocol (`ecryptfs`). If you want to encrypt your home directory here, choose `Yes`; however, since we are going to encrypt the entire installation, that would not only be redundant, but it would also add a noticeable performance penalty, for little security gain in most use cases. This is therefore optional, and *NOT* recommended. Choose `No`. + +## Configure the Clock +The installer will try to auto-detect your time zone; if it chooses correctly, select `Yes`; otherwise, choose `No`, and it will prompt you to select the correct one. + +## Partition Disks +Now it's time to partition the disk; you will be shown several options; choose `Manual` partitioning. + +1. Use the arrow keys to select the drive (look for a matching size and manufacturer name in the description), and press `Enter`. It will ask you if you want to create a new, empty partition table on the device; choose `Yes`. + +2. Your drive will now show as having a single partition, labeled `#1`; select it (it will say `FREE SPACE` beside it), and press `Enter`. + +3. Choose `Create a new partition`. By default, the partition size will be the whole drive; leave it as-is, and select `Continue`. + +4. When it asks for partition type, go with `Primary`; you'll be taken to a screen with a list of information about your new partition; make sure to fill out each field as follows (using the up and down arrows to navigate, and `Enter` to modify an option): + + * Use as: `physical volume for encryption` + * Encryption method: `Device-mapper (dm-crypt)` + * Encryption: `aes` + * key size: `256` + * IV algorithm: `xts-plain64` + * Encryption key: `passphrase` + * Erase data: `Yes` + + For the `Erase data` field, only choose `No`, if this is either a new drive that doesn't have any of your plaintext data, or else if it previously had full-disk encryption. + +5. Choose `Done setting up the partition`. It will take you back to the main partitioning menu. + +6. Choose `Configure encrypted volumes`; the installer will ask if you want to write the changes to disk, and configure the encrypted volumes; choose `Yes`. + +7. Select `Create encrypted volumes`. + +8. Select your partition with the arrow keys (pressing `Spacebar` will make an `*` appear between the brackets; that's how you know it's been selected). Press `Tab`, and choose `Continue`. + +9. Select `Finish`. You will be asked if you really want to erase the drive; choose `Yes` (Erase will take a long time, so be patient. If your old system were encrypted, just let this run for about a minute, and then choose `Cancel`; this will make sure that the LUKS header is completely wiped out). + +10. Now you need to enter a passphrase for encrypting the entire disk. Make sure that this is different from your user password that you created earlier, but still use the [diceware](http://world.std.com/~reinhold/diceware.html) method to create it. You will have to enter the password twice; afterwards, you will be returned to the main partitioning menu. + +11. You will now see your encrypted device at the top of the device list. It will begin with something like this: `Encrypted volume (sdXY_crypt)`. Choose the partition labeled `#1`. + +12. Change the value of `Use as` to `physical volume for LVM`. Then choose `Done setting up the partition`; you will be taken back to the main partitioning menu. + +13. Choose `Configure the Logical Volume Manager`. You will be asked if you want to `Keep current partition layout and configure LVM`; choose `Yes`. + +14. Choose `Create volume group`. You will have to enter a name for the group; use **grubcrypt**. Select the encrypted partition as the device (by pressing `Spacebar`, which will make an `*` appear between the brackets; that's how you know it's been selected). Press `Tab`, and choose `Continue`. + +15. Choose `Create logical volume`. Select the volume group you created in the previous step (i.e., **grubcrypt**), and name it **trisquel**; make the size the entire drive minus 2048 MB (for the swap space). Press `Enter`. + +16. Choose `Create logical volume` again, and select **grubcrypt**. Name this one **swap**, and make the size the default value (it should be about 2048MB). Press `Enter`, and then choose `Finish`. + +17. Now you are back at the main partitioning screen. You will simply set the mount points and filesystems to use for each partition you just created. Under `LVM VG grubcrypt, LV trisquel`, select the first partition: `#1`. Change the values in this section to reflect the following; then choose `Done setting up partition`: + + * use as: `ext4` + * mount point: `/` + +18. Under `LVM VG grubcrypt, LV swap`, select the first partition: `#1`. Change the value of `use as` to `swap area`. Choose `Done setting up partition`. + +19. Finally, when back at the main partitioning screen, choose `Finish partitioning and write changes to disk`. It will ask you to verify that you want to do this; choose `Yes`. + +## Installing the Base System +The hardest part of the installation is done; the installer will now download and install the packages necessary for your system to boot/run. The rest of the process will be mostly automated, but there will be a few things that you have to do yourself. + +### Choose a Kernel +It will ask you which kernel you want to use; choose `linux-generic`. + +**NOTE: After installation, if you want the most up-to-date version of the Linux kernel (Trisquel's kernel is sometimes outdated, even in the testing distro), you might consider using [this repository](https://jxself.org/linux-libre/) instead. These kernels are also deblobbed, like Trisquel's (meaning there are no binary blobs present).** + +### Update Policy +You have to select a policy for installing security updates; I recommend that you choose `Install security updates automatically`, but you can choose not to, if you prefer. + +### Choose a Desktop Environment +When prompted to choose a desktop environment, use the arrow keys to navigate the choices, and press `Spacebar` to choose an option; here are some guidelines: + +* If you want *GNOME*, choose **Trisquel Desktop Environment** +* If you want *LDXE*, choose **Trisquel-mini Desktop Environment** +* If you want *KDE*, choose **Triskel Desktop Environment** + +You might also want to choose some of the other package groups (or none of them, if you want a basic shell); it's up to you. Once you've chosen the option you want, press `Tab`, and then choose `Continue`. + +## Install the GRUB boot loader to the master boot record +The installer will ask you if you want to install the GRUB bootloader to the master boot record; choose `No`. You do not need to install GRUB at all, since in Libreboot, you are using the GRUB payload on the ROM to boot your system. + +The next window will prompt you to enter a `Device for boot loader installation`. Leave the line blank; press `Tab`, and choose `Continue`. + +## System Clock +The installer will ask if your system clock is set to UTC; choose `Yes`. + +## Finishing the Installation +The installer will now give you a message that the installation is complete. Choose `Continue`, remove the installation media, and the system will automatically reboot. + +## Booting your system +At this point, you will have finished the installation. At your GRUB boot screen, press `C` to get to the command line, and enter the following commands at the `grub>` prompt: + + grub> cryptomount -a + grub> set root='lvm/grubcrypt-trisquel' + grub> linux /vmlinuz root=/dev/mapper/grubcrypt-trisquel \ + >cryptdevice=/dev/mapper/grubcrypt-trisquel:root + grub> initrd /initrd.img + grub> boot + +Without specifying a device, **cryptomount's** `-a` parameter tries to unlock *all* detected LUKS volumes (i.e., any LUKS-encrypted device that is connected to the system). You can also specify `-u` (for a UUID). Once logged into the operating system, you can find the UUID by using the `blkid` command: + + $ sudo blkid + +## ecryptfs +If you didn't encrypt your home directory, then you can safely ignore this section; if you did choose to encrypt it, then after you log in, you'll need to run this command: + + $ sudo ecryptfs-unwrap-passphrase + +This will be needed in the future, if you ever need to recover your home directory from another system. Write it down, or (preferably) store it using a password manager (I recommend `keepass`,`keepasX`, or `keepassXC`). + +## Modify grub.cfg (CBFS) +The last step of the proccess is to modify your **grub.cfg** file (in the firmware), and flash the new configuration, [using this tutorial](grub_cbfs.md); this is so that you don't have to manually type in the commands above, every single time you want to boot your computer. You can also make your GRUB configuration much more secure, by following [this guide](grub_hardening.md). + +## Troubleshooting +During boot, some Thinkpads have a faulty DVD drive, which can cause the `cryptomount -a` command to fail, as well as the error `AHCI transfer timed out` (when the Thinkpad X200 is connected to an UltraBase). For both issues, the workaround was to remove the DVD drive (if using the UltraBase, then the whole device must be removed). + +Copyright © 2014, 2015 Leah Rowe <info@minifree.org> + +Copyright © 2017 Elijah Smith <esmith1412@posteo.net> + +Permission is granted to copy, distribute and/or modify this document under the terms of the GNU Free Documentation License Version 1.3 or any later version published by the Free Software Foundation with no Invariant Sections, no Front Cover Texts, and no Back Cover Texts. A copy of this license is found in [../fdl-1.3.md](../fdl-1.3.md) diff --git a/docs/gnulinux/grub_boot_installer.md b/docs/gnulinux/grub_boot_installer.md index 4d6ee92d..aaa1165f 100644 --- a/docs/gnulinux/grub_boot_installer.md +++ b/docs/gnulinux/grub_boot_installer.md @@ -1,138 +1,101 @@ --- -title: How to Install GNU+Linux on a Libreboot System +title: How to Prepare and Boot a USB Installer on Libreboot Systems x-toc-enable: true ... -This section relates to preparing and booting a Live USB for several -GNU+Linux distributions, on your Libreboot system, using nothing more than a USB -flash drive and the `dd` utility. For information on installing GNU+Linux, -refer to [this page](index.md). +This guide explains how to prepare a bootable USB for Libreboot systems that can be used to install several GNU+Linux distributions. For this guide, you will only need a USB flash drive and the `dd` utility (it's installed into all GNU+Linux distributions, by default). -*This section is only for the GRUB payload. For depthcharge (used on -CrOS devices in libreboot), instructions have yet to be written in the -libreboot documentation.* +For information on actually installing specific GNU+Linux distributions, refer to [this page](index.md). -## Prepare the USB Drive (in GNU+Linux) -If you downloaded your ISO while on an existing GNU+Linux system, here is how -to create the bootable GNU+Linux USB drive: +## Prepare the USB Drive in GNU+Linux +If you downloaded your ISO while on an existing GNU+Linux system, here is how to create the bootable GNU+Linux USB drive: -Connect the USB drive. Check `dmesg`: +Connect the USB drive. Check `lsblk`, to confirm its device name (e.g., **/dev/sdX**): - $ dmesg + $ lsblk -Check `lsblk`, to confirm which drive it is: +For this example, let's assume that our drive's name is `sdb`. Make sure that it's not mounted: - $ lsblk - -Check that it wasn't automatically mounted. If it was, unmount it. For -example: - - $ sudo umount /dev/sdX\* + $ sudo umount /dev/sdb -`dmesg` told you what device it is. Overwrite the drive, writing your -distro ISO to it with `dd`. Here is an example: +Overwrite the drive, writing your distro ISO to it with `dd`. For example, if we are installing Trisquel 7.0 64-bit, and it's located in our Downloads folder, this is the command we would run: - $ sudo dd if=gnulinux.iso of=/dev/sdX bs=8M; sync + $ sudo dd if=~/Downloads/trisquel_7.0_amd64.iso of=/dev/sdb bs=8M; sync -You should now be able to boot the installer from your USB drive. -Continue reading, for information about how to do that. +That's it! You should now be able to boot the installer from your USB drive (the instructions for doing so will be given later). -## Prepare the USB drive (in NetBSD) -[This page](https://wiki.netbsd.org/tutorials/how_to_install_netbsd_from_an_usb_memory_stick/) -on the NetBSD website shows how to create a NetBSD bootable USB drive, -from within NetBSD itself. You should use the `dd` method documented there. -This will also work with any GNU+Linux ISO image. +## Prepare the USB drive in NetBSD +[This page](https://wiki.netbsd.org/tutorials how_to_install_netbsd_from_an_usb_memory_stick/) on the NetBSD website shows how to create a NetBSD bootable USB drive, from within NetBSD itself. You should the `dd` method documented there. This will work with any GNU+Linux ISO image. -## Prepare the USB drive (in FreeBSD) -[This page](https://www.freebsd.org/doc/handbook/bsdinstall-pre.html) on -the FreeBSD website shows how to create a bootable USB drive for -installing FreeBSD. Use the `dd` command format on that page. -You can also use the same instructions with any GNU+Linux ISO image.. +## Prepare the USB drive in FreeBSD +[This page](https://www.freebsd.org/doc/handbook/bsdinstall-pre.html) on the FreeBSD website shows how to create a bootable USB drive for installing FreeBSD. Use the `dd` method documented. This will work with any GNU+Linux ISO image. -## Prepare the USB drive (in LibertyBSD or OpenBSD) +## Prepare the USB drive in LibertyBSD or OpenBSD If you downloaded your ISO on a LibertyBSD or OpenBSD system, here is how to create the bootable GNU+Linux USB drive: -Connect the USB drive. Check `dmesg`: +Connect the USB drive. Run `lsblk` to determine which drive it is: - $ dmesg | tail + $ lsblk -Check to confirm which drive it is, for example, if you think its **sd3**: +To confirm that you have the correct drive, use `disklabel`. For example, if you thought the correct drive were **sd3**, run this command: $ disklabel sd3 -Check that it wasn't automatically mounted. If it was, unmount it. For -example: +Make sure that the device isn't mounted, with `doas`; if it is, this command will unmount it: $ doas umount /dev/sd3i -`dmesg` told you what device it is. Overwrite the drive, writing the -OpenBSD installer to it with `dd`. For example: +`lsblk` told you what device it is. Overwrite the drive, writing the OpenBSD installer to it with `dd`. Here's an example: $ doas dd if=gnulinux.iso of=/dev/rsdXc bs=1M; sync -You should now be able to boot the installer from your USB drive. -Continue reading, for information about how to do that. +That's it! You should now be able to boot the installer from your USB drive (the instructions for doing so will be given later). + +## Debian or Devuan net install +1. Download the Debian or Devuan net installer. You can download the Debian ISO from [the Debian homepage](https://www.debian.org/), or the Devuan ISO from [the Devuan homepage](https://www.devuan.org/). -## Debian or Devuan net install? -Download the Debian or Devuan net installer. You can download the ISO -from the homepage on [debian.org](https://www.debian.org/), or [the Devuan homepage](https://www.devuan.org/) for Devuan. Use this on the -GRUB terminal, to boot it from USB (for 64-bit Intel or AMD): +2. Create a bootable USB, using the commands in *Prepare the USB Drive in GNU+Linux*, above. - set root='usb0' - linux /install.amd/vmlinuz - initrd /install.amd/initrd.gz - boot +3. Boot the USB, and enter these commands in the GRUB terminal (for 64-bit Intel or AMD): -If you are on a 32-bit system (e.g. some Thinkpad X60's): + grub> set root='usb0' + grub> linux /install.amd/vmlinuz + grub> initrd /install.amd/initrd.gz + grub> boot - set root='usb0' - linux /install.386/vmlinuz - initrd /install.386/initrd.gz - boot +4. If you are on a 32-bit system (e.g. some Thinkpad X60's), you will need to use these commands: -## Booting ISOLINUX Images + grub> set root='usb0' + grub> linux /install.386/vmlinuz + grub> initrd /install.386/initrd.gz + grub> boot -### Automatic Method -Boot it in GRUB using the *Parse ISOLINUX config (USB)* option. A new -menu should appear in GRUB, showing the boot options for that distro; -this is a GRUB menu, converted from the usual ISOLINUX menu provided by -that distro. +## Booting ISOLINUX Images (Automatic Method) +Boot it in GRUB using the `Parse ISOLINUX config (USB)` option. A new menu should appear in GRUB, showing the boot options for that distro; this is a GRUB menu, converted from the usual ISOLINUX menu provided by that distro. -### Manual Method -These are generic instructions. They may or may not be correct for your -distribution. You must adapt them appropriately, for whatever GNU+Linux -distribution it is that you are trying to install. +## Booting ISOLINUX Images (Manual Method) +These are generic instructions. They may or may not be correct for your distribution. You must adapt them appropriately, for whatever GNU+Linux distribution it is that you are trying to install. -If the ISOLINUX parser or *Search for GRUB configuration* options won't -work, then press C in GRUB to access the command line: +If the `ISOLINUX parser` or `Search for GRUB configuration` options won't work, then press `C` in GRUB to access the command line, then run the `ls` command: grub> ls -Get the device from above output, eg (usb0). Example: +Get the device name from the above output (e.g., `usb0`). Here's an example: grub> cat (usb0)/isolinux/isolinux.cfg -Either this will show the ISOLINUX menuentries for that ISO, or link to -other .cfg files, for example /isolinux/foo.cfg. - -If it did that, then you do: +Either the output of this command will be the ISOLINUX menuentries for that ISO, or link to other `.cfg` files (e.g, **/isolinux/foo.cfg**). For example, if the file found were **foo.cfg**, you would use this command: grub> cat (usb0)/isolinux/foo.cfg -And so on, until you find the correct menuentries for ISOLINUX. *The file -`/isolinux/foo.cfg` is a fictional example. Do not actually use this example, -unless you actually have that file, if it is appropriate.* +And so on, until you find the correct menuentries for ISOLINUX. -For Debian or Devuan (and other Debian-based distros), there are typically -menuentries listed in */isolinux/txt.cfg* or */isolinux/gtk.cfg*. For -dual-architecture ISO images (i686 and x86\_64), there may be separate -files/directories for each architecture. Just keep searching through the -image, until you find the correct ISOLINUX configuration file. +For Debian-based distros (e.g., Trisquel, Devuan), there are typically menuentries listed in **/isolinux/txt.cfg** or **/isolinux/gtk.cfg**. For dual-architecture ISO images (i686 and x86\_64), there may be separate files directories for each architecture. Just keep searching through the image, until you find the correct ISOLINUX configuration file. **NOTE: Debian 8.6 ISO only lists 32-bit boot options in txt.cfg. This is important, if you want 64-bit booting on your system. Devuan versions based on Debian 8.x may also have the same issue.** -Now, look at the ISOLINUX menuentry. It'll look like this: +Now, look at the ISOLINUX menuentry; it'll look like this: kernel /path/to/kernel append PARAMETERS initrd=/path/to/initrd ... @@ -143,42 +106,26 @@ GRUB works similarly; here are some example GRUB commands: grub> initrd /path/to/initrd grub> boot -Note: `usb0` may be incorrect. Check the output of the `ls` command (in -GRUB), to see a list of USB devices/partitions. Of course, this will vary -from distro to distro. If you did all of that correctly, then it should -now be booting your USB drive in the way that you specified. +Note: `usb0` may be incorrect. Check the output of the `ls` command (in GRUB), to see a list of USB devices/partitions. Of course, this will vary from distro to distro. If you did all of that correctly, then it should now be booting your USB drive in the way that you specified. ## Troubleshooting -Most of these issues occur when using Libreboot with Coreboot's 'text -mode' instead of the Coreboot framebuffer. This mode is useful for -booting payloads, like `MemTest86+`, which expect text-mode, but for -GNU+Linux distributions, it can be problematic when they are trying to -switch to a framebuffer, because it doesn't exist. +Most of these issues occur when using Libreboot with Coreboot's `text-mode`, instead of the Coreboot framebuffer. This mode is useful for booting payloads, like `MemTest86+`, which expect `text-mode`, but for GNU+Linux distributions, it can be problematic when they are trying to switch to a framebuffer, because it doesn't exist. -In most cases, you should use the **vesafb** ROM images. Example filename: -**libreboot\_ukdvorak\_vesafb.rom**. +In most cases, you should use the **vesafb** ROM images. An example filename would be **libreboot\_ukdvorak\_vesafb.rom**. ### Parabola Won't Boot in Text-Mode -Use one of the ROM images with vesafb in the filename (uses coreboot -framebuffer instead of text-mode). +Use one of the ROM images with `vesafb` in the filename (uses Coreboot framebuffer, instead of `text-mode`). ### debian-installer Graphical Corruption in Text-Mode (Debian and Devuan) -When using the ROM images that use Coreboot's "text mode" instead of -the coreboot framebuffer, booting the Debian or Devuan net installer -results in graphical corruption, because it is trying to switch to a -framebuffer, which doesn't exist. Use that kernel parameter on the -`linux` line, when booting it: +When using the ROM images that use Coreboot's `text mode`, instead of the Coreboot framebuffer, booting the Debian or Devuan net installer results in graphical corruption, because it is trying to switch to a framebuffer, which doesn't exist. Use that kernel parameter on the `linux` line, when booting it: vga=normal fb=false -This forces debian-installer to start in text-mode, instead of trying to -switch to a framebuffer. +This forces debian-installer to start in `text-mode`, instead of trying to switch to a framebuffer. -If selecting text-mode from a GRUB menu created using the ISOLINUX -parser, you can press `E` on the menu entry to add this. Or, if you are -booting manually (from GRUB terminal), then just add the parameters. +If selecting `text-mode` from a GRUB menu created using the ISOLINUX parser, you can press `E` on the menu entry to add this. Or, if you are booting manually (from GRUB terminal), then just add the parameters. -This workaround was found on the [Debian site](https://www.debian.org/releases/stable/i386/ch05s04.html). It should also work for Devuan, and any other `apt-get` distro that provides the debian-installer (text mode) net install method. +This workaround was found on the [Debian site](https://www.debian.org/releases/stable/i386/ch05s04.html). It should also work for Devuan, and any other `apt-get` distro that provides the debian-installer (i.e., text-mode) net install method. Copyright © 2014, 2015, 2016 Leah Rowe <info@minifree.org> @@ -186,10 +133,4 @@ Copyright © 2016 Scott Bonds <scott@ggr.com> Copyright © 2017 Elijah Smith <esmith1412@posteo.net> -Permission is granted to copy, distribute and/or modify this document -under the terms of the GNU Free Documentation License Version 1.3 or any later -version published by the Free Software Foundation -with no Invariant Sections, no Front Cover Texts, and no Back Cover Texts. -A copy of this license is found in [../fdl-1.3.md](../fdl-1.3.md) - - +Permission is granted to copy, distribute and/or modify this document under the terms of the GNU Free Documentation License Version 1.3 or any later version published by the Free Software Foundation with no Invariant Sections, no Front Cover Texts, and no Back Cover Texts. A copy of this license is found in [../fdl-1.3.md](../fdl-1.3.md) diff --git a/docs/gnulinux/index.md b/docs/gnulinux/index.md index fac3006a..9cdf5ad5 100644 --- a/docs/gnulinux/index.md +++ b/docs/gnulinux/index.md @@ -2,24 +2,29 @@ title: GNU+Linux Installation Instructions ... -This section explains how to deal with various GNU+Linux distributions -in Libreboot (e.g., Creating bootable USB drives, Installing Operating Systems, -Changing the default GRUB menu, etc.). +This section explains how to deal with various operating systems (both GNU+Linux and non-GNU+Linux) in Libreboot (e.g., Creating bootable USB drives, Installing Operating Systems, Changing the default GRUB menu, etc.). -**NOTE: This section is only for the GRUB payload. For depthcharge -(used on CrOS devices in libreboot), instructions have yet to be written.** +**NOTE: This section is only for the GRUB payload. For the depthcharge payload (used on CrOS devices, like the ASUS C201 Chromebook), instructions have yet to be written.** -- [How to Install GNU+Linux on a Libreboot System](grub_boot_installer.md) +Libreboot uses the GRUB payload by default, which means that the GRUB configuration file (where your GRUB menu comes from) is stored directly alongside Libreboot and its GRUB payload executable, inside the flash chip. In context, this means that installing distributions and managing them is handled slightly differently compared to traditional BIOS systems. -- [Modifying the GRUB Configuration in Libreboot Systems](grub_cbfs.md) +On most systems, **/boot** (the folder that contains all the files needed for your operating system to boot) has to be on its own partition, and left unencrypted (while the other partitions are encrypted); this is so that GRUB (and therefore the kernel) can be loaded and executed, since traditional firmware can't open a LUKS volume. -- [Installing Parabola or Arch Gnu+Linux-Libre, with Full-Disk Encryption (including /boot)](encrypted_parabola.md) - - - Follow-Up Tutorial: [Configuring Parabola (Post-Install)](configuring_parabola.md) +However, with Libreboot, GRUB is already included directly (as a payload), so even **/boot** can be encrypted; this protects **/boot** from tampering by someone with physical access to the machine. -- [Installing Debian or Devuan GNU+Linux-Libre, with Full-Disk Encryption (including /boot)](encrypted_debian.md) +- [How to Prepare and Boot a USB Installer in Libreboot](grub_boot_installer.md) -- [How to Harden Your GRUB Configuration, for Security](grub_hardening.md) +- [Modifying the GRUB Configuration in Libreboot](grub_cbfs.md) + +- [Installing Parabola or Arch GNU+Linux-Libre, with Full-Disk Encryption (including /boot)](encrypted_parabola.md) + + - Follow-Up Tutorial: [Configuring Parabola (Post-Install)](configuring_parabola.md) + +- [Installing Trisquel GNU+Linux-Libre, with Full-Disk Encryption (including /boot)](encrypted_trisquel.md) + +- [Installing Debian or Devuan GNU+Linux-Libre, with Full-Disk Encryption (including /boot)](encrypted_debian.md) + +- [How to Harden Your GRUB Configuration, for Security](grub_hardening.md) Copyright © 2014, 2015 Leah Rowe <info@minifree.org> @@ -30,4 +35,3 @@ under the terms of the GNU Free Documentation License Version 1.3 or any later version published by the Free Software Foundation with no Invariant Sections, no Front Cover Texts, and no Back Cover Texts. A copy of this license is found in [../fdl-1.3.md](../fdl-1.3.md) - |