diff options
Diffstat (limited to 'docs')
29 files changed, 583 insertions, 425 deletions
diff --git a/docs/bsd/netbsd.md b/docs/bsd/netbsd.md index c3ed6970..323d0301 100644 --- a/docs/bsd/netbsd.md +++ b/docs/bsd/netbsd.md @@ -134,8 +134,11 @@ On your NetBSD root partition, create the `/grub` directory and add the file `libreboot_grub.cfg` to it. Inside the `libreboot_grub.cfg` add these lines: - default=0 timeout=3 menuentry "NetBSD" { - knetbsd -r wd0a (ahci0,netbsd1)/netbsd + default=0 + timeout=3 + + menuentry "NetBSD" { + knetbsd -r wd0a (ahci0,netbsd1)/netbsd } The next time you boot, you'll see the old Grub menu for a few seconds, diff --git a/docs/bsd/openbsd.md b/docs/bsd/openbsd.md index ca9ac387..7fb96d9f 100644 --- a/docs/bsd/openbsd.md +++ b/docs/bsd/openbsd.md @@ -12,13 +12,13 @@ LibertyBSD and prioritise that in this guide. This section relates to preparing, booting and installing OpenBSD on your libreboot system, using nothing more than a USB flash drive (and -*dd*). They've only been tested on a Lenovo ThinkPad x200. +`dd`). They've only been tested on a Lenovo ThinkPad x200. *This section is only for the GRUB payload. For depthcharge (used on CrOS devices in libreboot), instructions have yet to be written in the libreboot documentation.* -install60.fs is the installation image for OpenBSD 6.0. Adapt the +install61.fs is the installation image for OpenBSD 6.1. Adapt the filename accordingly, for a different OpenBSD version or LibertyBSD. Prepare the USB drive (in LibertyBSD or OpenBSD) @@ -27,21 +27,19 @@ Prepare the USB drive (in LibertyBSD or OpenBSD) If you downloaded your ISO on a LibertyBSD or OpenBSD system, here is how to create the bootable LibertyBSD/OpenBSD USB drive: -Connect the USB drive. Check dmesg: +Connect the USB drive and check the system message buffer: $ dmesg | tail -Check to confirm which drive it is, for example, if you think its sd3: +Check to confirm which drive it is, for example, if you think it's `sd3`: $ disklabel sd3 -Check that it wasn't automatically mounted. If it was, unmount it. For -example: +Check that it wasn't automatically mounted. If it was, unmount it: $ doas umount /dev/sd3i -dmesg told you what device it is. Overwrite the drive, writing the -OpenBSD installer to it with dd. For example: +Now write the OpenBSD installer to the drive with `dd`: $ doas dd if=install60.fs of=/dev/rsdXc bs=1M; sync @@ -54,7 +52,7 @@ Prepare the USB drive (in NetBSD) [This page](https://wiki.netbsd.org/tutorials/how_to_install_netbsd_from_an_usb_memory_stick/) on the NetBSD website shows how to create a NetBSD bootable USB drive -from within NetBSD itself. You should use the *dd* method documented +from within NetBSD itself. You should use the `dd` method documented there. This will also work with the OpenBSD image. Prepare the USB drive (in FreeBSD) @@ -62,7 +60,7 @@ Prepare the USB drive (in FreeBSD) [This page](https://www.freebsd.org/doc/handbook/bsdinstall-pre.md) on the FreeBSD website shows how to create a bootable USB drive for -installing FreeBSD. Use the *dd* on that page. You can also use the same +installing FreeBSD. Use the `dd` on that page. You can also use the same instructions with a OpenBSD ISO image. Prepare the USB drive (in GNU+Linux) @@ -88,8 +86,8 @@ example: dmesg told you what device it is. Overwrite the drive, writing your distro ISO to it with dd. For example: - $ sudo dd if=install60.fs of=/dev/sdX bs=8M; sync - # dd if=install60.fs of=/dev/sdX bs=8M; sync + $ sudo dd if=install61.fs of=/dev/sdX bs=8M; sync + # dd if=install61.fs of=/dev/sdX bs=8M; sync You should now be able to boot the installer from your USB drive. Continue reading, for information about how to do that. @@ -99,7 +97,7 @@ Installing OpenBSD without full disk encryption Press C in GRUB to access the command line: - grub> kopenbsd (usb0,openbsd1)/6.0/amd64/bsd.rd + grub> kopenbsd (usb0,openbsd1)/6.1/amd64/bsd.rd grub> boot It will start booting into the OpenBSD installer. Follow the normal @@ -110,7 +108,7 @@ Installing OpenBSD with full disk encryption Not working. You can modify the above procedure (installation w/o encryption) to install OpenBSD using full disk encryption, and it -appears to work, except that its not yet clear how to actually *boot* an +appears to work, except that it's not yet clear how to actually *boot* an OpenBSD+FDE installation using libreboot+Grub2. If you get it working, please let us know. @@ -154,10 +152,16 @@ be used by libreboot. On your OpenBSD root partition, create the `/grub` directory and add the file `libreboot_grub.cfg` to it. Inside the `libreboot_grub.cfg` add these lines: - default=0 timeout=3 menuentry "OpenBSD" { - kopenbsd -r sd0a (ahci0,openbsd1)/bsd + default=0 + timeout=3 + + menuentry "OpenBSD" { + kopenbsd -r sd0a (ahci0,openbsd1)/bsd } +If your OpenBSD installation uses a GPT scheme, use the `gpt4` partition +instead of `openbsd1`. + The next time you boot, you'll see the old Grub menu for a few seconds, then you'll see the a new menu with only OpenBSD on the list. After 3 seconds OpenBSD will boot, or you can hit enter to boot. diff --git a/docs/gnulinux/configuring_parabola.md b/docs/gnulinux/configuring_parabola.md index 052ba5d9..1e525f59 100644 --- a/docs/gnulinux/configuring_parabola.md +++ b/docs/gnulinux/configuring_parabola.md @@ -24,7 +24,7 @@ Paradoxically, as you get more advanced, Parabola can actually become compared to what most distributions provide. You will find over time that other distributions tend to *get in your way*. -A lot of the steps in this guide will refer to the Arch wiki. Arch is +A lot of the steps in this guide will refer to ArchWiki. Arch is the upstream distribution that Parabola uses. Most of this guide will also tell you to read wiki articles, other pages, manuals, and so on. In general, it tries to cherry-pick the most useful information, but @@ -33,21 +33,21 @@ nonetheless, you are encouraged to learn as much as possible. **NOTE: It might take you a few days to fully install your system how you like, depending on how much you need to read. Patience is key, especially for new users.** -The Arch wiki will sometimes use bad language, such as calling the whole +The ArchWiki will sometimes use bad language, such as calling the whole system Linux, using the term **open-source**/**closed-source**, and it will sometimes recommend the use of proprietary software. -You need to be careful about this when reading anything on the Arch wiki. +You need to be careful about this when reading anything on ArchWiki. Some of these steps require internet access. To get initial access for setting up the system (I'll go into networking later), just connect your system to a router, via an ethernet cable, and run the following command: - # systemctl start dhcpcd.service + # systemctl start dhcpcd.service You can stop it later (if needed), by using systemd's `stop` option: - # systemctl stop dhcpcd.service + # systemctl stop dhcpcd.service For most people, this should be enough, but if you don't have DHCP enabled on your network, then you should setup your network connection first: @@ -69,7 +69,7 @@ For more information related to `pacman`, review the following articles on the A Parabola is kept up-to-date, using `pacman`. When you are updating Parabola, make sure to refresh the package list, *before* installing any new updates: - # pacman -Syy + # pacman -Syy **NOTE: According to the Wiki,** `-Syy` **is better than** `-Sy` **, because it refreshes the package list (even if it appears to be up-to-date), which can be useful @@ -77,7 +77,7 @@ when switching to another mirror.** Then, actually update the system: - # pacman -Syu + # pacman -Syu **NOTE: Before installing packages with** `pacman -S`**, always update first, using the two commands above.** @@ -121,16 +121,16 @@ before. In general, keeping notes (such as what I have done with this page) can be very useful as a reference in the future (e.g, if you wanted to re-install it, or install the distro on another computer). -You should also read the Arch wiki article on [System Maintenance](https://wiki.archlinux.org/index.php/System_maintenance), +You should also read the ArchWiki article on [System Maintenance](https://wiki.archlinux.org/index.php/System_maintenance), before continuing. Also, read their article on [enhancing system stability](https://wiki.archlinux.org/index.php/Enhance_system_stability). This is important, so make sure to read them both!* Install `smartmontools`; it can be used to check smart data. HDDs use non-free firmware inside; it's transparent to you, but the smart data comes from it. Therefore, don't rely on it too much), and then read -the Arch wiki [article](https://wiki.archlinux.org/index.php/S.M.A.R.T.) on it, to learn how to use it: +the ArchWiki [article](https://wiki.archlinux.org/index.php/S.M.A.R.T.) on it, to learn how to use it: - # pacman -S smartmontools + # pacman -S smartmontools ### Cleaning the Package Cache *This section provides a brief overview of how to manage the directory that stores @@ -139,7 +139,7 @@ check out the Arch Wiki guide for [Cleaning the Package Cache](https://wiki.arch Here's how to use `pacman`, to clean out all old packages that are cached: - # pacman -Sc + # pacman -Sc The Wiki cautions that this should be used with care. For example, since older packages are deleted from the repository, if you encounter issues @@ -149,7 +149,7 @@ caches available. Only do this ,if you are sure that you won't need it. The Wiki also mentions this method for removing everything from the cache, including currently installed packages that are cached: - # pacman -Scc + # pacman -Scc This is inadvisable, since it means re-downloading the package again, if you wanted to quickly re-install it. This should only be used when disk @@ -183,11 +183,11 @@ Read the entire document linked to above, and then continue. Add your user with the `useradd` command (self explanatory): - # useradd -m -G wheel -s /bin/bash *your_user_name* + # useradd -m -G wheel -s /bin/bash *your_user_name* Set a password, using `passwd`: - # passwd *your_user_name* + # passwd *your_user_name* Like with the installation of Parabola, use of the [*diceware method*](http://world.std.com/~reinhold/diceware.html) is recommended, for generating secure passphrases. @@ -195,32 +195,32 @@ for generating secure passphrases. ### Configure sudo Now that we have a normal user account, we'll want to configure `sudo`, so that user is able to run commands as **root** (e.g., installing software); -this will be necessary to flash the ROM later on. Refer to the Arch wiki's [sudo](https://wiki.archlinux.org/index.php/Sudo) documentation. +this will be necessary to flash the ROM later on. Refer to ArchWiki's [sudo](https://wiki.archlinux.org/index.php/Sudo) documentation. The first step is to install the `sudo` package: - # pacman -S sudo + # pacman -S sudo After installation, we must configure it. To do so, we must modify **/etc/sudoers**. This file must *always* be modified with the `visudo` command. `visudo` can be difficult for beginners to use, so we'll want to edit the file with `nano`, but the trick is that we just can't do this: - # nano /etc/sudoers + # nano /etc/sudoers Because, this will cause us to edit the file directly, which is not the way it was designed to be edited, and could lead to problems with the system. Instead, to temporarily allow us to use `nano` to edit the file, we need to type this into the terminal: - # EDITOR=nano visudo + # EDITOR=nano visudo This will open the **/etc/sudoers** file in `nano`, and we can now safely make changes to it. To give the user we created earlier to ability to use `sudo`, we need to navigate to the end of the file, and add this line on the end: - your_username ALL=(ALL) ALL + your_username ALL=(ALL) ALL Obviously, type in the name of the user you created, instead of **your_username**. Save the file, and exit `nano`; your user now has the ability to use `sudo`. @@ -237,12 +237,12 @@ a sound manager (to make sure you can hear sound through speakers or headphones) or DHCP (which allows you to get an IP address, to connect to the internet). These are just a few examples; there are countless others. -`systemd` is a controversial init system; [here](https://bbs.archlinux.org/viewtopic.php?pid=1149530#p1149530) -is an explanation behind the Arch development team's decision to use it. +`systemd` is a controversial init system; A [forum post](https://bbs.archlinux.org/viewtopic.php?pid=1149530#p1149530) +has an explanation behind the Arch development team's decision to use it. The **manpage** should also help: - # man systemd + # man systemd The section on **unit types** is especially useful. @@ -254,15 +254,15 @@ I will reduce the total size of the journal to 50MiB (that's what the wiki recom Open **/etc/systemd/journald.conf**, and find this line: - #SystemMaxUse= + #SystemMaxUse= Change it to this: - SystemMaxUse=50M + SystemMaxUse=50M Restart `journald`: - # systemctl restart systemd-journald + # systemctl restart systemd-journald The wiki recommends that if the journal gets too large, you can also simply delete (`rm -Rf`) everything inside **/var/log/journald**, but @@ -273,14 +273,14 @@ to delete older records, when the journal size reaches it's limit (according to Finally, the wiki mentions **temporary files**, and the utility for managing them. - # man systemd-tmpfiles + # man systemd-tmpfiles To delete the temporary files, you can use the `clean` option: - # systemd-tmpfiles --clean + # systemd-tmpfiles --clean According to the **manpage**, this *"cleans all files and directories with -an age parameter"*. According to the Arch wiki, this reads information +an age parameter"*. According to ArchWiki, this reads information in **/etc/tmpfiles.d** and **/usr/lib/tmpfiles.d**, to know what actions to perform. Therefore, it is a good idea to read what's stored in these locations, to get a better understanding. @@ -288,7 +288,7 @@ I looked in **/etc/tmpfiles.d/** and found that it was empty on my system. However, **/usr/lib/tmpfiles.d** contained some files. The first one was **etc.conf**, containing information and a reference to this **manpage**: - # man tmpfiles.d + # man tmpfiles.d Read that **manpage**, and then continue studying all the files. @@ -304,42 +304,42 @@ depending on your use case. I enabled it on my system, to see what was in it. Edit **/etc/pacman.conf**, and below the **extra** section add: - [kernels] - Include = /etc/pacman.d/mirrorlist* + [kernels] + Include = /etc/pacman.d/mirrorlist* Now, sync with the newly-added repository: - # pacman -Syy + # pacman -Syy Lastly, list all available packages in this repository: - # pacman -Sl kernels + # pacman -Sl kernels In the end, I decided not to install anything from it, but I kept the repository enabled regardless. ## Setup a Network Connection in Parabola -Read the Arch wiki guide to [Configuring the Network](https://wiki.archlinux.org/index.php/Configuring_Network). +Read the ArchWiki guide to [Configuring the Network](https://wiki.archlinux.org/index.php/Configuring_Network). ### Set the Hostname This should be the same as the hostname that you set in **/etc/hostname**, when installing Parabola. You should also do it with `systemd`. If you chose the hostname *parabola*, do it this way: - # hostnamectl set-hostname parabola + # hostnamectl set-hostname parabola This writes the specified hostname to **/etc/hostname**. More information can be found in these **manpages**: - # man hostname - # info hostname - # man hostnamectl + # man hostname + # info hostname + # man hostnamectl Check **/etc/hosts**, to make sure that the hostname that you put in there during installation is still on each line: - 127.0.0.1 localhost.localdomain localhost parabola - ::1 localhost.localdomain localhost parabola + 127.0.0.1 localhost.localdomain localhost parabola + ::1 localhost.localdomain localhost parabola You'll note that I set both lines; the second line is for IPv6. Since more and more ISPs are providing this now, it's good to be have it enabled, just in case. @@ -348,25 +348,25 @@ The `hostname` utility is part of the `inetutils` package, and is in the **core* installed by default (as part of the **base** package). ### Network Status -According to the Arch wiki, [udev](https://wiki.archlinux.org/index.php/Udev) should already detect +According to ArchWiki, [udev](https://wiki.archlinux.org/index.php/Udev) should already detect the ethernet chipset, and automatically load the driver for it at boot time. You can check this in the **Ethernet controller** section, when running the `lspci` command: - # lspci -v + # lspci -v Look at the remaining sections **Kernel driver in use** and **Kernel modules**. In my case, it was as follows: - Kernel driver in use: e1000e - Kernel modules: e1000e + Kernel driver in use: e1000e + Kernel modules: e1000e Check that the driver was loaded, by issuing `dmesg | grep module_name`. In my case, I did: - # dmesg | grep e1000e + # dmesg | grep e1000e ### Network Device Names -According to the Arch wiki guide on [Configuring Network Device Names](https://wiki.archlinux.org/index.php/Configuring_Network#Device_names), +According to the ArchWiki guide on [Configuring Network Device Names](https://wiki.archlinux.org/index.php/Configuring_Network#Device_names), it is important to note that the old interface names that you might be used to (e.g., `eth0`, `wlan0`, `wwan0`, etc.), if you come from a distribution like Debian or Trisquel, are no longer applicable. Instead, `systemd` creates device names @@ -375,7 +375,7 @@ with a fixed identifier that it automatically generates. An example device name for your ethernet chipset would be `enp0s25`, and is never supposed to change. -If you want to enable the old names, the Arch wiki recommends adding `net.ifnames=0` +If you want to enable the old names, ArchWiki recommends adding `net.ifnames=0` to your kernel parameters (in Libreboot context, this would be accomplished by following the instructions in [How to replace the default GRUB configuration file](grub_cbfs.md)). @@ -383,7 +383,7 @@ For background information, read [Predictable Network Interface Names](http://ww To show what the device names are for your system, run the following command: - # ls /sys/class/net + # ls /sys/class/net [Changing the device names](https://wiki.archlinux.org/index.php/Configuring_Network#Change_device_name) is possible, but for the purposes of this guide, there is no reason to do it. @@ -401,24 +401,24 @@ that you could use. Since we are going with the *MATE Desktop Environment*, we will primarily be following the instructions on the [Arch Linux Package Repository](https://wiki.mate-desktop.org/archlinux_custom_repo) page, but will also refer to the [General Recommendations](https://wiki.archlinux.org/index.php/General_recommendations#Graphical_user_interface) -on the Arch wiki. +on ArchWiki. ### Installing Xorg The first step is to install [**Xorg**](https://wiki.archlinux.org/index.php/Xorg); this provides an implementation of the `X Window System`, which is used to provide a graphical intefrace in GNU+Linux: - # pacman -S xorg-server + # pacman -S xorg-server We also need to install the driver for our hardware. Since I am using a Thinkpad X200, I will use `xf86-video-intel`; it should be the same on the other Thinkpads, as well as the Macbook 1,1 and 2,1. - # pacman -S xf86-video-intel + # pacman -S xf86-video-intel For other systems, you can try: - # pacman -Ss xf86-video- | less + # pacman -Ss xf86-video- | less When this is combined with looking at your `lspci` output, you can determine which driver is needed. By default, `Xorg` will revert to `xf86-video-vesa`, @@ -426,68 +426,69 @@ which is a generic driver, and doesn't provide true hardware acceleration. Other drivers (not just video) can be found by looking at the `xorg-drivers` group: - # pacman -Sg xorg-drivers + # pacman -Sg xorg-drivers ### Xorg Keyboard Layout `xorg` uses a different configuration method for keyboard layouts than Parabola, so you will notice that the layout you set in **/etc/vconsole.conf** earlier might not actually be the same in `xorg`. -Check the Arch wiki's article on [Xorg's keyboard configuration](https://wiki.archlinux.org/index.php/Keyboard_configuration_in_Xorg), for more information. +Check ArchWiki's article on [Xorg's keyboard configuration](https://wiki.archlinux.org/index.php/Keyboard_configuration_in_Xorg), for more information. To see what layout you currently use, try this on a terminal emulator in `xorg`: - # setxkbmap -print -verbose 10 + # setxkbmap -print -verbose 10 I'm simply using the default Qwerty (US) keyboard, so there isn't anything I need -to change here; if you do need to make any changes, the Arch wiki recommends two ways +to change here; if you do need to make any changes, ArchWiki recommends two ways of doing it: manually updating [configuration files](https://wiki.archlinux.org/index.php/Keyboard_configuration_in_Xorg#Using_X_configuration_files) or using the [localectl](https://wiki.archlinux.org/index.php/Keyboard_configuration_in_Xorg#Using_localectl) command. ### Installing MATE Now we have to install the desktop environment itself. According to the Arch Linux Package Repository, if we want all of the MATE Desktop, we need to install two packages: - # pacman -Syy mate mate-extra + # pacman -Syy mate mate-extra The last step is to install a Display Manager; for MATE, we will be using `lightdm` -(it's the recommended Display Manager for the MATE Desktop); for this, we'll follow the insructions [here](https://wiki.mate-desktop.org/archlinux_custom_repo#display_manager_recommended), +(it's the recommended Display Manager for the MATE Desktop); for this, we'll folow the instructions [on the MATE wiki](https://wiki.mate-desktop.org/archlinux_custom_repo#display_manager_recommended), with one small change: the `lightdm-gtk3-greeter` package doesn't exist in Parabola's repositories. So, instead we will install the `lightdm-gtk-greeter` package; it performs the same function. We'll also need the `accountsservice` package, which gives us the login window itself: - # pacman -Syy lightdm-gtk3-greeter accountsservice + # pacman -Syy lightdm-gtk3-greeter accountsservice After installing all the required packages, we need to make it so that the MATE Desktop Environment will start automatically, whenever we boot our computer; to do this, we have to enable the display manager, `lightdm`, as well as the service that will prompt us with a login window, `accounts-daemon`: - # systemctl enable lightdm - # systemctl enable accounts-daemon + # systemctl enable lightdm + # systemctl enable accounts-daemon Now you have installed the *MATE Desktop Environment*,If you wanted -to install another desktop environment, check out some [other options](https://wiki.archlinux.org/index.php/Desktop_environment) on the the Arch wiki. +to install another desktop environment, check out some [other options](https://wiki.archlinux.org/index.php/Desktop_environment) on ArchWiki. ### Configuring Network Manager in MATE Now that we have installed the Mate Desktop environment, and booted into it, we need to set up the network configuration in our graphical environment. -The MATE Desktop wiki recommends that we use Network Manager; the Arch wiki article -about it can be found [here](https://wiki.archlinux.org/index.php/NetworkManager). +The MATE Desktop wiki recommends that we use Network Manager; an +article about Network Manager can be found +[on ArchWiki](https://wiki.archlinux.org/index.php/NetworkManager). We need to install the NetworkManager package: - # pacman -S networkmanager + # pacman -S networkmanager We will also need the Network Manager applet, which will allow us to manage our networks from the system tray: - # pacman -S network-manager-applet + # pacman -S network-manager-applet Finally, we need to start the service (if we want to use it now), or enable it, (so that it will activate automatically, at startup). - # systemctl enable NetworkManager.service + # systemctl enable NetworkManager.service If you need VPN support, you will also want to install the `networkmanager-openvpn` package. @@ -498,11 +499,11 @@ with Network Manager are** `dhcpcd` **and** `wifi-menu`**.** You can see all currently-running services with this command: - # systemctl --type=service + # systemctl --type=service And you can stop them using this command: - # systemctl stop service_name.service + # systemctl stop service_name.service If you want to disable those services, meaning that you no longer want them to start when the computer boots up, you will need to use `systemctl's` `disable` option, diff --git a/docs/gnulinux/encrypted_debian.md b/docs/gnulinux/encrypted_debian.md index 2b95b2a9..83f0dd28 100644 --- a/docs/gnulinux/encrypted_debian.md +++ b/docs/gnulinux/encrypted_debian.md @@ -154,8 +154,8 @@ Choose 'Yes'. It will fail, but don't worry. Then at the main menu, choose 'Continue without a bootloader'. You could also choose 'No'. Choice is irrelevant here. -*You do not need to install GRUB at all, since in libreboot you are -using the GRUB payload (for libreboot) to boot your system directly.* +*Don't forget to have grub-coreboot package installed, even though installing grub to MBR is irrelevant +on libreboot system, grub tools are still needed to eg. generate config (`grub-mkconfig`)* Clock UTC ========= diff --git a/docs/gnulinux/encrypted_parabola.md b/docs/gnulinux/encrypted_parabola.md index c0c395c4..a4d7dd16 100644 --- a/docs/gnulinux/encrypted_parabola.md +++ b/docs/gnulinux/encrypted_parabola.md @@ -20,12 +20,15 @@ This guide borrows heavily from the Parabola wiki, and will constantly link to i For those new to Parabola GNU+Linux-Libre, check their [Beginner section](https://wiki.parabola.nu/Beginners%27_guide#Beginners) for an overview. ## Minumum Requirements -You can find the minimum requirements to run Parabola GNU+Linux [here](https://wiki.parabola.nu/Beginners%27_guide#Minimum_system_requirements). +You can find the minimum requirements to run Parabola GNU+Linux +[on the Parabola wiki](https://wiki.parabola.nu/Beginners%27_guide#Minimum_system_requirements). ## Preparation ### Download the latest ISO -For this guide, I used the *2016.11.03* ISO; the most current image is available [here](https://wiki.parabola.nu/Get_Parabola#Main_live_ISO). +For this guide, I used the *2016.11.03* ISO; the most current image is +available on Parabola's +[downloads page](https://wiki.parabola.nu/Get_Parabola#Main_live_ISO). If you are a complete beginner with GNU+Linux, choose the *Mate Desktop ISO*. it is easier to install Parabola with this version, because it allows you @@ -80,7 +83,7 @@ if it's not new, then there are two ways to handle it: you can either choose to fill it with zeroes or random data; I chose random data (e.g., `urandom`), because it's more secure. Depending on the size of the drive, this could take a while to complete: - # dd if=/dev/urandom of=/dev/sdX; sync + `# dd if=/dev/urandom of=/dev/sdX; sync` 2. If the drive were previously encrypted, all you need to do is wipe the LUKS header. The size of the header depends upon the specific model of the hard drive; @@ -88,7 +91,7 @@ you can find this information by doing some research online. Refer to this [article](https://www.lisenet.com/2013/luks-add-keys-backup-and-restore-volume-header/), for more information about LUKS headers. You can either fill the header with zeroes, or with random data; again, I chose random data, using `urandom`: - # head -c 3145728 /dev/urandom > /dev/sdX; sync + `# head -c 3145728 /dev/urandom > /dev/sdX; sync` Also, if you're using an SSD, there are a two things you should keep in mind: @@ -105,7 +108,7 @@ We'll begin by creating a single, large partition on it, and then encrypting it You will need the `device-mapper` kernel module during the installation; this will enable us to set up our encrypted disk. To load it, use the following command: - # modprobe dm-mod + # modprobe dm-mod We then need to select the **device name** of the drive we're installing the operating system on; see the above method, if needed, for figuring out device names. @@ -113,7 +116,7 @@ see the above method, if needed, for figuring out device names. Now that we have the name of the correct device, we need to create the partition on it. For this, we will use the `cfdisk` command: - # cfdisk /dev/sdX + # cfdisk /dev/sdX 1. Use the arrow keys to select your partition, and if there is already a partition on the drive, select **Delete**, and then **New**. @@ -128,8 +131,8 @@ the partition table has been altered. Now that you have created the partition, it's time to create the encrypted volume on it, using the `cryptsetup` command, like this: - # cryptsetup -v --cipher serpent-xts-plain64 --key-size 512 --hash whirlpool \ - >--iter-time 500 --use-random --verify-passphrase luksFormat /dev/sdXY + # cryptsetup -v --cipher serpent-xts-plain64 --key-size 512 --hash whirlpool \ + >--iter-time 500 --use-random --verify-passphrase luksFormat /dev/sdXY These are just recommended defaults; if you want to use anything else, or to find out what options there are, run `man cryptsetup`. @@ -161,39 +164,39 @@ We will create this using, the [Logical Volume Manager (LVM)](https://wiki.archl First, we need to open the LUKS partition, at **/dev/mapper/lvm**: - # cryptsetup luksOpen /dev/sdXY lvm + # cryptsetup luksOpen /dev/sdXY lvm Then, we create LVM partition: - # pvcreate /dev/mapper/lvm + # pvcreate /dev/mapper/lvm Check to make sure tha the partition was created: - # pvdisplay + # pvdisplay Next, we create the volume group, inside of which the logical volumes will be created. For this example, we will call this group **matrix**. You can call yours whatever you would like; just make sure that you remember its name: - # vgcreate matrix /dev/mapper/lvm + # vgcreate matrix /dev/mapper/lvm Check to make sure that the group was created: - # vgdisplay + # vgdisplay Lastly, we need to create the logical volumes themselves, inside the volume group; one will be our swap, cleverly named **swapvol**, and the other will be our root partition, -equally cleverly named as **root**. +equally cleverly named as **rootvol**. 1. We will create the **swapvol** first (again, choose your own name, if you like). Also, make sure to [choose an appropriate swap size](http://www.linux.com/news/software/applications/8208-all-about-linux-swap-space) (e.g., **2G** refers to two gigabytes; change this however you see fit): - # lvcreate -L 2G matrix -n swapvol + `# lvcreate -L 2G matrix -n swapvol` -2. Now, we will create a single, large partition in the rest of the space, for **root**: +2. Now, we will create a single, large partition in the rest of the space, for **rootvol**: - # lvcreate -l +100%FREE matrix -n root + `# lvcreate -l +100%FREE matrix -n rootvol` You can also be flexible here, for example you can specify a **/boot**, a **/**, a **/home**, a **/var**, or a **/usr** volume. For example, if you will be running a @@ -203,43 +206,43 @@ For a home/laptop system (typical use case), just a root and a swap will do. Verify that the logical volumes were created correctly: - # lvdisplay + # lvdisplay -#### Make the root and swap Partitions Ready for Installation +#### Make the rootvol and swapvol Partitions Ready for Installation The last steps of setting up the drive for installation are turning **swapvol** -into an active swap partition, and formatting **root**. +into an active swap partition, and formatting **rootvol**. To make **swapvol** into a swap partition, we run the `mkswap` (i.e., make swap) command: - # mkswap /dev/mapper/matrix-swapvol + # mkswap /dev/mapper/matrix-swapvol Activate the **swapvol**, allowing it to now be used as swap, using `swapon` (i.e., turn swap on) command: - # swapon /dev/matrix/swapvol + # swapon /dev/matrix/swapvol -Now I have to format **root**, to make it ready for installation; +Now I have to format **rootvol**, to make it ready for installation; I do this with the `mkfs` (i.e., make file system) command. I choose the **ext4** filesystem, but you could use a different one, depending on your use case: - # mkfs.ext4 /dev/mapper/matrix-root + # mkfs.ext4 /dev/mapper/matrix-rootvol -Lastly, I need to mount **root**. Fortunately, GNU+Linux has a directory +Lastly, I need to mount **rootvol**. Fortunately, GNU+Linux has a directory for this very purpose: **/mnt**: - # mount /dev/matrix/root /mnt + # mount /dev/matrix/rootvol /mnt #### Create the /boot and /home Directories -Now that you have mounted **root**, you need to create the two most important +Now that you have mounted **rootvol**, you need to create the two most important folders on it: **/boot** and **/home**; these folder contain your boot files, as well as each user's personal documents, videos, etc.. -Since you mounted **root** at **/mnt**, this is where you must create them; +Since you mounted **rootvol** at **/mnt**, this is where you must create them; you will do so using `mkdir`: - # mkdir -p /mnt/home - # mkdir -p /mnt/boot + # mkdir -p /mnt/home + # mkdir -p /mnt/boot You could also create two separate partitions for **/boot** and **/home**, but such a setup would be for advanced users, and is thus not covered in this guide. @@ -251,7 +254,7 @@ The setup of the drive and partitions is now complete; it's time to actually ins The first step of the actual installation is to choose the server from where we will need to download the packages; for this, we will again refer to the [Parabola Wiki](https://wiki.parabola.nu/Beginners%27_guide#Select_a_mirror). For beginners, I recommend that the edit the file using `nano` (a command-line text editor); -you can learn more about it [here](https://www.nano-editor.org/); for non-beginners, +you can learn more about it on [their website](https://www.nano-editor.org/); for non-beginners, simply edit it with your favorite text editor. ## Install the Base System @@ -261,7 +264,7 @@ refer to [Install the Base System](https://wiki.parabola.nu/Beginners%27_guide#I ## Generate an fstab The next step in the process is to generate a file known as an **fstab**; the purpose of this file is for the operating system to identify the storage device -used by your installation. [Here](https://wiki.parabola.nu/Beginners%27_guide#Generate_an_fstab) are the instructions to generate that file. +used by your installation. [On the Parabola beginner's guide](https://wiki.parabola.nu/Beginners%27_guide#Generate_an_fstab) are the instructions to generate that file. ## Chroot into and Configure the System Now, you need to `chroot` into your new installation, to complete the setup @@ -270,32 +273,33 @@ of an operating system to a different one; in this instance, it means changing directory to the one you created in the previous steps, so that you can modify files and install software onto it, as if it were the host operating system. -To `chroot` into your installation, follow the instructions [here](https://wiki.parabola.nu/Beginners%27_guide#Chroot_and_configure_the_base_system). +To `chroot` into your installation, follow the instructions [on the +Prabola beginner's guide](https://wiki.parabola.nu/Beginners%27_guide#Chroot_and_configure_the_base_system). ### Setting up the Locale Locale refers to the language that your operating system will use, as well as some other considerations related to the region in which you live. To set this up, -follow the instructions [here](https://wiki.parabola.nu/Beginners%27_guide#Locale). +follow the instructions [in the Parabola beginner's guide](https://wiki.parabola.nu/Beginners%27_guide#Locale). ### Setting up the Consolefont and Keymap -This will determine the keyboard layout of your new installation; follow the instructions [here](https://wiki.parabola.nu/Beginners%27_guide#Console_font_and_keymap). +This will determine the keyboard layout of your new installation; follow the instructions [in the Parabola beginner's guide](https://wiki.parabola.nu/Beginners%27_guide#Console_font_and_keymap). ### Setting up the Time Zone You'll need to set your current time zone in the operating system; this will enable applications that require accurate time to work properly (e.g., the web browser). -To do this, follow the instructions [here](https://wiki.parabola.nu/Beginners%27_guide#Time_zone). +To do this, follow the instructions [in the Parabola beginner's guide](https://wiki.parabola.nu/Beginners%27_guide#Time_zone). ### Setting up the Hardware Clock To make sure that your computer has the right time, you'll have to set the time in your computer's internal clock. -Follow the instructions [here](https://wiki.parabola.nu/Beginners%27_guide#Hardware_clock) to do that. +Follow the instructions [in the Parabola beginner's guide](https://wiki.parabola.nu/Beginners%27_guide#Hardware_clock) to do that. ### Setting up the Kernel Modules Now we need to make sure that the kernel has all the modules that it needs to boot the operating system. To do this, we need to edit a file called **mkinitcpio.conf**. -More information about this file can be found [here](https://wiki.parabola.nu/Mkinitcpio), +More information about this file can be found [in the Parabola beginner's guide](https://wiki.parabola.nu/Mkinitcpio), but for the sake of this guide, you simply need to run the following command. - # nano /etc/mkinitcpio.conf + # nano /etc/mkinitcpio.conf There are several modifications that we need to make to the file: @@ -325,41 +329,41 @@ that we encounter problems with the default Linux-Libre kernel (which is continu We will also install the `grub` package, which we will need later, to make our modifications to the GRUB configuration file: - # pacman -S linux-libre-lts grub + # pacman -S linux-libre-lts grub Then, we update both kernels like this, using the `mkinitcpio` command: - # mkinitcpio -p linux-libre - # mkinitcpio -p linux-libre-lts + # mkinitcpio -p linux-libre + # mkinitcpio -p linux-libre-lts ### Setting up the Hostname Now we need to set up the hostname for the system; this is so that our device -can be identified by the network. Refer to [this section](https://wiki.parabola.nu/Beginners%27_guide#Hostname) +can be identified by the network. Refer to [the hostname section](https://wiki.parabola.nu/Beginners%27_guide#Hostname) of the Parabola wiki's Beginner's Guide. You can make the hostname anything you like; for example, if you wanted to choose the hostname **parabola**, you would run the `echo` command, like this: - # echo parabola > /etc/hostname + # echo parabola > /etc/hostname And then you would modify **/etc/hosts** like this, adding the hostname to it: - # nano /etc/hosts + # nano /etc/hosts - #<ip-address> <hostname.domain.org> <hostname> - 127.0.0.1 localhost.localdomain localhost parabola - ::1 localhost.localdomain localhost parabola + #<ip-address> <hostname.domain.org> <hostname> + 127.0.0.1 localhost.localdomain localhost parabola + ::1 localhost.localdomain localhost parabola ### Configure the Network Now that we have a hostname, we need to configure the settings for the rest of the network. -Instructions for setting up a wired connection are [here](https://wiki.parabola.nu/Beginners%27_guide#Wired), -and instructions for setting up a wireless connection are [here](https://wiki.parabola.nu/Beginners%27_guide#Wireless_2). +Instructions for setting up a wired connection are [in the Parabola beginner's guide](https://wiki.parabola.nu/Beginners%27_guide#Wired), +and instructions for setting up a wireless connection are [in the Parabola beginner's guide](https://wiki.parabola.nu/Beginners%27_guide#Wireless_2). ### Set the root Password The **root** account has control over all the files in the computer; for security, we want to protect it with a password. The password requirements given above, for the LUKS passphrase, apply here as well. You will set this password with the `passwd` command: - # passwd + # passwd ### Extra Security Tweaks There are some final changes that we can make to the installation, to make it @@ -369,7 +373,7 @@ significantly more secure; these are based on the [Security](https://wiki.archli We will want to open the configuration file for password settings, and increase the strength of our **root** password: - # nano /etc/pam.d/passwd + # nano /etc/pam.d/passwd Add `rounds=65536` at the end of the uncommented 'password' line; in simple terms, this will force an attacker to take more time with each password guess, mitigating @@ -380,7 +384,7 @@ You can prevent any user, other than the root user, from accessing the most impo directories in the system, using the `chmod` command; to learn more about this command, run `man chmod`: - # chmod 700 /boot /etc/{iptables,arptables} + # chmod 700 /boot /etc/{iptables,arptables} #### Lockout User After Three Failed Login Attempts We can also setup the system to lock a user's account, after three failed login attempts. @@ -388,16 +392,27 @@ We can also setup the system to lock a user's account, after three failed login To do this, we will need to edit the file **/etc/pam.d/system-login**, and comment out this line: - auth required pam\_tally.so onerr=succeed file=/var/log/faillog*\ + auth required pam\_tally.so onerr=succeed file=/var/log/faillog*\ You could also just delete it. Above it, put the following line: - auth required pam\_tally.so deny=2 unlock\_time=600 onerr=succeed file=/var/log/faillog + auth required pam\_tally.so deny=2 unlock\_time=600 onerr=succeed file=/var/log/faillog This configuration will lock the user out for ten minutes. You can unlock a user's account manually, using the **root** account, with this command: - # pam_tally --user *theusername* --reset + # pam_tally --user *theusername* --reset + +#### Generate grub.cfg +Edit configuration in `/etc/default/grub`, remembering to use UUID when poitning to mbr/gpt partition. +Use `blkid` to get list of devices with their respective UUIDs. +Next generate grub.cfg with + + # grub-mkconfig /boot/grub/grub.cfg + +If you have separate `/boot` partition, don't forget to add `boot` symlink inside that points to current directory + + # cd /boot; ln -s . boot ## Unmount All Partitions and Reboot Congratulations! You have finished the installation of Parabola GNU+Linux-Libre. @@ -405,51 +420,50 @@ Now it is time to reboot the system, but first, there are several preliminary st Exit from `chroot`, using the `exit` command: - # exit + # exit Unmount all of the partitions from **/mnt**, and "turn off" the swap volume: - # umount -R /mnt - # swapoff -a + # umount -R /mnt + # swapoff -a -Deactivate the **root** and **swapvol** logical volumes: +Deactivate the **rootvol** and **swapvol** logical volumes: - # lvchange -an /dev/matrix/root - # lvchange -an /dev/matrix/swapvol + # lvchange -an /dev/matrix/rootvol + # lvchange -an /dev/matrix/swapvol Lock the encrypted partition (i.e., close it): - # cryptsetup luksClose lvm + # cryptsetup luksClose lvm Shutdown the machine: - # shutdown -h now + # shutdown -h now After the machine is off, remove the installation media, and turn it on. -## Booting the New Installation, from GRUB -When starting your installation for the first time, you have to manually boot +## Booting the installation manually from GRUB +When you forget to configure or misconfigure grub on your hdd, you have to manually boot the system by entering a series of commands into the GRUB command line. + After the computer starts, Press `C` to bring up the GRUB command line. You can either boot the normal kernel, or the LTS kernel we installed; here are the commands for the normal kernel: - grub> cryptomount -a - grub> set root='lvm/matrix-root' - grub> linux /boot/vmlinuz-linux-libre root=/dev/matrix/root cryptdevice=/dev/sda1:root - grub> initrd /boot/initramfs-linux-libre.img - grub> boot + grub> cryptomount -a + grub> set root='lvm/matrix-rootvol' + grub> linux /boot/vmlinuz-linux-libre root=/dev/matrix/rootvol cryptdevice=/dev/sda1:root + grub> initrd /boot/initramfs-linux-libre.img + grub> boot If you're trying to boot the LTS kernel, simply add **-lts** to the end of each command that contains the kernel (e.g., **/boot/vmlinuz-linux-libre** would be **/boot/vmlinuz/linux-libre-lts**). -**NOTE: on some Thinkpads, during boot, a faulty DVD drive can cause -the** `cryptomount -a` **command to fail, as well as the error** `AHCI transfer timed out` -**(when the Thinkpad X200 is connected to an UltraBase). For both issues, -the workaround was to remove the DVD drive (if using the UltraBase, -then the whole device must be removed).** +**NOTE: on machines with native sata, during boot a (faulty) optical disc drive (like dvd) can cause +the** `cryptomount -a` **command to fail/hang, as well as the error** `AHCI transfer timed out` +**The workaround was to remove the DVD drive.** ## Follow-Up Tutorial: Configuring Parabola The next step of the setup process is to modify the configuration file that diff --git a/docs/gnulinux/encrypted_trisquel.md b/docs/gnulinux/encrypted_trisquel.md new file mode 100644 index 00000000..8768c5c7 --- /dev/null +++ b/docs/gnulinux/encrypted_trisquel.md @@ -0,0 +1,184 @@ +--- +title: Installing Trisquel GNU+Linux with Full-Disk Encryption (including /boot) +x-toc enable: true +... + +This guide is written for the Trisquel 7.0 (Belenos) GNU+Linux distribution, but it should also work for Trisquel 6.0 (Toutatis). + +## Boot the Installation Media +Boot your operating system, with the installation media. If you don't know how to do so, refer to [How to Prepare and Boot a USB Installer in Libreboot Systems](grub_boot_installer.md). + +When the Trisquel GRUB screen appears, select the `Install Trisquel in Text Mode` option. + +## Select a Language +The first part of the installation is to select your system's language; I chose `English`. + +## Select Your Location +You will need to select your location; I choose `United States`. + +## Configure the Keyboard +You need to select the right layout for your keyboard; if you want to installer to do it automatically, choose `Yes`, and it will ask you whether or not a series of keys are present on your keyboard. Simply choose `Yes` or `No`, accordingly. + +If you don't want the installer to automatically detect your keyboard layout, choose `No`, and simply select it from a list. + +## Configure the Network + +### Choose the Network Inteface +You will need to select the network interface to be used for the installation. If you have an ethernet (i.e., wired) connection, choose `etho0`; otherwise, choose `wlan0` (for wireless). + +If you choose `wlan0`, enter the passphrase that corresponds to your wireless network's WPA/WPA2 key (Your wireless network should have a password, and no modern router should be using the [WEP protocol](https://en.wikipedia.org/wiki/Wired_Equivalent_Privacy)). + +### Choose Your Hostname +You will need to choose a hostname for the system, which identifies your computer to the network; it can be anything, but it must only consist of numbers, uppercase and lowercase letters, and dashes `-`. + +### Choose a Mirror of the Trisquel Archive +Choose the server from where you will download the Trisquel packages needed for the installation. The choices are separated by country; simply select the one that is closest to where you are. + +After you select the country, you will be taken to a list of different individual servers. If there is more than one option, choose the one that is closest to you; otherwise, select whichever one is available. + +The last step of setting up the network will be entering an HTTP proxy (if you need one to access the network). If you have one, type it here; otherwise, press `Tab`, and then choose `Continue` (using the arrow keys). + +## Loading Additional Components +Now the installer needs to download some more packages, to continue the installation. Depending on your network bandwidth, this could take up to a few minutes to complete. + +## Set Up Users and Passwords +Enter the full name of the user here. You can use your real name, or just a pseudonym; then, choose `Continue`. + +Then it will ask you to enter a *username*. Pick whatever you like, and enter it here. Select `Continue`. + +Choose a passphrase (better than a password). The [diceware](http://world.std.com/~reinhold/diceware.html) method is highly recommended for coming up with one. + +I recommend combining the *diceware* method with something personal about yourself. An example of this would be to choose four words from the *diceware* list, and then come up with a fifth "word" (i.e., a combination of characters that is unique to you, like some name plus a number/special character); this combination dramatically increases the security of a *diceware* passphrase (i.e., even if someone had the entire *diceware* word list, they couldn't figure out your passphrase through brute force). + +**NOTE: This would be difficult for a person to do, even if you *only* used words from the list**. + +For example, say that your cat's name is **Max**, and he is three years old; you could do something like this: + + diceware_word_1 diceware_word_2 diceware_word_3 diceware_word_4 Max=3old + +This has a large degree of randomness (due to the usage of the *diceware* method), and also contains a unique piece of personal information that someone would need to know you, in order to guess; it's a very potent combination. + +After entering this password twice, choose `Continue`. + +It will now ask you if you want to encrypt your home directory. Remember, this is *NOT* to be confused with encrypting your entire disk (the purpose of this guide); it will just be the files that reside in `~`, and it uses a different encryption protocol (`ecryptfs`). If you want to encrypt your home directory here, choose `Yes`; however, since we are going to encrypt the entire installation, that would not only be redundant, but it would also add a noticeable performance penalty, for little security gain in most use cases. This is therefore optional, and *NOT* recommended. Choose `No`. + +## Configure the Clock +The installer will try to auto-detect your time zone; if it chooses correctly, select `Yes`; otherwise, choose `No`, and it will prompt you to select the correct one. + +## Partition Disks +Now it's time to partition the disk; you will be shown several options; choose `Manual` partitioning. + +1. Use the arrow keys to select the drive (look for a matching size and manufacturer name in the description), and press `Enter`. It will ask you if you want to create a new, empty partition table on the device; choose `Yes`. + +2. Your drive will now show as having a single partition, labeled `#1`; select it (it will say `FREE SPACE` beside it), and press `Enter`. + +3. Choose `Create a new partition`. By default, the partition size will be the whole drive; leave it as-is, and select `Continue`. + +4. When it asks for partition type, go with `Primary`; you'll be taken to a screen with a list of information about your new partition; make sure to fill out each field as follows (using the up and down arrows to navigate, and `Enter` to modify an option): + + * Use as: `physical volume for encryption` + * Encryption method: `Device-mapper (dm-crypt)` + * Encryption: `aes` + * key size: `256` + * IV algorithm: `xts-plain64` + * Encryption key: `passphrase` + * Erase data: `Yes` + + For the `Erase data` field, only choose `No`, if this is either a new drive that doesn't have any of your plaintext data, or else if it previously had full-disk encryption. + +5. Choose `Done setting up the partition`. It will take you back to the main partitioning menu. + +6. Choose `Configure encrypted volumes`; the installer will ask if you want to write the changes to disk, and configure the encrypted volumes; choose `Yes`. + +7. Select `Create encrypted volumes`. + +8. Select your partition with the arrow keys (pressing `Spacebar` will make an `*` appear between the brackets; that's how you know it's been selected). Press `Tab`, and choose `Continue`. + +9. Select `Finish`. You will be asked if you really want to erase the drive; choose `Yes` (Erase will take a long time, so be patient. If your old system were encrypted, just let this run for about a minute, and then choose `Cancel`; this will make sure that the LUKS header is completely wiped out). + +10. Now you need to enter a passphrase for encrypting the entire disk. Make sure that this is different from your user password that you created earlier, but still use the [diceware](http://world.std.com/~reinhold/diceware.html) method to create it. You will have to enter the password twice; afterwards, you will be returned to the main partitioning menu. + +11. You will now see your encrypted device at the top of the device list. It will begin with something like this: `Encrypted volume (sdXY_crypt)`. Choose the partition labeled `#1`. + +12. Change the value of `Use as` to `physical volume for LVM`. Then choose `Done setting up the partition`; you will be taken back to the main partitioning menu. + +13. Choose `Configure the Logical Volume Manager`. You will be asked if you want to `Keep current partition layout and configure LVM`; choose `Yes`. + +14. Choose `Create volume group`. You will have to enter a name for the group; use **grubcrypt**. Select the encrypted partition as the device (by pressing `Spacebar`, which will make an `*` appear between the brackets; that's how you know it's been selected). Press `Tab`, and choose `Continue`. + +15. Choose `Create logical volume`. Select the volume group you created in the previous step (i.e., **grubcrypt**), and name it **trisquel**; make the size the entire drive minus 2048 MB (for the swap space). Press `Enter`. + +16. Choose `Create logical volume` again, and select **grubcrypt**. Name this one **swap**, and make the size the default value (it should be about 2048MB). Press `Enter`, and then choose `Finish`. + +17. Now you are back at the main partitioning screen. You will simply set the mount points and filesystems to use for each partition you just created. Under `LVM VG grubcrypt, LV trisquel`, select the first partition: `#1`. Change the values in this section to reflect the following; then choose `Done setting up partition`: + + * use as: `ext4` + * mount point: `/` + +18. Under `LVM VG grubcrypt, LV swap`, select the first partition: `#1`. Change the value of `use as` to `swap area`. Choose `Done setting up partition`. + +19. Finally, when back at the main partitioning screen, choose `Finish partitioning and write changes to disk`. It will ask you to verify that you want to do this; choose `Yes`. + +## Installing the Base System +The hardest part of the installation is done; the installer will now download and install the packages necessary for your system to boot/run. The rest of the process will be mostly automated, but there will be a few things that you have to do yourself. + +### Choose a Kernel +It will ask you which kernel you want to use; choose `linux-generic`. + +**NOTE: After installation, if you want the most up-to-date version of the Linux kernel (Trisquel's kernel is sometimes outdated, even in the testing distro), you might consider using [this repository](https://jxself.org/linux-libre/) instead. These kernels are also deblobbed, like Trisquel's (meaning there are no binary blobs present).** + +### Update Policy +You have to select a policy for installing security updates; I recommend that you choose `Install security updates automatically`, but you can choose not to, if you prefer. + +### Choose a Desktop Environment +When prompted to choose a desktop environment, use the arrow keys to navigate the choices, and press `Spacebar` to choose an option; here are some guidelines: + +* If you want *GNOME*, choose **Trisquel Desktop Environment** +* If you want *LDXE*, choose **Trisquel-mini Desktop Environment** +* If you want *KDE*, choose **Triskel Desktop Environment** + +You might also want to choose some of the other package groups (or none of them, if you want a basic shell); it's up to you. Once you've chosen the option you want, press `Tab`, and then choose `Continue`. + +## Install the GRUB boot loader to the master boot record +The installer will ask you if you want to install the GRUB bootloader to the master boot record; choose `No`. You do not need to install GRUB at all, since in Libreboot, you are using the GRUB payload on the ROM to boot your system. + +The next window will prompt you to enter a `Device for boot loader installation`. Leave the line blank; press `Tab`, and choose `Continue`. + +## System Clock +The installer will ask if your system clock is set to UTC; choose `Yes`. + +## Finishing the Installation +The installer will now give you a message that the installation is complete. Choose `Continue`, remove the installation media, and the system will automatically reboot. + +## Booting your system +At this point, you will have finished the installation. At your GRUB boot screen, press `C` to get to the command line, and enter the following commands at the `grub>` prompt: + + grub> cryptomount -a + grub> set root='lvm/grubcrypt-trisquel' + grub> linux /vmlinuz root=/dev/mapper/grubcrypt-trisquel \ + >cryptdevice=/dev/mapper/grubcrypt-trisquel:root + grub> initrd /initrd.img + grub> boot + +Without specifying a device, **cryptomount's** `-a` parameter tries to unlock *all* detected LUKS volumes (i.e., any LUKS-encrypted device that is connected to the system). You can also specify `-u` (for a UUID). Once logged into the operating system, you can find the UUID by using the `blkid` command: + + $ sudo blkid + +## ecryptfs +If you didn't encrypt your home directory, then you can safely ignore this section; if you did choose to encrypt it, then after you log in, you'll need to run this command: + + $ sudo ecryptfs-unwrap-passphrase + +This will be needed in the future, if you ever need to recover your home directory from another system. Write it down, or (preferably) store it using a password manager (I recommend `keepass`,`keepasX`, or `keepassXC`). + +## Modify grub.cfg (CBFS) +The last step of the proccess is to modify your **grub.cfg** file (in the firmware), and flash the new configuration, [using this tutorial](grub_cbfs.md); this is so that you don't have to manually type in the commands above, every single time you want to boot your computer. You can also make your GRUB configuration much more secure, by following [this guide](grub_hardening.md). + +## Troubleshooting +During boot, some Thinkpads have a faulty DVD drive, which can cause the `cryptomount -a` command to fail, as well as the error `AHCI transfer timed out` (when the Thinkpad X200 is connected to an UltraBase). For both issues, the workaround was to remove the DVD drive (if using the UltraBase, then the whole device must be removed). + +Copyright © 2014, 2015 Leah Rowe <info@minifree.org> + +Copyright © 2017 Elijah Smith <esmith1412@posteo.net> + +Permission is granted to copy, distribute and/or modify this document under the terms of the GNU Free Documentation License Version 1.3 or any later version published by the Free Software Foundation with no Invariant Sections, no Front Cover Texts, and no Back Cover Texts. A copy of this license is found in [../fdl-1.3.md](../fdl-1.3.md) diff --git a/docs/gnulinux/grub_boot_installer.md b/docs/gnulinux/grub_boot_installer.md index 4d6ee92d..085ad34b 100644 --- a/docs/gnulinux/grub_boot_installer.md +++ b/docs/gnulinux/grub_boot_installer.md @@ -1,184 +1,131 @@ --- -title: How to Install GNU+Linux on a Libreboot System +title: How to Prepare and Boot a USB Installer on Libreboot Systems x-toc-enable: true ... -This section relates to preparing and booting a Live USB for several -GNU+Linux distributions, on your Libreboot system, using nothing more than a USB -flash drive and the `dd` utility. For information on installing GNU+Linux, -refer to [this page](index.md). +This guide explains how to prepare a bootable USB for Libreboot systems that can be used to install several GNU+Linux distributions. For this guide, you will only need a USB flash drive and the `dd` utility (it's installed into all GNU+Linux distributions, by default). -*This section is only for the GRUB payload. For depthcharge (used on -CrOS devices in libreboot), instructions have yet to be written in the -libreboot documentation.* +For information on actually installing specific GNU+Linux distributions, refer to [this page](index.md). -## Prepare the USB Drive (in GNU+Linux) -If you downloaded your ISO while on an existing GNU+Linux system, here is how -to create the bootable GNU+Linux USB drive: +## Prepare the USB Drive in GNU+Linux +If you downloaded your ISO while on an existing GNU+Linux system, here is how to create the bootable GNU+Linux USB drive: -Connect the USB drive. Check `dmesg`: +Connect the USB drive. Check `lsblk`, to confirm its device name (e.g., **/dev/sdX**): - $ dmesg + $ lsblk -Check `lsblk`, to confirm which drive it is: +For this example, let's assume that our drive's name is `sdb`. Make sure that it's not mounted: - $ lsblk + $ sudo umount /dev/sdb -Check that it wasn't automatically mounted. If it was, unmount it. For -example: +Overwrite the drive, writing your distro ISO to it with `dd`. For example, if we are installing Trisquel 7.0 64-bit, and it's located in our Downloads folder, this is the command we would run: - $ sudo umount /dev/sdX\* + $ sudo dd if=~/Downloads/trisquel_7.0_amd64.iso of=/dev/sdb bs=8M; sync -`dmesg` told you what device it is. Overwrite the drive, writing your -distro ISO to it with `dd`. Here is an example: +That's it! You should now be able to boot the installer from your USB drive (the instructions for doing so will be given later). - $ sudo dd if=gnulinux.iso of=/dev/sdX bs=8M; sync +## Prepare the USB drive in NetBSD +[This page](https://wiki.netbsd.org/tutorials how_to_install_netbsd_from_an_usb_memory_stick/) on the NetBSD website shows how to create a NetBSD bootable USB drive, from within NetBSD itself. You should the `dd` method documented there. This will work with any GNU+Linux ISO image. -You should now be able to boot the installer from your USB drive. -Continue reading, for information about how to do that. +## Prepare the USB drive in FreeBSD +[This page](https://www.freebsd.org/doc/handbook/bsdinstall-pre.html) on the FreeBSD website shows how to create a bootable USB drive for installing FreeBSD. Use the `dd` method documented. This will work with any GNU+Linux ISO image. -## Prepare the USB drive (in NetBSD) -[This page](https://wiki.netbsd.org/tutorials/how_to_install_netbsd_from_an_usb_memory_stick/) -on the NetBSD website shows how to create a NetBSD bootable USB drive, -from within NetBSD itself. You should use the `dd` method documented there. -This will also work with any GNU+Linux ISO image. - -## Prepare the USB drive (in FreeBSD) -[This page](https://www.freebsd.org/doc/handbook/bsdinstall-pre.html) on -the FreeBSD website shows how to create a bootable USB drive for -installing FreeBSD. Use the `dd` command format on that page. -You can also use the same instructions with any GNU+Linux ISO image.. - -## Prepare the USB drive (in LibertyBSD or OpenBSD) +## Prepare the USB drive in LibertyBSD or OpenBSD If you downloaded your ISO on a LibertyBSD or OpenBSD system, here is how to create the bootable GNU+Linux USB drive: -Connect the USB drive. Check `dmesg`: +Connect the USB drive. Run `lsblk` to determine which drive it is: - $ dmesg | tail + $ lsblk -Check to confirm which drive it is, for example, if you think its **sd3**: +To confirm that you have the correct drive, use `disklabel`. For example, if you thought the correct drive were **sd3**, run this command: - $ disklabel sd3 + $ disklabel sd3 -Check that it wasn't automatically mounted. If it was, unmount it. For -example: +Make sure that the device isn't mounted, with `doas`; if it is, this command will unmount it: - $ doas umount /dev/sd3i + $ doas umount /dev/sd3i -`dmesg` told you what device it is. Overwrite the drive, writing the -OpenBSD installer to it with `dd`. For example: +`lsblk` told you what device it is. Overwrite the drive, writing the OpenBSD installer to it with `dd`. Here's an example: - $ doas dd if=gnulinux.iso of=/dev/rsdXc bs=1M; sync + $ doas dd if=gnulinux.iso of=/dev/rsdXc bs=1M; sync -You should now be able to boot the installer from your USB drive. -Continue reading, for information about how to do that. +That's it! You should now be able to boot the installer from your USB drive (the instructions for doing so will be given later). -## Debian or Devuan net install? -Download the Debian or Devuan net installer. You can download the ISO -from the homepage on [debian.org](https://www.debian.org/), or [the Devuan homepage](https://www.devuan.org/) for Devuan. Use this on the -GRUB terminal, to boot it from USB (for 64-bit Intel or AMD): +## Debian or Devuan net install +1. Download the Debian or Devuan net installer. You can download the Debian ISO from [the Debian homepage](https://www.debian.org/), or the Devuan ISO from [the Devuan homepage](https://www.devuan.org/). - set root='usb0' - linux /install.amd/vmlinuz - initrd /install.amd/initrd.gz - boot +2. Create a bootable USB, using the commands in *Prepare the USB Drive in GNU+Linux*, above. -If you are on a 32-bit system (e.g. some Thinkpad X60's): +3. Boot the USB, and enter these commands in the GRUB terminal (for 64-bit Intel or AMD): - set root='usb0' - linux /install.386/vmlinuz - initrd /install.386/initrd.gz - boot + grub> set root='usb0' + grub> linux /install.amd/vmlinuz + grub> initrd /install.amd/initrd.gz + grub> boot -## Booting ISOLINUX Images +4. If you are on a 32-bit system (e.g. some Thinkpad X60's), you will need to use these commands: -### Automatic Method -Boot it in GRUB using the *Parse ISOLINUX config (USB)* option. A new -menu should appear in GRUB, showing the boot options for that distro; -this is a GRUB menu, converted from the usual ISOLINUX menu provided by -that distro. + grub> set root='usb0' + grub> linux /install.386/vmlinuz + grub> initrd /install.386/initrd.gz + grub> boot -### Manual Method -These are generic instructions. They may or may not be correct for your -distribution. You must adapt them appropriately, for whatever GNU+Linux -distribution it is that you are trying to install. +## Booting ISOLINUX Images (Automatic Method) +Boot it in GRUB using the `Parse ISOLINUX config (USB)` option. A new menu should appear in GRUB, showing the boot options for that distro; this is a GRUB menu, converted from the usual ISOLINUX menu provided by that distro. -If the ISOLINUX parser or *Search for GRUB configuration* options won't -work, then press C in GRUB to access the command line: +## Booting ISOLINUX Images (Manual Method) +These are generic instructions. They may or may not be correct for your distribution. You must adapt them appropriately, for whatever GNU+Linux distribution it is that you are trying to install. - grub> ls +If the `ISOLINUX parser` or `Search for GRUB configuration` options won't work, then press `C` in GRUB to access the command line, then run the `ls` command: -Get the device from above output, eg (usb0). Example: + grub> ls - grub> cat (usb0)/isolinux/isolinux.cfg +Get the device name from the above output (e.g., `usb0`). Here's an example: -Either this will show the ISOLINUX menuentries for that ISO, or link to -other .cfg files, for example /isolinux/foo.cfg. + grub> cat (usb0)/isolinux/isolinux.cfg -If it did that, then you do: +Either the output of this command will be the ISOLINUX menuentries for that ISO, or link to other `.cfg` files (e.g, **/isolinux/foo.cfg**). For example, if the file found were **foo.cfg**, you would use this command: - grub> cat (usb0)/isolinux/foo.cfg + grub> cat (usb0)/isolinux/foo.cfg -And so on, until you find the correct menuentries for ISOLINUX. *The file -`/isolinux/foo.cfg` is a fictional example. Do not actually use this example, -unless you actually have that file, if it is appropriate.* +And so on, until you find the correct menuentries for ISOLINUX. -For Debian or Devuan (and other Debian-based distros), there are typically -menuentries listed in */isolinux/txt.cfg* or */isolinux/gtk.cfg*. For -dual-architecture ISO images (i686 and x86\_64), there may be separate -files/directories for each architecture. Just keep searching through the -image, until you find the correct ISOLINUX configuration file. +For Debian-based distros (e.g., Trisquel, Devuan), there are typically menuentries listed in **/isolinux/txt.cfg** or **/isolinux/gtk.cfg**. For dual-architecture ISO images (i686 and x86\_64), there may be separate files directories for each architecture. Just keep searching through the image, until you find the correct ISOLINUX configuration file. **NOTE: Debian 8.6 ISO only lists 32-bit boot options in txt.cfg. This is important, if you want 64-bit booting on your system. Devuan versions based on Debian 8.x may also have the same issue.** -Now, look at the ISOLINUX menuentry. It'll look like this: +Now, look at the ISOLINUX menuentry; it'll look like this: - kernel /path/to/kernel append PARAMETERS initrd=/path/to/initrd ... + kernel /path/to/kernel append PARAMETERS initrd=/path/to/initrd ... GRUB works similarly; here are some example GRUB commands: - grub> set root='usb0' - grub> linux /path/to/kernel PARAMETERS MAYBE\_MORE\_PARAMETERS - grub> initrd /path/to/initrd - grub> boot + grub> set root='usb0' + grub> linux /path/to/kernel PARAMETERS MAYBE\_MORE\_PARAMETERS + grub> initrd /path/to/initrd + grub> boot -Note: `usb0` may be incorrect. Check the output of the `ls` command (in -GRUB), to see a list of USB devices/partitions. Of course, this will vary -from distro to distro. If you did all of that correctly, then it should -now be booting your USB drive in the way that you specified. +Note: `usb0` may be incorrect. Check the output of the `ls` command (in GRUB), to see a list of USB devices/partitions. Of course, this will vary from distro to distro. If you did all of that correctly, then it should now be booting your USB drive in the way that you specified. ## Troubleshooting -Most of these issues occur when using Libreboot with Coreboot's 'text -mode' instead of the Coreboot framebuffer. This mode is useful for -booting payloads, like `MemTest86+`, which expect text-mode, but for -GNU+Linux distributions, it can be problematic when they are trying to -switch to a framebuffer, because it doesn't exist. +Most of these issues occur when using Libreboot with Coreboot's `text-mode`, instead of the Coreboot framebuffer. This mode is useful for booting payloads, like `MemTest86+`, which expect `text-mode`, but for GNU+Linux distributions, it can be problematic when they are trying to switch to a framebuffer, because it doesn't exist. -In most cases, you should use the **vesafb** ROM images. Example filename: -**libreboot\_ukdvorak\_vesafb.rom**. +In most cases, you should use the **vesafb** ROM images. An example filename would be **libreboot\_ukdvorak\_vesafb.rom**. ### Parabola Won't Boot in Text-Mode -Use one of the ROM images with vesafb in the filename (uses coreboot -framebuffer instead of text-mode). +Use one of the ROM images with `vesafb` in the filename (uses Coreboot framebuffer, instead of `text-mode`). ### debian-installer Graphical Corruption in Text-Mode (Debian and Devuan) -When using the ROM images that use Coreboot's "text mode" instead of -the coreboot framebuffer, booting the Debian or Devuan net installer -results in graphical corruption, because it is trying to switch to a -framebuffer, which doesn't exist. Use that kernel parameter on the -`linux` line, when booting it: +When using the ROM images that use Coreboot's `text mode`, instead of the Coreboot framebuffer, booting the Debian or Devuan net installer results in graphical corruption, because it is trying to switch to a framebuffer, which doesn't exist. Use that kernel parameter on the `linux` line, when booting it: - vga=normal fb=false + vga=normal fb=false -This forces debian-installer to start in text-mode, instead of trying to -switch to a framebuffer. +This forces debian-installer to start in `text-mode`, instead of trying to switch to a framebuffer. -If selecting text-mode from a GRUB menu created using the ISOLINUX -parser, you can press `E` on the menu entry to add this. Or, if you are -booting manually (from GRUB terminal), then just add the parameters. +If selecting `text-mode` from a GRUB menu created using the ISOLINUX parser, you can press `E` on the menu entry to add this. Or, if you are booting manually (from GRUB terminal), then just add the parameters. -This workaround was found on the [Debian site](https://www.debian.org/releases/stable/i386/ch05s04.html). It should also work for Devuan, and any other `apt-get` distro that provides the debian-installer (text mode) net install method. +This workaround was found on the [Debian site](https://www.debian.org/releases/stable/i386/ch05s04.html). It should also work for Devuan, and any other `apt-get` distro that provides the debian-installer (i.e., text-mode) net install method. Copyright © 2014, 2015, 2016 Leah Rowe <info@minifree.org> @@ -186,10 +133,4 @@ Copyright © 2016 Scott Bonds <scott@ggr.com> Copyright © 2017 Elijah Smith <esmith1412@posteo.net> -Permission is granted to copy, distribute and/or modify this document -under the terms of the GNU Free Documentation License Version 1.3 or any later -version published by the Free Software Foundation -with no Invariant Sections, no Front Cover Texts, and no Back Cover Texts. -A copy of this license is found in [../fdl-1.3.md](../fdl-1.3.md) - - +Permission is granted to copy, distribute and/or modify this document under the terms of the GNU Free Documentation License Version 1.3 or any later version published by the Free Software Foundation with no Invariant Sections, no Front Cover Texts, and no Back Cover Texts. A copy of this license is found in [../fdl-1.3.md](../fdl-1.3.md) diff --git a/docs/gnulinux/grub_cbfs.md b/docs/gnulinux/grub_cbfs.md index d3222e66..5283b4fc 100644 --- a/docs/gnulinux/grub_cbfs.md +++ b/docs/gnulinux/grub_cbfs.md @@ -24,18 +24,18 @@ However, both ways will require us to download the Libreboot Utility Archive. ### Download the Libreboot Utility Archive The Libreboot Utility Archive contains the programs that we'll need to get our **grubtest.cfg** file. The latest release of the Libreboot Utility Archive -can be downloaded from libreboot.org, [here](https://www.mirrorservice.org/sites/libreboot.org/release/stable/20160907/libreboot_r20160907_util.tar.xz). +can be downloaded [from libreboot.org](https://www.mirrorservice.org/sites/libreboot.org/release/stable/20160907/libreboot_r20160907_util.tar.xz). The quickest way to download it would be to use the `wget` program, which (if you don't know) allows you to download files from the internet. If you don't already have it installed, you can install it, using the `apt-get` command (in Debian-based distributions): - $ sudo apt-get install wget + $ sudo apt-get install wget You can install it in Arch-based systems, using `pacman`: - $ sudo pacman -S wget + $ sudo pacman -S wget Once you've installed `wget`, use it to download the file, simply by passing it the URL as an argument; you can save the file anywhere, @@ -43,23 +43,23 @@ but for the purpose of this guide, save it in **~/Downloads** (your **Home** directory's downloads folder). First, change the current working directory to **~/Downloads**: - $ cd ~/Downloads + $ cd ~/Downloads This guide assumes you are using the **20160907** version of Libreboot; if using a different version, modify the following commands accordingly: - $ wget https://www.mirrorservice.org/sites/libreboot.org/release/stable/20160907/\ - >libreboot_r20160907_util.tar.xz + $ wget https://www.mirrorservice.org/sites/libreboot.org/release/stable/20160907/\ + >libreboot_r20160907_util.tar.xz After the file is downloaded, use the `tar` command to extract its contents: - $ tar -xf libreboot_r20160907_util.tar.xz + $ tar -xf libreboot_r20160907_util.tar.xz After extraction, the folder will have the same name as the archive: in this case, **libreboot\_r20160907\_util**. For simplicity's sake, we'll rename it **libreboot\_util**, using the `mv` command: - $ mv "libreboot_r20160907_util" "libreboot_util" + $ mv "libreboot_r20160907_util" "libreboot_util" Now you have the folder with all the utilities necessary to read and modify the contents of the ROM. @@ -78,11 +78,11 @@ You could also compile both of these utilities; see [How to Build flashrom](../g `flashrom` is also available from the repositories; if using an Arch-based distribution, use `pacman`: - $ sudo pacman -S flashrom + $ sudo pacman -S flashrom Or, if you have a Debian-based distribution, use `apt-get`: - $ sudo apt-get install flashrom + $ sudo apt-get install flashrom ### Get the ROM Image You can either work directly with one of the ROM images already included @@ -93,7 +93,7 @@ image file is named **libreboot.rom**, so please make sure to adapt. There are two ways to get a pre-compiled ROM image: #### 1. Download a Pre-Compiled Image from the Libreboot Website -For the current release, **20160907**, they can be found [here](https://www.mirrorservice.org/sites/libreboot.org/release/stable/20160907/rom/grub/); +For the current release, **20160907**, they can be found [on a Libreboot mirror](https://www.mirrorservice.org/sites/libreboot.org/release/stable/20160907/rom/grub/); please adopt this guide, if using a different version of Libreboot. You also need to make sure that you select both the correct ROM for the device you're using, @@ -102,12 +102,12 @@ variable flash chip sizes only apply for the Thinkpads that Libreboot supports ( You can find the flash chip size, by running the following command: - # flashrom -p internal -V + # flashrom -p internal -V Look for a line like this: - Found Macronix flash chip "MX25L6406E/MX25L6408E" (8192 kB, SPI) \ - mapped at physical address 0x00000000ff800000. + Found Macronix flash chip "MX25L6406E/MX25L6408E" (8192 kB, SPI) \ + mapped at physical address 0x00000000ff800000. Running this command on my Thinkpad X200 gives me the above result, so I know that my flash chip size is **8mb**. @@ -118,30 +118,30 @@ to download the correct ROM images for that model. First, we're going to navigate to the **libreboot\_util** folder: - $ cd ~/Downloads/libreboot_util/ + $ cd ~/Downloads/libreboot_util/ Then, we will download the ROM images, using `wget`: - $ wget https://www.mirrorservice.org/sites/libreboot.org/release/stable/\ - 20160907/rom/grub/libreboot_r20160907_grub_x200_8mb.tar.xz + $ wget https://www.mirrorservice.org/sites/libreboot.org/release/stable/\ + >20160907/rom/grub/libreboot_r20160907_grub_x200_8mb.tar.xz Extract the archive, using `tar`: - $ tar -xf libreboot_r20160907_grub_x200_8mb.tar.xz + $ tar -xf libreboot_r20160907_grub_x200_8mb.tar.xz Navigate to the directory that you just created: - $ cd libreboot_r20160907_grub_x200_8mb + $ cd libreboot_r20160907_grub_x200_8mb Now that we are in the archive, we must choose the correct ROM image. To figure out the correct image, we must first parse the filenames for each ROM. For example, for the file named **x200_8mb_usqwerty_vesafb.rom**: - Model Name: x200 - Flash Chip Size: 8mb - Country: us - Keyboard Layout: qwerty - ROM Type: vesafb or txtmode + Model Name: x200 + Flash Chip Size: 8mb + Country: us + Keyboard Layout: qwerty + ROM Type: vesafb or txtmode Since I am using a QWERTY keyboard, I will ignore all the non-QWERTY options. Note that there are two types of ROMs: **vesafb** and **txtmode**; @@ -152,19 +152,19 @@ used by coreboot native graphics initialization. I'll choose **x200_8mb_usqwerty_vesafb.rom**; I'll copy the file (to the `cbfstool` directory), and rename it with one command: - $ mv "x200_8mb_usqwerty_vesafb.rom" ../cbfstool/x86_64/cbfstool/x86_64/libreboot.rom + $ mv "x200_8mb_usqwerty_vesafb.rom" ../cbfstool/x86_64/cbfstool/x86_64/libreboot.rom #### 2. Create an Image from the Current ROM The simpler way to get a ROM image is to just create it from your current ROM, using `flashrom`, making sure to save it in the `cbfstool` folder, inside **libreboot\_util**: - $ sudo flashrom -p internal -r ~/Downloads/libreboot_util/cbfstool/\ - x86_64/cbfstool/x86_64/libreboot.rom + $ sudo flashrom -p internal -r ~/Downloads/libreboot_util/cbfstool/\ + >x86_64/cbfstool/x86_64/libreboot.rom If you are told to specify the chip, add the option `-c {your chip}` to the command, like this: - $ sudo flashrom -c MX25L6405 -p internal -r ~/Downloads/libreboot_util/\ - cbfstool/x86_64/cbfstool/x86_64/libreboot.rom + $ sudo flashrom -c MX25L6405 -p internal -r ~/Downloads/libreboot_util/\ + >cbfstool/x86_64/cbfstool/x86_64/libreboot.rom Now you are ready to extract the GRUB configuration files from the ROM, and modify them the way you want. @@ -173,12 +173,12 @@ Now you are ready to extract the GRUB configuration files from the ROM, and modi You can check the contents of the ROM image, inside CBFS, using `cbfstool`. First, navigate to the cbfstool folder: - $ cd ~/Downloads/libreboot_util/cbfstool/x86_64/cbfstool/x86_64/ + $ cd ~/Downloads/libreboot_util/cbfstool/x86_64/cbfstool/x86_64/ Then, run the `cbfstool` commmand, with the `print` option; this will display a list of all the files located in the ROM: - $ ./cbfstool libreboot.rom print + $ ./cbfstool libreboot.rom print You should see **grub.cfg** and **grubtest.cfg** in the list. **grub.cfg** is loaded by default, with a menu entry for switching to **grubtest.cfg**. In @@ -187,7 +187,7 @@ reduce the possibility of bricking your device, so *DO NOT SKIP THIS!* Extract (i.e., get a copy of ) **grubtest.cfg** from the ROM image: - $ ./cbfstool libreboot.rom extract -n grubtest.cfg -f grubtest.cfg + $ ./cbfstool libreboot.rom extract -n grubtest.cfg -f grubtest.cfg By default `cbfstool` will extract files to the current working directory; so, **grubtest.cfg** should appear in the same folder as **libreboot.rom**. @@ -199,27 +199,27 @@ or the one located in the ROM, the modifications will be the same. Once the file is open, look for the following line (it will be towards the bottom of the file): - menuentry 'Load Operating System [o]' --hotkey='o' --unrestricted + menuentry 'Load Operating System [o]' --hotkey='o' --unrestricted After this line, there will be an opening bracket **{**, followed by a several lines of code, and then a closing bracket **}**; delete everything that is between those two brackets, and replace it with the following code, if you're using an Arch-based disribution (e.g., Parabola GNU+Linux-Libre): - cryptomount -a - set root='lvm/matrix-root' - linux /boot/vmlinuz-linux-libre root=/dev/matrix/root cryptdevice=/dev/sda1:root \ - cryptkey=rootfs:/etc/mykeyfile - initrd /boot/initramfs-linux-libre.img + cryptomount -a + set root='lvm/matrix-root' + linux /boot/vmlinuz-linux-libre root=/dev/matrix/root cryptdevice=/dev/sda1:root \ + cryptkey=rootfs:/etc/mykeyfile + initrd /boot/initramfs-linux-libre.img Or, replace it with this, if you are using a Debian-based distribution (e.g., Trisquel GNU+Linux): - cryptomount -a - set root='lvm/matrix-rootvol' - linux /vmlinuz root=/dev/mapper/matrix-rootvolcryptdevice=/dev/mapper/matrix-rootvol:root - initrd /initrd.img + cryptomount -a + set root='lvm/matrix-rootvol' + linux /vmlinuz root=/dev/mapper/matrix-rootvolcryptdevice=/dev/mapper/matrix-rootvol:root + initrd /initrd.img Remember, that these names come from the instructions to install GNU+Linux -on Libreboot systems, located [here](index.md). If you followed different instructions, +on Libreboot systems, located [in the docs](index.md). If you followed different instructions, (or for some other reason, used different names), simply put the names of your **root** and **swap** volumes, in place of the ones used here. @@ -243,8 +243,8 @@ the main storage for **/boot/grub/libreboot\_grub.cfg** or **/grub/libreboot\_gr Therefore, we need to either copy **libreboot\_grub.cfg** to **/grub**, or to **/boot/grub**: - $ sudo cp ~/Downloads/libreboot_util/cbfstool/x86_64/cbfstool/x86_64/grubtest.cfg \ - >/boot/grub # or /grub + $ sudo cp ~/Downloads/libreboot_util/cbfstool/x86_64/cbfstool/x86_64/grubtest.cfg \ + >/boot/grub # or /grub Now, the next time we boot our computer, GRUB (in Libreboot) will automatically switch to this configuration file. *This means that you do not have to re-flash, @@ -259,11 +259,11 @@ Now that you have the modified **grubtest.cfg**, we need to remove the old **grubtest.cfg** from the ROM, and put in our new one. To remove the old one, we will use `cbfstool`: - $ ./cbfstool libreboot.rom remove -n grubtest.cfg + $ ./cbfstool libreboot.rom remove -n grubtest.cfg Then, add the new one to the ROM: - $ ./cbfstool libreboot.rom add -n grubtest.cfg -f grubtest.cfg -t raw + $ ./cbfstool libreboot.rom add -n grubtest.cfg -f grubtest.cfg -t raw #### Change MAC address in ROM The last step before flashing the new ROM, is to change the MAC address inside it. @@ -286,12 +286,12 @@ and look for a set of characters like this: `00:f3:f0:45:91:fe`. Next, you need to move **libreboot.rom** to the following folder; this is where the executable for `ich9gen` is located: - $ mv libreboot.rom ~/Downloads/libreboot_r20160907_util/ich9deblob/ + $ mv libreboot.rom ~/Downloads/libreboot_r20160907_util/ich9deblob/x86_64 Once there, run the following command, making sure to use your own MAC address, instead of what's written below: - $ ./ich9gen --macaddress XX:XX:XX:XX:XX:XX + $ ./ich9gen --macaddress XX:XX:XX:XX:XX:XX Three new files will be created: @@ -304,11 +304,11 @@ if your flash chip size is **8mb**, you'll want to use **ich9fdgbe_8m.bin**. Now, insert this file (called the `descriptor+gbe`) into the ROM image, using `dd`: - dd if=ich9fdgbe_8m.bin of=libreboot.rom bs=1 count=12k conv=notrunc + $ dd if=ich9fdgbe_8m.bin of=libreboot.rom bs=1 count=12k conv=notrunc Move **libreboot.rom** back to the **libreboot\_util** directory: - $ mv libreboot.rom ~/Downloads/libreboot_util + $ mv libreboot.rom ~/Downloads/libreboot_util You are finally ready to flash the ROM! @@ -316,18 +316,18 @@ You are finally ready to flash the ROM! The last step of flashing the ROM requires us to change our current working directory to **libreboot\_util**: - $ cd ~/Downloads/libreboot_util + $ cd ~/Downloads/libreboot_util Now, all we have to do is use the `flash` script in this directory, with the `update` option, using **libreboot.rom** as the argument: - $ sudo ./flash update libreboot.rom + $ sudo ./flash update libreboot.rom Ocassionally, coreboot changes the name of a given board. If `flashrom` complains about a board mismatch, but you are sure that you chose the correct ROM image, then run this alternative command: - $ sudo ./flash forceupdate libreboot.rom + $ sudo ./flash forceupdate libreboot.rom You will see the `flashrom` program running for a little while, and you might see errors, but if it says `Verifying flash... VERIFIED` at the end, then it’s flashed, @@ -354,11 +354,11 @@ of **grubtest.cfg**, called **grub.cfg**. First, go to the `cbfstool` directory: - $ cd ~/Downloads/libreboot_util/cbfstool/x86_64/cbfstool/x86_64/ + $ cd ~/Downloads/libreboot_util/cbfstool/x86_64/cbfstool/x86_64/ Then, create a copy of **grubest.cfg**, named **grub.cfg**: - $ cp grubtest.cfg ./grub.cfg + $ cp grubtest.cfg ./grub.cfg Now you will use the `sed` command to make several changes to the file: the menu entry `'Switch to grub.cfg'` will be changed to `Switch to grubtest.cfg`, @@ -367,25 +367,25 @@ This is so that the main configuration still links (in the menu) to **grubtest.c so that you don't have to manually switch to it, in case you ever want to follow this guide again in the future (modifying the already modified config).: - $ sed -e 's:(cbfsdisk)/grub.cfg:(cbfsdisk)/grubtest.cfg:g' -e \ - >'s:Switch to grub.cfg:Switch to grubtest.cfg:g' < grubtest.cfg > \ - >grub.cfg + $ sed -e 's:(cbfsdisk)/grub.cfg:(cbfsdisk)/grubtest.cfg:g' -e \ + >'s:Switch to grub.cfg:Switch to grubtest.cfg:g' < grubtest.cfg > \ + >grub.cfg Move **libreboot.rom** from **libreboot\_util** to your current directory: - $ mv ~/Downloads/libreboot_util/libreboot.rom . + $ mv ~/Downloads/libreboot_util/libreboot.rom . Delete the **grub.cfg** that's already inside the ROM: - $ ./cbfstool libreboot.rom remove -n grub.cfg + $ ./cbfstool libreboot.rom remove -n grub.cfg Add your modified **grub.cfg** to the ROM: - $ ./cbfstool libreboot.rom add -n grub.cfg -f grub.cfg -t raw + $ ./cbfstool libreboot.rom add -n grub.cfg -f grub.cfg -t raw Move **libreboot.rom** back to **libreboot\_util**: - $ mv libreboot.rom ../.. + $ mv libreboot.rom ../.. If you don't remember how to flash it, refer back to the *Flash Updated ROM Image*, above; it's the same method as you used before. Afterwards, reboot the machine with your new configuration. diff --git a/docs/gnulinux/index.md b/docs/gnulinux/index.md index fac3006a..f8738d4a 100644 --- a/docs/gnulinux/index.md +++ b/docs/gnulinux/index.md @@ -2,24 +2,29 @@ title: GNU+Linux Installation Instructions ... -This section explains how to deal with various GNU+Linux distributions -in Libreboot (e.g., Creating bootable USB drives, Installing Operating Systems, -Changing the default GRUB menu, etc.). +This section explains how to deal with various operating systems (both GNU+Linux and non-GNU+Linux) in Libreboot (e.g., Creating bootable USB drives, Installing Operating Systems, Changing the default GRUB menu, etc.). -**NOTE: This section is only for the GRUB payload. For depthcharge -(used on CrOS devices in libreboot), instructions have yet to be written.** +**NOTE: This section is only for the GRUB payload. For the depthcharge payload (used on CrOS devices, like the ASUS C201 Chromebook), instructions have yet to be written.** -- [How to Install GNU+Linux on a Libreboot System](grub_boot_installer.md) +Libreboot uses the GRUB payload by default, which means that the GRUB configuration file (where your GRUB menu comes from) is stored directly alongside Libreboot and its GRUB payload executable, inside the flash chip. In context, this means that installing distributions and managing them is handled slightly differently compared to traditional BIOS systems. -- [Modifying the GRUB Configuration in Libreboot Systems](grub_cbfs.md) +On most systems, **/boot** (the folder that contains all the files needed for your operating system to boot) has to be on its own partition, and left unencrypted (while the other partitions are encrypted); this is so that GRUB (and therefore the kernel) can be loaded and executed, since traditional firmware can't open a LUKS volume. -- [Installing Parabola or Arch Gnu+Linux-Libre, with Full-Disk Encryption (including /boot)](encrypted_parabola.md) - - - Follow-Up Tutorial: [Configuring Parabola (Post-Install)](configuring_parabola.md) +However, with Libreboot, GRUB is already included directly (as a payload), so even **/boot** can be encrypted; this protects **/boot** from tampering by someone with physical access to the machine. -- [Installing Debian or Devuan GNU+Linux-Libre, with Full-Disk Encryption (including /boot)](encrypted_debian.md) +- [How to Prepare and Boot a USB Installer in Libreboot Systems](grub_boot_installer.md) -- [How to Harden Your GRUB Configuration, for Security](grub_hardening.md) +- [Modifying the GRUB Configuration in Libreboot Systems](grub_cbfs.md) + +- [Installing Parabola or Arch GNU+Linux-Libre, with Full-Disk Encryption (including /boot)](encrypted_parabola.md) + + - Follow-Up Tutorial: [Configuring Parabola (Post-Install)](configuring_parabola.md) + +- [Installing Trisquel GNU+Linux-Libre, with Full-Disk Encryption (including /boot)](encrypted_trisquel.md) + +- [Installing Debian or Devuan GNU+Linux-Libre, with Full-Disk Encryption (including /boot)](encrypted_debian.md) + +- [How to Harden Your GRUB Configuration, for Security](grub_hardening.md) Copyright © 2014, 2015 Leah Rowe <info@minifree.org> @@ -30,4 +35,3 @@ under the terms of the GNU Free Documentation License Version 1.3 or any later version published by the Free Software Foundation with no Invariant Sections, no Front Cover Texts, and no Back Cover Texts. A copy of this license is found in [../fdl-1.3.md](../fdl-1.3.md) - diff --git a/docs/hardware/c201.md b/docs/hardware/c201.md index f827465e..f268e6f6 100644 --- a/docs/hardware/c201.md +++ b/docs/hardware/c201.md @@ -73,21 +73,21 @@ supported by Libreboot. Caution: Video acceleration requires a non-free blob, software rendering can be used instead. ============================================================================================= -The Tamil driver source code for the onboard Mali T GPU is not released. -The developer has so-far withheld it. Until that is released, the only -way to use video (in freedom) on this laptop is to not have video -acceleration, by making sure not to install the relevant blob. Most -tasks can still be performed without video acceleration, without any -noticeable performance penalty. +The C201 has a Mali T GPU, which requires a non-free blob. A driver, +Tamil, was written, but its source code has not been released. The +developer has so-far [withheld +it](http://libv.livejournal.com/27461.html). Use software rendering to +avoid the blob instead. Most tasks can still be performed without video +acceleration, without any noticeable performance penalty. In practise, this means that certain things like games, blender and GNOME shell (or other fancy desktops) won't work well. The libreboot project recommends a lightweight desktop which does not need video acceleration, such as *XFCE* or *LXDE*. -The Tamil developer wrote this blog post, which sheds light on the -story: -[http://libv.livejournal.com/27461.html,http://libv.livejournal.com/27461.html](http://libv.livejournal.com/27461.html). +As it is unlikely that Tamil will be released, the +[chai](https://notabug.org/cafe/chai) project is writing a driver as +well. Ask on IRC if you think you can contribute. Caution: WiFi requires a non-free blob, a USB dongle can be used instead. ========================================================================= @@ -99,7 +99,7 @@ The libreboot project recommends using an external USB wifi dongle that works with free software. See [\#recommended\_wifi](./#recommended_wifi). -There are 2 companies (endorsed by Creative Commons, under their +There are 2 companies (endorsed by Free Software Foundation, under their *Respects your Freedom* guidelines), that sell USB WiFi dongles guaranteed to work with free software (i.e. linux-libre kernel): diff --git a/docs/hardware/gm45_remove_me.md b/docs/hardware/gm45_remove_me.md index ad969919..f7ddfe55 100644 --- a/docs/hardware/gm45_remove_me.md +++ b/docs/hardware/gm45_remove_me.md @@ -90,21 +90,15 @@ file to where **libreboot.rom** is located and then insert the descriptor+gbe file into the ROM image.\ For 16MiB flash chips: - # dd if=ich9fdgbe_16m.bin of=libreboot.rom bs=1 count=12k - -conv=notrunc + # dd if=ich9fdgbe_16m.bin of=libreboot.rom bs=12k count=1 conv=notrunc For 8MiB flash chips: - # dd if=ich9fdgbe_8m.bin of=libreboot.rom bs=1 count=12k - -conv=notrunc + # dd if=ich9fdgbe_8m.bin of=libreboot.rom bs=12k count=1 conv=notrunc For 4MiB flash chips: - # dd if=ich9fdgbe_4m.bin of=libreboot.rom bs=1 count=12k - -conv=notrunc + # dd if=ich9fdgbe_4m.bin of=libreboot.rom bs=12k count=1 conv=notrunc Your libreboot.rom image is now ready to be flashed on the system. Refer back to [../install/\#flashrom](../install/#flashrom) for how to flash @@ -116,20 +110,20 @@ Write-protecting the flash chip Look in *resources/utilities/ich9deblob/src/descriptor/descriptor.c* for the following lines in the *descriptorHostRegionsUnlocked* function: - descriptorStruct.masterAccessSection.flMstr1.fdRegionWriteAccess = 0x1; - descriptorStruct.masterAccessSection.flMstr1.biosRegionWriteAccess = 0x1; - descriptorStruct.masterAccessSection.flMstr1.meRegionWriteAccess = 0x1; - descriptorStruct.masterAccessSection.flMstr1.gbeRegionWriteAccess = 0x1; - descriptorStruct.masterAccessSection.flMstr1.pdRegionWriteAccess = 0x1; + descriptorStruct.masterAccessSection.flMstr1.fdRegionWriteAccess = 0x1; + descriptorStruct.masterAccessSection.flMstr1.biosRegionWriteAccess = 0x1; + descriptorStruct.masterAccessSection.flMstr1.meRegionWriteAccess = 0x1; + descriptorStruct.masterAccessSection.flMstr1.gbeRegionWriteAccess = 0x1; + descriptorStruct.masterAccessSection.flMstr1.pdRegionWriteAccess = 0x1; Also look in *resources/utilities/ich9deblob/src/ich9gen/mkdescriptor.c* for the following lines: - descriptorStruct.masterAccessSection.flMstr1.fdRegionWriteAccess = 0x1; /* see ../descriptor/descriptor.c */ - descriptorStruct.masterAccessSection.flMstr1.biosRegionWriteAccess = 0x1; /* see ../descriptor/descriptor.c */ - descriptorStruct.masterAccessSection.flMstr1.meRegionWriteAccess = 0x1; /* see ../descriptor/descriptor.c */ - descriptorStruct.masterAccessSection.flMstr1.gbeRegionWriteAccess = 0x1; /* see ../descriptor/descriptor.c */ - descriptorStruct.masterAccessSection.flMstr1.pdRegionWriteAccess = 0x1; /* see ../descriptor/descriptor.c */ + descriptorStruct.masterAccessSection.flMstr1.fdRegionWriteAccess = 0x1; /* see ../descriptor/descriptor.c */ + descriptorStruct.masterAccessSection.flMstr1.biosRegionWriteAccess = 0x1; /* see ../descriptor/descriptor.c */ + descriptorStruct.masterAccessSection.flMstr1.meRegionWriteAccess = 0x1; /* see ../descriptor/descriptor.c */ + descriptorStruct.masterAccessSection.flMstr1.gbeRegionWriteAccess = 0x1; /* see ../descriptor/descriptor.c */ + descriptorStruct.masterAccessSection.flMstr1.pdRegionWriteAccess = 0x1; /* see ../descriptor/descriptor.c */ NOTE: When you write-protect the flash chip, re-flashing is no longer possible unless you use dedicated external equipment, which also means @@ -206,13 +200,12 @@ Assuming that your libreboot image is named **libreboot.rom**, copy the **deblobbed\_descriptor.bin** file to where **libreboot.rom** is located and then run: - # dd if=deblobbed_descriptor.bin of=libreboot.rom bs=1 count=12k - -conv=notrunc + # dd if=deblobbed_descriptor.bin of=libreboot.rom bs=12k count=1 conv=notrunc Alternatively, if you got a the **deblobbed\_4kdescriptor.bin** file (no -GbE defined), do this: \$ **dd if=deblobbed\_4kdescriptor.bin -of=libreboot.rom bs=1 count=4k conv=notrunc** +GbE defined), do this: + + # dd if=deblobbed_4kdescriptor.bin of=libreboot.rom bs=4k count=1 conv=notrunc The utility will also generate 4 additional files: @@ -251,9 +244,7 @@ It will generate a 4KiB descriptor file (only the descriptor, no GbE). Insert that into a factory.rom image (NOTE: do this on a copy of it. Keep the original factory.rom stored safely somewhere): - # dd if=demefactory_4kdescriptor.bin of=factory_nome.rom bs=1 - -count=4k conv=notrunc + # dd if=demefactory_4kdescriptor.bin of=factory_nome.rom bs=4k count=1 conv=notrunc TODO: test this.\ TODO: lenovobios (GM45 thinkpads) still write-protects parts of the diff --git a/docs/hardware/index.md b/docs/hardware/index.md index 5f54675e..5fefdff3 100644 --- a/docs/hardware/index.md +++ b/docs/hardware/index.md @@ -229,6 +229,8 @@ this.* Tested LCD panels: (working) +- IDtech N141XC (14.1" 1024x768) +- TMD-Toshiba LTD141ECMB (14.1" 1024x768) - TMD-Toshiba LTD141EN9B (14.1" 1400x1050) (FRU P/N 41W1478 recommended for the inverter board) - Samsung LTN141P4-L02 (14.1" 1400x1050) (FRU P/N 41W1478 recommended for the @@ -260,9 +262,7 @@ Tested LCD panels: *not working yet (incompatible; see *The following LCD panels are untested. If you have one of these panels then please submit a report!*: -- CMO(IDtech?) N141XC (14.1" 1024x768) - BOE-Hydis HT14X14 (14.1" 1024x768) -- TMD-Toshiba LTD141ECMB (14.1" 1024x768) - Boe-Hydis HT14P12 (14.1" 1400x1050) (FRU P/N 41W1478 recommended for the inverter board) - CMO (IDtech?) 13N7068 (15.1" 1024x768) @@ -466,7 +466,7 @@ right is the keypad enter. We can make it act as an AltGr. If your operating system is Trisquel or other dpkg-based distribution, there is an easy solution. Under root (or sudo) run - # dpkg-reconfigure keyboard-configuration + # dpkg-reconfigure keyboard-configuration and select the option "apple laptop", leave other settings as their defaults until you are given the option "Use Keypad Enter as @@ -477,7 +477,7 @@ everywhere. For Parabola or other systemd-based distributions you can enable AltGr manually. Simply add the line - KEYMAP_TOGGLE=lv3:enter_switch + KEYMAP_TOGGLE=lv3:enter_switch to the file /etc/vconsole.conf and then restart the computer. diff --git a/docs/hardware/kgpe-d16.md b/docs/hardware/kgpe-d16.md index e14c447d..45b1ae6c 100644 --- a/docs/hardware/kgpe-d16.md +++ b/docs/hardware/kgpe-d16.md @@ -10,6 +10,7 @@ work), merged into libreboot. *Memory initialization is still problematic, for some modules. We recommend avoiding Kingston modules.* +*For working configurations see <https://www.coreboot.org/Board:asus/kgpe-d16>.* Flashing instructions can be found at [../install/\#flashrom](../install/#flashrom) - note that external @@ -125,7 +126,7 @@ The information here is adapted, from the ASUS website. ### Memory compatibility (with libreboot) - *Total Slots:* 16 (4-channel per CPU, 8 DIMM per CPU), ECC -- *Capacity:* Maximum up to 256GB RDIMM +- *Capacity:* Maximum up to 256GB RDIMM (Tested max 128GB) - *Memory Type that is compatible:* - DDR3 1600/1333/1066/800 UDIMM\* - DDR3 1600/1333/1066/800 RDIMM\* diff --git a/docs/hardware/x200.md b/docs/hardware/x200.md index be4c2a38..c5f535cb 100644 --- a/docs/hardware/x200.md +++ b/docs/hardware/x200.md @@ -42,6 +42,15 @@ only replaces the BIOS firmware, not EC. Updated EC firmware has several advantages e.g. bettery battery handling. +Battery Recall {#batteryrecall} +========= +[On 21 April 2015, Lenovo expanded a recall on Lenovo batteries found in some ThinkPad models, which includes the X200 and X200S.](https://pcsupport.lenovo.com/cr/en/solutions/hf004122) +To find out if you are affected, use [this Lenovo tool.](https://lenovobattery2014.orderz.com/) +Lenovo advises that owners of the recalled models "should turn off the system, remove the battery, +and only power your ThinkPad by plugging in the AC adapter and power cord." +Upon battery verification, Lenovo will replace recalled batteries free of charge. +Battery replacement instructions for the X200/X200s are found [on this page.](https://pcsupport.lenovo.com/cr/en/parts/pd003507/) + Compatibility (without blobs) {#compatibility_noblobs} ----------------------------- diff --git a/docs/install/bbb_setup.md b/docs/install/bbb_setup.md index 18f0c7be..94cfdc0b 100644 --- a/docs/install/bbb_setup.md +++ b/docs/install/bbb_setup.md @@ -40,7 +40,7 @@ Shopping list (pictures of this hardware is shown later): (rev. C) is highly recommended. You can buy one from [Adafruit](https://www.adafruit.com) (USA), [ElectroKit](http://electrokit.com) (Sweden) or any of the - distributors listed [here](http://beagleboard.org/black) (look below + distributors listed on [BeagleBoard's website](http://beagleboard.org/black) (look below 'Purchase'). We recommend this product because we know that it works well for our purposes and doesn't require any non-free software. @@ -328,7 +328,10 @@ PSU to pin 2 on the BBB (P9 header). It is safe to install this now should.* if you need to extend the 3.3v psu leads, just use the same colour M-F -leads, *but* keep all other leads short (10cm or less) +leads, *but* keep all other leads short and equal length (30cm or less). +Keep in mind that length isn't inversely proportional to signal quality, +so trying out different lengths will yield different results. +Same goes for spispeed. You should now have something that looks like this:\ ![](images/x200/5252_bbb0.jpg) ![](images/x200/5252_bbb1.jpg) diff --git a/docs/install/images/rpi/0003.png b/docs/install/images/rpi/0003.png Binary files differindex fa090cf1..c7a3b9b2 100644 --- a/docs/install/images/rpi/0003.png +++ b/docs/install/images/rpi/0003.png diff --git a/docs/install/images/rpi/0009.png b/docs/install/images/rpi/0009.png Binary files differindex d3293069..130536b0 100644 --- a/docs/install/images/rpi/0009.png +++ b/docs/install/images/rpi/0009.png diff --git a/docs/install/images/rpi/0010.png b/docs/install/images/rpi/0010.png Binary files differindex e989afa4..312888e9 100644 --- a/docs/install/images/rpi/0010.png +++ b/docs/install/images/rpi/0010.png diff --git a/docs/install/images/rpi/0011.png b/docs/install/images/rpi/0011.png Binary files differindex fa090cf1..c7a3b9b2 100644 --- a/docs/install/images/rpi/0011.png +++ b/docs/install/images/rpi/0011.png diff --git a/docs/install/images/rpi/0012.png b/docs/install/images/rpi/0012.png Binary files differindex d3293069..130536b0 100644 --- a/docs/install/images/rpi/0012.png +++ b/docs/install/images/rpi/0012.png diff --git a/docs/install/images/rpi/0013.png b/docs/install/images/rpi/0013.png Binary files differindex e989afa4..312888e9 100644 --- a/docs/install/images/rpi/0013.png +++ b/docs/install/images/rpi/0013.png diff --git a/docs/install/images/x200/disassembly/0007.jpg b/docs/install/images/x200/disassembly/0007.jpg Binary files differdeleted file mode 100644 index 68bfb28a..00000000 --- a/docs/install/images/x200/disassembly/0007.jpg +++ /dev/null diff --git a/docs/install/images/x200/x200_soic16.jpg b/docs/install/images/x200/x200_soic16.jpg Binary files differnew file mode 100644 index 00000000..345a04d7 --- /dev/null +++ b/docs/install/images/x200/x200_soic16.jpg diff --git a/docs/install/images/x200/x200_soic8.jpg b/docs/install/images/x200/x200_soic8.jpg Binary files differnew file mode 100644 index 00000000..59adfabd --- /dev/null +++ b/docs/install/images/x200/x200_soic8.jpg diff --git a/docs/install/index.md b/docs/install/index.md index 70dd554e..f2a70112 100644 --- a/docs/install/index.md +++ b/docs/install/index.md @@ -264,13 +264,13 @@ executables from the libreboot source code archives. How to update the flash chip contents: - $ sudo ./flash update [yourrom.rom](#rom) +`$ sudo ./flash update `[`yourrom.rom`](#rom) Ocassionally, coreboot changes the name of a given board. If flashrom complains about a board mismatch, but you are sure that you chose the correct ROM image, then run this alternative command: - $ sudo ./flash forceupdate [yourrom.rom](#rom) + `$ sudo ./flash forceupdate `[`yourrom.rom`](#rom) You should see `Verifying flash... VERIFIED.` written at the end of the flashrom output. *Shut down* after you see this, and then boot @@ -303,7 +303,7 @@ the flashing script. do this: * The first half of the procedure is as follows: - $ sudo ./flash i945lenovo\_firstflash [yourrom.rom](#rom). +`$ sudo ./flash i945lenovo_firstflash `[`yourrom.rom`](#rom) You should see within the output the following: @@ -330,13 +330,11 @@ needed (see below). When you have booted up again, you must also do this: - $ sudo ./flash i945lenovo\_secondflash [yourrom.rom](#rom) +`$ sudo ./flash i945lenovo_secondflash `[`yourrom.rom`](#rom) If flashing fails at this stage, try the following: - # sudo ./flashrom/i686/flashrom -p - -internal:laptop=force\_I\_want\_a\_brick -w [yourrom.rom](#rom) +`$ sudo ./flashrom/i686/flashrom -p internal:laptop=force_I_want_a_brick -w `[`yourrom.rom`](#rom) You should see within the output the following: @@ -372,7 +370,7 @@ with your device. Use this flashing script, to install libreboot: - $ sudo ./flash i945apple\_firstflash [yourrom.rom](#rom) +`$ sudo ./flash i945apple_firstflash `[`yourrom.rom`](#rom) You should also see within the output the following: diff --git a/docs/install/t400_external.md b/docs/install/t400_external.md index 58a58e35..d143dafd 100644 --- a/docs/install/t400_external.md +++ b/docs/install/t400_external.md @@ -12,7 +12,7 @@ An ["HMM"](https://download.lenovo.com/ibmdl/pub/pc/pccbbs/mobiles_pdf/43y6629_05.pdf#page=386) (Hardware Maintenance Manual) detailing the process of \[dis\]assembly is available for this model. Be careful when reassembling the laptop as -the screws on page 144 (with title "1130 Keyboard bezel") are swapped +the screws on page 114 (with title "1130 Keyboard bezel") are swapped and if you follow the HMM you will punch a hole through the bezel in the upper right corner. diff --git a/docs/install/x200_external.md b/docs/install/x200_external.md index 6414fe7c..3ff34501 100644 --- a/docs/install/x200_external.md +++ b/docs/install/x200_external.md @@ -17,13 +17,13 @@ GNU+Linux distribution. Flash chip size =============== -Use this to find out: +Run this command on x200 to find out flash chip model and its size: # flashrom -p internal -V The X200S and X200 Tablet will use a WSON-8 flash chip, on the bottom of the motherboard (this requires removal of the motherboard). Not all X200S/X200T are -supported; see [here](../hardware/x200.html#x200s). +supported; see the [hardware](../hardware/x200.html#x200s) page. MAC address =========== @@ -108,9 +108,12 @@ lifting up the left and right side of it:\ ![](images/x200/disassembly/0006.1.jpg) ![](images/x200/disassembly/0006.jpg) +This shows the location of the flash chip, for both SOIC-8 and SOIC-16:\ +![](images/x200/x200_soic16.jpg) +![](images/x200/x200_soic8.jpg) + Lift back the tape that covers a part of the flash chip, and then connect the clip:\ -![](images/x200/disassembly/0007.jpg) ![](images/x200/disassembly/0008.jpg) On pin 2 of the BBB, where you have the ground (GND), connect the ground diff --git a/docs/misc/bbb_ehci.md b/docs/misc/bbb_ehci.md index 6f072154..50801a33 100644 --- a/docs/misc/bbb_ehci.md +++ b/docs/misc/bbb_ehci.md @@ -143,7 +143,7 @@ arm-linux-gnueabihf setup on your *host*. $ cp configs/beaglebone kernel/arch/arm/configs/beaglebone_defconfig - Download the patch from - [here](http://www.coreboot.org/images/8/88/Ehci-debug-gadget-patches.tar.gz) + [coreboot.org](http://www.coreboot.org/images/8/88/Ehci-debug-gadget-patches.tar.gz) - tar -xf Ehci-debug-gadget-patches.tar.gz (will create dir: usbdebug-gadget) - Note that there are two patches (patch\_1 and patch\_2) for each of @@ -228,7 +228,7 @@ one^[2](#___fn2)^ should be = y ^2^ The g\_dbgp module on BeagleBone Black (Rev. C) reports it self as Net20DC, the other options are for older BB(B) - ver1. This is documented -[here](https://johnlewis.ie/coreboot-ehci-debug-gadget-demonstration/) +[on John Lewis's blog](https://johnlewis.ie/coreboot-ehci-debug-gadget-demonstration/) (also tested/verified). Then:\ diff --git a/docs/misc/index.md b/docs/misc/index.md index 912a5b81..02e715d8 100644 --- a/docs/misc/index.md +++ b/docs/misc/index.md @@ -73,6 +73,8 @@ is to add *processor.max\_cstate=2* to the *linux* line in grub.cfg, using [this guide](../gnulinux/grub_cbfs.md). X60/T60: Serial port - how to use (for dock owners) + +[Note: using a grsec enabled kernel will disable the powertop function. ](https://en.wikibooks.org/wiki/Grsecurity/Appendix/Grsecurity_and_PaX_Configuration_Options) =================================================== For the Thinkpad X60 you can use the "UltraBase X6" dock (for the |