aboutsummaryrefslogtreecommitdiff
path: root/docs/gnulinux
diff options
context:
space:
mode:
Diffstat (limited to 'docs/gnulinux')
-rw-r--r--docs/gnulinux/configuring_parabola.md2
-rw-r--r--docs/gnulinux/encrypted_parabola.md32
-rw-r--r--docs/gnulinux/grub_boot_installer.md15
-rw-r--r--docs/gnulinux/grub_cbfs.md17
-rw-r--r--docs/gnulinux/grub_hardening.md5
-rw-r--r--docs/gnulinux/index.md19
6 files changed, 63 insertions, 27 deletions
diff --git a/docs/gnulinux/configuring_parabola.md b/docs/gnulinux/configuring_parabola.md
index 1e525f59..935ff099 100644
--- a/docs/gnulinux/configuring_parabola.md
+++ b/docs/gnulinux/configuring_parabola.md
@@ -63,7 +63,7 @@ For more information related to `pacman`, review the following articles on the A
* [Configuring pacman](https://wiki.parabolagnulinux.org/Installation_Guide#Configure_pacman)
* [Using pacman](https://wiki.archlinux.org/index.php/Pacman)
-* [Additional Repositories](https://wiki.parabolagnulinux.org/Official_Repositories>)
+* [Additional Repositories](https://wiki.parabolagnulinux.org/Official_Repositories)
## Updating Parabola
Parabola is kept up-to-date, using `pacman`. When you are updating Parabola,
diff --git a/docs/gnulinux/encrypted_parabola.md b/docs/gnulinux/encrypted_parabola.md
index a4d7dd16..5ff070a6 100644
--- a/docs/gnulinux/encrypted_parabola.md
+++ b/docs/gnulinux/encrypted_parabola.md
@@ -3,6 +3,8 @@ title: Installing Parabola or Arch GNU+Linux-Libre, with Full-Disk Encryption (i
x-toc-enable: true
...
+Also see:
+[Installing Hyperbola GNU+Linux, with Full-Disk Encryption (including /boot)](https://wiki.hyperbola.info/en:guide:encrypted_installation)
This guide covers how to install Parabola GNU+Linux-Libre, with full disk encryption,
including **/boot** (the boot directory). On most systems, **/boot** has
@@ -83,7 +85,9 @@ if it's not new, then there are two ways to handle it:
you can either choose to fill it with zeroes or random data; I chose random data (e.g., `urandom`),
because it's more secure. Depending on the size of the drive, this could take a while to complete:
- `# dd if=/dev/urandom of=/dev/sdX; sync`
+ ~~~
+ # dd if=/dev/urandom of=/dev/sdX; sync
+ ~~~
2. If the drive were previously encrypted, all you need to do is wipe the LUKS header.
The size of the header depends upon the specific model of the hard drive;
@@ -91,12 +95,14 @@ you can find this information by doing some research online.
Refer to this [article](https://www.lisenet.com/2013/luks-add-keys-backup-and-restore-volume-header/), for more information about LUKS headers.
You can either fill the header with zeroes, or with random data; again, I chose random data, using `urandom`:
- `# head -c 3145728 /dev/urandom > /dev/sdX; sync`
+ ~~~
+ # head -c 3145728 /dev/urandom > /dev/sdX; sync
+ ~~~
Also, if you're using an SSD, there are a two things you should keep in mind:
- There are issues with TRIM; it's not enabled by default through LUKS,
-and there are security issues, if you do enable it. See [this page](https://wiki.archlinux.org/index.php/Dm-cryptSpecialties#Discard.2FTRIM_support_for_solid_state_drives_.28SSD.29) for more info.
+and there are security issues, if you do enable it. See [this page](https://wiki.archlinux.org/index.php/Dm-crypt#Specialties) for more info.
- Make sure to read [this article](https://wiki.archlinux.org/index.php/Solid_State_Drives),
for information on managing SSD's in Arch Linux (the information applies to Parabola, as well).
@@ -192,11 +198,15 @@ equally cleverly named as **rootvol**.
Also, make sure to [choose an appropriate swap size](http://www.linux.com/news/software/applications/8208-all-about-linux-swap-space)
(e.g., **2G** refers to two gigabytes; change this however you see fit):
- `# lvcreate -L 2G matrix -n swapvol`
+ ~~~
+ # lvcreate -L 2G matrix -n swapvol
+ ~~~
2. Now, we will create a single, large partition in the rest of the space, for **rootvol**:
- `# lvcreate -l +100%FREE matrix -n rootvol`
+ ~~~
+ # lvcreate -l +100%FREE matrix -n rootvol
+ ~~~
You can also be flexible here, for example you can specify a **/boot**, a **/**,
a **/home**, a **/var**, or a **/usr** volume. For example, if you will be running a
@@ -274,7 +284,7 @@ directory to the one you created in the previous steps, so that you can modify f
and install software onto it, as if it were the host operating system.
To `chroot` into your installation, follow the instructions [on the
-Prabola beginner's guide](https://wiki.parabola.nu/Beginners%27_guide#Chroot_and_configure_the_base_system).
+Parabola beginner's guide](https://wiki.parabola.nu/Beginners%27_guide#Chroot_and_configure_the_base_system).
### Setting up the Locale
Locale refers to the language that your operating system will use, as well as some
@@ -313,7 +323,11 @@ There are several modifications that we need to make to the file:
Make sure to separate each module by one space.
2. Change the value of the uncommented `HOOKS` line to the following:
- “`base udev autodetect modconf block keyboard keymap consolefont encrypt lvm2 filesystems fsck shutdown`”;
+
+ ~~~
+ base udev autodetect modconf block keyboard keymap consolefont encrypt lvm2 filesystems fsck shutdown
+ ~~~
+
here's what each module does:
* `keymap` adds to *initramfs* the keymap that you specified in **/etc/vconsole.conf**
@@ -367,7 +381,7 @@ for the LUKS passphrase, apply here as well. You will set this password with the
### Extra Security Tweaks
There are some final changes that we can make to the installation, to make it
-significantly more secure; these are based on the [Security](https://wiki.archlinux.org/index.php/Securit) section of the Arch wiki.
+significantly more secure; these are based on the [Security](https://wiki.archlinux.org/index.php/Security) section of the Arch wiki.
#### Key Strengthening
We will want to open the configuration file for password settings, and increase
@@ -408,7 +422,7 @@ Edit configuration in `/etc/default/grub`, remembering to use UUID when poitning
Use `blkid` to get list of devices with their respective UUIDs.
Next generate grub.cfg with
- # grub-mkconfig /boot/grub/grub.cfg
+ # grub-mkconfig -o /boot/grub/grub.cfg
If you have separate `/boot` partition, don't forget to add `boot` symlink inside that points to current directory
diff --git a/docs/gnulinux/grub_boot_installer.md b/docs/gnulinux/grub_boot_installer.md
index 085ad34b..7d4375e6 100644
--- a/docs/gnulinux/grub_boot_installer.md
+++ b/docs/gnulinux/grub_boot_installer.md
@@ -25,7 +25,7 @@ Overwrite the drive, writing your distro ISO to it with `dd`. For example, if we
That's it! You should now be able to boot the installer from your USB drive (the instructions for doing so will be given later).
## Prepare the USB drive in NetBSD
-[This page](https://wiki.netbsd.org/tutorials how_to_install_netbsd_from_an_usb_memory_stick/) on the NetBSD website shows how to create a NetBSD bootable USB drive, from within NetBSD itself. You should the `dd` method documented there. This will work with any GNU+Linux ISO image.
+[This page](https://wiki.netbsd.org/tutorials/how_to_install_netbsd_from_an_usb_memory_stick/) on the NetBSD website shows how to create a NetBSD bootable USB drive, from within NetBSD itself. You should the `dd` method documented there. This will work with any GNU+Linux ISO image.
## Prepare the USB drive in FreeBSD
[This page](https://www.freebsd.org/doc/handbook/bsdinstall-pre.html) on the FreeBSD website shows how to create a bootable USB drive for installing FreeBSD. Use the `dd` method documented. This will work with any GNU+Linux ISO image.
@@ -53,18 +53,23 @@ Make sure that the device isn't mounted, with `doas`; if it is, this command wil
That's it! You should now be able to boot the installer from your USB drive (the instructions for doing so will be given later).
## Debian or Devuan net install
-1. Download the Debian or Devuan net installer. You can download the Debian ISO from [the Debian homepage](https://www.debian.org/), or the Devuan ISO from [the Devuan homepage](https://www.devuan.org/).
+Download the Debian or Devuan net installer. You can download the Debian ISO
+from [the Debian homepage](https://www.debian.org/), or the Devuan ISO from
+[the Devuan homepage](https://www.devuan.org/).
-2. Create a bootable USB, using the commands in *Prepare the USB Drive in GNU+Linux*, above.
+Secondly, create a bootable USB drive using the commands in
+[#prepare-the-usb-drive-in-gnulinux](#prepare-the-usb-drive-in-gnulinux).
-3. Boot the USB, and enter these commands in the GRUB terminal (for 64-bit Intel or AMD):
+Thirdly, boot the USB and enter these commands in the GRUB terminal
+(for 64-bit Intel or AMD):
grub> set root='usb0'
grub> linux /install.amd/vmlinuz
grub> initrd /install.amd/initrd.gz
grub> boot
-4. If you are on a 32-bit system (e.g. some Thinkpad X60's), you will need to use these commands:
+If you are on a 32-bit system (e.g. some Thinkpad X60's) then you will need to
+use these commands instead:
grub> set root='usb0'
grub> linux /install.386/vmlinuz
diff --git a/docs/gnulinux/grub_cbfs.md b/docs/gnulinux/grub_cbfs.md
index 5283b4fc..4879d9cf 100644
--- a/docs/gnulinux/grub_cbfs.md
+++ b/docs/gnulinux/grub_cbfs.md
@@ -152,19 +152,17 @@ used by coreboot native graphics initialization.
I'll choose **x200_8mb_usqwerty_vesafb.rom**; I'll copy the file (to the `cbfstool` directory),
and rename it with one command:
- $ mv "x200_8mb_usqwerty_vesafb.rom" ../cbfstool/x86_64/cbfstool/x86_64/libreboot.rom
+ $ mv "x200_8mb_usqwerty_vesafb.rom" ../cbfstool/x86_64/libreboot.rom
#### 2. Create an Image from the Current ROM
The simpler way to get a ROM image is to just create it from your current ROM,
using `flashrom`, making sure to save it in the `cbfstool` folder, inside **libreboot\_util**:
- $ sudo flashrom -p internal -r ~/Downloads/libreboot_util/cbfstool/\
- >x86_64/cbfstool/x86_64/libreboot.rom
+ $ sudo flashrom -p internal -r ~/Downloads/libreboot_util/cbfstool/x86_64/libreboot.rom
If you are told to specify the chip, add the option `-c {your chip}` to the command, like this:
- $ sudo flashrom -c MX25L6405 -p internal -r ~/Downloads/libreboot_util/\
- >cbfstool/x86_64/cbfstool/x86_64/libreboot.rom
+ $ sudo flashrom -c MX25L6405 -p internal -r ~/Downloads/libreboot_util/cbfstool/x86_64/libreboot.rom
Now you are ready to extract the GRUB configuration files from the ROM, and modify them the way you want.
@@ -173,7 +171,7 @@ Now you are ready to extract the GRUB configuration files from the ROM, and modi
You can check the contents of the ROM image, inside CBFS, using `cbfstool`.
First, navigate to the cbfstool folder:
- $ cd ~/Downloads/libreboot_util/cbfstool/x86_64/cbfstool/x86_64/
+ $ cd ~/Downloads/libreboot_util/cbfstool/x86_64/
Then, run the `cbfstool` commmand, with the `print` option; this will display
a list of all the files located in the ROM:
@@ -215,7 +213,7 @@ Or, replace it with this, if you are using a Debian-based distribution (e.g., Tr
cryptomount -a
set root='lvm/matrix-rootvol'
- linux /vmlinuz root=/dev/mapper/matrix-rootvolcryptdevice=/dev/mapper/matrix-rootvol:root
+ linux /vmlinuz root=/dev/mapper/matrix-rootvol cryptdevice=/dev/mapper/matrix-rootvol:root
initrd /initrd.img
Remember, that these names come from the instructions to install GNU+Linux
@@ -243,8 +241,7 @@ the main storage for **/boot/grub/libreboot\_grub.cfg** or **/grub/libreboot\_gr
Therefore, we need to either copy **libreboot\_grub.cfg** to **/grub**, or to **/boot/grub**:
- $ sudo cp ~/Downloads/libreboot_util/cbfstool/x86_64/cbfstool/x86_64/grubtest.cfg \
- >/boot/grub # or /grub
+ $ sudo cp ~/Downloads/libreboot_util/cbfstool/x86_64/grubtest.cfg /boot/grub # or /grub
Now, the next time we boot our computer, GRUB (in Libreboot) will automatically switch
to this configuration file. *This means that you do not have to re-flash,
@@ -354,7 +351,7 @@ of **grubtest.cfg**, called **grub.cfg**.
First, go to the `cbfstool` directory:
- $ cd ~/Downloads/libreboot_util/cbfstool/x86_64/cbfstool/x86_64/
+ $ cd ~/Downloads/libreboot_util/cbfstool/x86_64/
Then, create a copy of **grubest.cfg**, named **grub.cfg**:
diff --git a/docs/gnulinux/grub_hardening.md b/docs/gnulinux/grub_hardening.md
index c32a0534..e1329f21 100644
--- a/docs/gnulinux/grub_hardening.md
+++ b/docs/gnulinux/grub_hardening.md
@@ -33,7 +33,7 @@ Helpful links:
- [GRUB manual](https://www.gnu.org/software/grub/manual/html_node/Security.html#Security)
- [GRUB info pages](http://git.savannah.gnu.org/cgit/grub.git/tree/docs/grub.texi)
-- [SATA connected storage considered dangerous.](../../faq.md#firmware-hddssd)
+- [SATA connected storage considered dangerous.](../../faq.md#hddssd-firmware)
- [Coreboot GRUB security howto](https://www.coreboot.org/GRUB2#Security)
GRUB Password
@@ -81,7 +81,8 @@ installing GRUB version 2. Generate a key by giving it a password:
grub-mkpasswd-pbkdf2
Its output will be a string of the following form:
-grub.pbkdf2.sha512.10000.HEXDIGITS.MOREHEXDIGITS
+
+ grub.pbkdf2.sha512.10000.HEXDIGITS.MOREHEXDIGITS
Now open my.grubtest.cfg and put the following before the menu entries
(prefered above the functions and after other directives). Of course use
diff --git a/docs/gnulinux/index.md b/docs/gnulinux/index.md
index f8738d4a..bc7a04f8 100644
--- a/docs/gnulinux/index.md
+++ b/docs/gnulinux/index.md
@@ -20,12 +20,31 @@ However, with Libreboot, GRUB is already included directly (as a payload), so ev
- Follow-Up Tutorial: [Configuring Parabola (Post-Install)](configuring_parabola.md)
+- [Installing Hyperbola GNU+Linux, with Full-Disk Encryption (including /boot)](https://wiki.hyperbola.info/en:guide:encrypted_installation)
+
- [Installing Trisquel GNU+Linux-Libre, with Full-Disk Encryption (including /boot)](encrypted_trisquel.md)
- [Installing Debian or Devuan GNU+Linux-Libre, with Full-Disk Encryption (including /boot)](encrypted_debian.md)
- [How to Harden Your GRUB Configuration, for Security](grub_hardening.md)
+Fedora won't boot?
+------------------
+
+This may also apply to CentOS or Redhat.
+
+When you use Libreboot's default GRUB config, and libreboot-grub uses fedora's
+default grub.cfg (in /boot/grub2/grub.cfg), fedora by default makes use of the
+`linux16` command, whereas it should be saying `linux`
+
+Do this in fedora:
+
+Open `/etc/grub.d/10_linux`
+
+Set the `sixteenbit` variable to an empty string, then do:
+
+ grub2-mkconfig -o /boot/grub2/grub.cfg
+
Copyright © 2014, 2015 Leah Rowe <info@minifree.org>
Copyright © 2017 Elijah Smith <esmith1412@posteo.net>