From e79bee492f99d89d97931efe5319eed8de5ff036 Mon Sep 17 00:00:00 2001 From: Michael Reed Date: Fri, 14 Jul 2017 18:15:43 -0400 Subject: Do not manually indent code blocks This is a hack, and should really be done with CSS (see next commit). --- docs/gnulinux/configuring_parabola.md | 98 +++++++++++++-------------- docs/gnulinux/encrypted_parabola.md | 94 +++++++++++++------------- docs/gnulinux/encrypted_trisquel.md | 18 ++--- docs/gnulinux/grub_boot_installer.md | 48 +++++++------- docs/gnulinux/grub_cbfs.md | 120 +++++++++++++++++----------------- 5 files changed, 189 insertions(+), 189 deletions(-) (limited to 'docs/gnulinux') diff --git a/docs/gnulinux/configuring_parabola.md b/docs/gnulinux/configuring_parabola.md index 052ba5d9..167f147e 100644 --- a/docs/gnulinux/configuring_parabola.md +++ b/docs/gnulinux/configuring_parabola.md @@ -43,11 +43,11 @@ for setting up the system (I'll go into networking later), just connect your system to a router, via an ethernet cable, and run the following command: - # systemctl start dhcpcd.service + # systemctl start dhcpcd.service You can stop it later (if needed), by using systemd's `stop` option: - # systemctl stop dhcpcd.service + # systemctl stop dhcpcd.service For most people, this should be enough, but if you don't have DHCP enabled on your network, then you should setup your network connection first: @@ -69,7 +69,7 @@ For more information related to `pacman`, review the following articles on the A Parabola is kept up-to-date, using `pacman`. When you are updating Parabola, make sure to refresh the package list, *before* installing any new updates: - # pacman -Syy + # pacman -Syy **NOTE: According to the Wiki,** `-Syy` **is better than** `-Sy` **, because it refreshes the package list (even if it appears to be up-to-date), which can be useful @@ -77,7 +77,7 @@ when switching to another mirror.** Then, actually update the system: - # pacman -Syu + # pacman -Syu **NOTE: Before installing packages with** `pacman -S`**, always update first, using the two commands above.** @@ -130,7 +130,7 @@ non-free firmware inside; it's transparent to you, but the smart data comes from it. Therefore, don't rely on it too much), and then read the Arch wiki [article](https://wiki.archlinux.org/index.php/S.M.A.R.T.) on it, to learn how to use it: - # pacman -S smartmontools + # pacman -S smartmontools ### Cleaning the Package Cache *This section provides a brief overview of how to manage the directory that stores @@ -139,7 +139,7 @@ check out the Arch Wiki guide for [Cleaning the Package Cache](https://wiki.arch Here's how to use `pacman`, to clean out all old packages that are cached: - # pacman -Sc + # pacman -Sc The Wiki cautions that this should be used with care. For example, since older packages are deleted from the repository, if you encounter issues @@ -149,7 +149,7 @@ caches available. Only do this ,if you are sure that you won't need it. The Wiki also mentions this method for removing everything from the cache, including currently installed packages that are cached: - # pacman -Scc + # pacman -Scc This is inadvisable, since it means re-downloading the package again, if you wanted to quickly re-install it. This should only be used when disk @@ -183,11 +183,11 @@ Read the entire document linked to above, and then continue. Add your user with the `useradd` command (self explanatory): - # useradd -m -G wheel -s /bin/bash *your_user_name* + # useradd -m -G wheel -s /bin/bash *your_user_name* Set a password, using `passwd`: - # passwd *your_user_name* + # passwd *your_user_name* Like with the installation of Parabola, use of the [*diceware method*](http://world.std.com/~reinhold/diceware.html) is recommended, for generating secure passphrases. @@ -199,28 +199,28 @@ this will be necessary to flash the ROM later on. Refer to the Arch wiki's [sudo The first step is to install the `sudo` package: - # pacman -S sudo + # pacman -S sudo After installation, we must configure it. To do so, we must modify **/etc/sudoers**. This file must *always* be modified with the `visudo` command. `visudo` can be difficult for beginners to use, so we'll want to edit the file with `nano`, but the trick is that we just can't do this: - # nano /etc/sudoers + # nano /etc/sudoers Because, this will cause us to edit the file directly, which is not the way it was designed to be edited, and could lead to problems with the system. Instead, to temporarily allow us to use `nano` to edit the file, we need to type this into the terminal: - # EDITOR=nano visudo + # EDITOR=nano visudo This will open the **/etc/sudoers** file in `nano`, and we can now safely make changes to it. To give the user we created earlier to ability to use `sudo`, we need to navigate to the end of the file, and add this line on the end: - your_username ALL=(ALL) ALL + your_username ALL=(ALL) ALL Obviously, type in the name of the user you created, instead of **your_username**. Save the file, and exit `nano`; your user now has the ability to use `sudo`. @@ -242,7 +242,7 @@ is an explanation behind the Arch development team's decision to use it. The **manpage** should also help: - # man systemd + # man systemd The section on **unit types** is especially useful. @@ -254,15 +254,15 @@ I will reduce the total size of the journal to 50MiB (that's what the wiki recom Open **/etc/systemd/journald.conf**, and find this line: - #SystemMaxUse= + #SystemMaxUse= Change it to this: - SystemMaxUse=50M + SystemMaxUse=50M Restart `journald`: - # systemctl restart systemd-journald + # systemctl restart systemd-journald The wiki recommends that if the journal gets too large, you can also simply delete (`rm -Rf`) everything inside **/var/log/journald**, but @@ -273,11 +273,11 @@ to delete older records, when the journal size reaches it's limit (according to Finally, the wiki mentions **temporary files**, and the utility for managing them. - # man systemd-tmpfiles + # man systemd-tmpfiles To delete the temporary files, you can use the `clean` option: - # systemd-tmpfiles --clean + # systemd-tmpfiles --clean According to the **manpage**, this *"cleans all files and directories with an age parameter"*. According to the Arch wiki, this reads information @@ -288,7 +288,7 @@ I looked in **/etc/tmpfiles.d/** and found that it was empty on my system. However, **/usr/lib/tmpfiles.d** contained some files. The first one was **etc.conf**, containing information and a reference to this **manpage**: - # man tmpfiles.d + # man tmpfiles.d Read that **manpage**, and then continue studying all the files. @@ -304,16 +304,16 @@ depending on your use case. I enabled it on my system, to see what was in it. Edit **/etc/pacman.conf**, and below the **extra** section add: - [kernels] - Include = /etc/pacman.d/mirrorlist* + [kernels] + Include = /etc/pacman.d/mirrorlist* Now, sync with the newly-added repository: - # pacman -Syy + # pacman -Syy Lastly, list all available packages in this repository: - # pacman -Sl kernels + # pacman -Sl kernels In the end, I decided not to install anything from it, but I kept the repository enabled regardless. @@ -326,20 +326,20 @@ This should be the same as the hostname that you set in **/etc/hostname**, when installing Parabola. You should also do it with `systemd`. If you chose the hostname *parabola*, do it this way: - # hostnamectl set-hostname parabola + # hostnamectl set-hostname parabola This writes the specified hostname to **/etc/hostname**. More information can be found in these **manpages**: - # man hostname - # info hostname - # man hostnamectl + # man hostname + # info hostname + # man hostnamectl Check **/etc/hosts**, to make sure that the hostname that you put in there during installation is still on each line: - 127.0.0.1 localhost.localdomain localhost parabola - ::1 localhost.localdomain localhost parabola + 127.0.0.1 localhost.localdomain localhost parabola + ::1 localhost.localdomain localhost parabola You'll note that I set both lines; the second line is for IPv6. Since more and more ISPs are providing this now, it's good to be have it enabled, just in case. @@ -352,18 +352,18 @@ According to the Arch wiki, [udev](https://wiki.archlinux.org/index.php/Udev) sh the ethernet chipset, and automatically load the driver for it at boot time. You can check this in the **Ethernet controller** section, when running the `lspci` command: - # lspci -v + # lspci -v Look at the remaining sections **Kernel driver in use** and **Kernel modules**. In my case, it was as follows: - Kernel driver in use: e1000e - Kernel modules: e1000e + Kernel driver in use: e1000e + Kernel modules: e1000e Check that the driver was loaded, by issuing `dmesg | grep module_name`. In my case, I did: - # dmesg | grep e1000e + # dmesg | grep e1000e ### Network Device Names According to the Arch wiki guide on [Configuring Network Device Names](https://wiki.archlinux.org/index.php/Configuring_Network#Device_names), @@ -383,7 +383,7 @@ For background information, read [Predictable Network Interface Names](http://ww To show what the device names are for your system, run the following command: - # ls /sys/class/net + # ls /sys/class/net [Changing the device names](https://wiki.archlinux.org/index.php/Configuring_Network#Change_device_name) is possible, but for the purposes of this guide, there is no reason to do it. @@ -408,17 +408,17 @@ The first step is to install [**Xorg**](https://wiki.archlinux.org/index.php/Xor this provides an implementation of the `X Window System`, which is used to provide a graphical intefrace in GNU+Linux: - # pacman -S xorg-server + # pacman -S xorg-server We also need to install the driver for our hardware. Since I am using a Thinkpad X200, I will use `xf86-video-intel`; it should be the same on the other Thinkpads, as well as the Macbook 1,1 and 2,1. - # pacman -S xf86-video-intel + # pacman -S xf86-video-intel For other systems, you can try: - # pacman -Ss xf86-video- | less + # pacman -Ss xf86-video- | less When this is combined with looking at your `lspci` output, you can determine which driver is needed. By default, `Xorg` will revert to `xf86-video-vesa`, @@ -426,7 +426,7 @@ which is a generic driver, and doesn't provide true hardware acceleration. Other drivers (not just video) can be found by looking at the `xorg-drivers` group: - # pacman -Sg xorg-drivers + # pacman -Sg xorg-drivers ### Xorg Keyboard Layout `xorg` uses a different configuration method for keyboard layouts than Parabola, @@ -437,7 +437,7 @@ Check the Arch wiki's article on [Xorg's keyboard configuration](https://wiki.ar To see what layout you currently use, try this on a terminal emulator in `xorg`: - # setxkbmap -print -verbose 10 + # setxkbmap -print -verbose 10 I'm simply using the default Qwerty (US) keyboard, so there isn't anything I need to change here; if you do need to make any changes, the Arch wiki recommends two ways @@ -447,7 +447,7 @@ of doing it: manually updating [configuration files](https://wiki.archlinux.org/ Now we have to install the desktop environment itself. According to the Arch Linux Package Repository, if we want all of the MATE Desktop, we need to install two packages: - # pacman -Syy mate mate-extra + # pacman -Syy mate mate-extra The last step is to install a Display Manager; for MATE, we will be using `lightdm` (it's the recommended Display Manager for the MATE Desktop); for this, we'll follow the insructions [here](https://wiki.mate-desktop.org/archlinux_custom_repo#display_manager_recommended), @@ -456,14 +456,14 @@ So, instead we will install the `lightdm-gtk-greeter` package; it performs the s We'll also need the `accountsservice` package, which gives us the login window itself: - # pacman -Syy lightdm-gtk3-greeter accountsservice + # pacman -Syy lightdm-gtk3-greeter accountsservice After installing all the required packages, we need to make it so that the MATE Desktop Environment will start automatically, whenever we boot our computer; to do this, we have to enable the display manager, `lightdm`, as well as the service that will prompt us with a login window, `accounts-daemon`: - # systemctl enable lightdm - # systemctl enable accounts-daemon + # systemctl enable lightdm + # systemctl enable accounts-daemon Now you have installed the *MATE Desktop Environment*,If you wanted to install another desktop environment, check out some [other options](https://wiki.archlinux.org/index.php/Desktop_environment) on the the Arch wiki. @@ -477,17 +477,17 @@ about it can be found [here](https://wiki.archlinux.org/index.php/NetworkManager We need to install the NetworkManager package: - # pacman -S networkmanager + # pacman -S networkmanager We will also need the Network Manager applet, which will allow us to manage our networks from the system tray: - # pacman -S network-manager-applet + # pacman -S network-manager-applet Finally, we need to start the service (if we want to use it now), or enable it, (so that it will activate automatically, at startup). - # systemctl enable NetworkManager.service + # systemctl enable NetworkManager.service If you need VPN support, you will also want to install the `networkmanager-openvpn` package. @@ -498,11 +498,11 @@ with Network Manager are** `dhcpcd` **and** `wifi-menu`**.** You can see all currently-running services with this command: - # systemctl --type=service + # systemctl --type=service And you can stop them using this command: - # systemctl stop service_name.service + # systemctl stop service_name.service If you want to disable those services, meaning that you no longer want them to start when the computer boots up, you will need to use `systemctl's` `disable` option, diff --git a/docs/gnulinux/encrypted_parabola.md b/docs/gnulinux/encrypted_parabola.md index c0c395c4..2493b4aa 100644 --- a/docs/gnulinux/encrypted_parabola.md +++ b/docs/gnulinux/encrypted_parabola.md @@ -80,7 +80,7 @@ if it's not new, then there are two ways to handle it: you can either choose to fill it with zeroes or random data; I chose random data (e.g., `urandom`), because it's more secure. Depending on the size of the drive, this could take a while to complete: - # dd if=/dev/urandom of=/dev/sdX; sync + # dd if=/dev/urandom of=/dev/sdX; sync 2. If the drive were previously encrypted, all you need to do is wipe the LUKS header. The size of the header depends upon the specific model of the hard drive; @@ -88,7 +88,7 @@ you can find this information by doing some research online. Refer to this [article](https://www.lisenet.com/2013/luks-add-keys-backup-and-restore-volume-header/), for more information about LUKS headers. You can either fill the header with zeroes, or with random data; again, I chose random data, using `urandom`: - # head -c 3145728 /dev/urandom > /dev/sdX; sync + # head -c 3145728 /dev/urandom > /dev/sdX; sync Also, if you're using an SSD, there are a two things you should keep in mind: @@ -105,7 +105,7 @@ We'll begin by creating a single, large partition on it, and then encrypting it You will need the `device-mapper` kernel module during the installation; this will enable us to set up our encrypted disk. To load it, use the following command: - # modprobe dm-mod + # modprobe dm-mod We then need to select the **device name** of the drive we're installing the operating system on; see the above method, if needed, for figuring out device names. @@ -113,7 +113,7 @@ see the above method, if needed, for figuring out device names. Now that we have the name of the correct device, we need to create the partition on it. For this, we will use the `cfdisk` command: - # cfdisk /dev/sdX + # cfdisk /dev/sdX 1. Use the arrow keys to select your partition, and if there is already a partition on the drive, select **Delete**, and then **New**. @@ -128,8 +128,8 @@ the partition table has been altered. Now that you have created the partition, it's time to create the encrypted volume on it, using the `cryptsetup` command, like this: - # cryptsetup -v --cipher serpent-xts-plain64 --key-size 512 --hash whirlpool \ - >--iter-time 500 --use-random --verify-passphrase luksFormat /dev/sdXY + # cryptsetup -v --cipher serpent-xts-plain64 --key-size 512 --hash whirlpool \ + >--iter-time 500 --use-random --verify-passphrase luksFormat /dev/sdXY These are just recommended defaults; if you want to use anything else, or to find out what options there are, run `man cryptsetup`. @@ -161,25 +161,25 @@ We will create this using, the [Logical Volume Manager (LVM)](https://wiki.archl First, we need to open the LUKS partition, at **/dev/mapper/lvm**: - # cryptsetup luksOpen /dev/sdXY lvm + # cryptsetup luksOpen /dev/sdXY lvm Then, we create LVM partition: - # pvcreate /dev/mapper/lvm + # pvcreate /dev/mapper/lvm Check to make sure tha the partition was created: - # pvdisplay + # pvdisplay Next, we create the volume group, inside of which the logical volumes will be created. For this example, we will call this group **matrix**. You can call yours whatever you would like; just make sure that you remember its name: - # vgcreate matrix /dev/mapper/lvm + # vgcreate matrix /dev/mapper/lvm Check to make sure that the group was created: - # vgdisplay + # vgdisplay Lastly, we need to create the logical volumes themselves, inside the volume group; one will be our swap, cleverly named **swapvol**, and the other will be our root partition, @@ -189,11 +189,11 @@ equally cleverly named as **root**. Also, make sure to [choose an appropriate swap size](http://www.linux.com/news/software/applications/8208-all-about-linux-swap-space) (e.g., **2G** refers to two gigabytes; change this however you see fit): - # lvcreate -L 2G matrix -n swapvol + # lvcreate -L 2G matrix -n swapvol 2. Now, we will create a single, large partition in the rest of the space, for **root**: - # lvcreate -l +100%FREE matrix -n root + # lvcreate -l +100%FREE matrix -n root You can also be flexible here, for example you can specify a **/boot**, a **/**, a **/home**, a **/var**, or a **/usr** volume. For example, if you will be running a @@ -203,7 +203,7 @@ For a home/laptop system (typical use case), just a root and a swap will do. Verify that the logical volumes were created correctly: - # lvdisplay + # lvdisplay #### Make the root and swap Partitions Ready for Installation The last steps of setting up the drive for installation are turning **swapvol** @@ -211,24 +211,24 @@ into an active swap partition, and formatting **root**. To make **swapvol** into a swap partition, we run the `mkswap` (i.e., make swap) command: - # mkswap /dev/mapper/matrix-swapvol + # mkswap /dev/mapper/matrix-swapvol Activate the **swapvol**, allowing it to now be used as swap, using `swapon` (i.e., turn swap on) command: - # swapon /dev/matrix/swapvol + # swapon /dev/matrix/swapvol Now I have to format **root**, to make it ready for installation; I do this with the `mkfs` (i.e., make file system) command. I choose the **ext4** filesystem, but you could use a different one, depending on your use case: - # mkfs.ext4 /dev/mapper/matrix-root + # mkfs.ext4 /dev/mapper/matrix-root Lastly, I need to mount **root**. Fortunately, GNU+Linux has a directory for this very purpose: **/mnt**: - # mount /dev/matrix/root /mnt + # mount /dev/matrix/root /mnt #### Create the /boot and /home Directories Now that you have mounted **root**, you need to create the two most important @@ -238,8 +238,8 @@ as well as each user's personal documents, videos, etc.. Since you mounted **root** at **/mnt**, this is where you must create them; you will do so using `mkdir`: - # mkdir -p /mnt/home - # mkdir -p /mnt/boot + # mkdir -p /mnt/home + # mkdir -p /mnt/boot You could also create two separate partitions for **/boot** and **/home**, but such a setup would be for advanced users, and is thus not covered in this guide. @@ -295,7 +295,7 @@ to boot the operating system. To do this, we need to edit a file called **mkinit More information about this file can be found [here](https://wiki.parabola.nu/Mkinitcpio), but for the sake of this guide, you simply need to run the following command. - # nano /etc/mkinitcpio.conf + # nano /etc/mkinitcpio.conf There are several modifications that we need to make to the file: @@ -325,12 +325,12 @@ that we encounter problems with the default Linux-Libre kernel (which is continu We will also install the `grub` package, which we will need later, to make our modifications to the GRUB configuration file: - # pacman -S linux-libre-lts grub + # pacman -S linux-libre-lts grub Then, we update both kernels like this, using the `mkinitcpio` command: - # mkinitcpio -p linux-libre - # mkinitcpio -p linux-libre-lts + # mkinitcpio -p linux-libre + # mkinitcpio -p linux-libre-lts ### Setting up the Hostname Now we need to set up the hostname for the system; this is so that our device @@ -339,15 +339,15 @@ of the Parabola wiki's Beginner's Guide. You can make the hostname anything you for example, if you wanted to choose the hostname **parabola**, you would run the `echo` command, like this: - # echo parabola > /etc/hostname + # echo parabola > /etc/hostname And then you would modify **/etc/hosts** like this, adding the hostname to it: - # nano /etc/hosts + # nano /etc/hosts - # - 127.0.0.1 localhost.localdomain localhost parabola - ::1 localhost.localdomain localhost parabola + # + 127.0.0.1 localhost.localdomain localhost parabola + ::1 localhost.localdomain localhost parabola ### Configure the Network Now that we have a hostname, we need to configure the settings for the rest of the network. @@ -359,7 +359,7 @@ The **root** account has control over all the files in the computer; for securit we want to protect it with a password. The password requirements given above, for the LUKS passphrase, apply here as well. You will set this password with the `passwd` command: - # passwd + # passwd ### Extra Security Tweaks There are some final changes that we can make to the installation, to make it @@ -369,7 +369,7 @@ significantly more secure; these are based on the [Security](https://wiki.archli We will want to open the configuration file for password settings, and increase the strength of our **root** password: - # nano /etc/pam.d/passwd + # nano /etc/pam.d/passwd Add `rounds=65536` at the end of the uncommented 'password' line; in simple terms, this will force an attacker to take more time with each password guess, mitigating @@ -380,7 +380,7 @@ You can prevent any user, other than the root user, from accessing the most impo directories in the system, using the `chmod` command; to learn more about this command, run `man chmod`: - # chmod 700 /boot /etc/{iptables,arptables} + # chmod 700 /boot /etc/{iptables,arptables} #### Lockout User After Three Failed Login Attempts We can also setup the system to lock a user's account, after three failed login attempts. @@ -388,16 +388,16 @@ We can also setup the system to lock a user's account, after three failed login To do this, we will need to edit the file **/etc/pam.d/system-login**, and comment out this line: - auth required pam\_tally.so onerr=succeed file=/var/log/faillog*\ + auth required pam\_tally.so onerr=succeed file=/var/log/faillog*\ You could also just delete it. Above it, put the following line: - auth required pam\_tally.so deny=2 unlock\_time=600 onerr=succeed file=/var/log/faillog + auth required pam\_tally.so deny=2 unlock\_time=600 onerr=succeed file=/var/log/faillog This configuration will lock the user out for ten minutes. You can unlock a user's account manually, using the **root** account, with this command: - # pam_tally --user *theusername* --reset + # pam_tally --user *theusername* --reset ## Unmount All Partitions and Reboot Congratulations! You have finished the installation of Parabola GNU+Linux-Libre. @@ -405,25 +405,25 @@ Now it is time to reboot the system, but first, there are several preliminary st Exit from `chroot`, using the `exit` command: - # exit + # exit Unmount all of the partitions from **/mnt**, and "turn off" the swap volume: - # umount -R /mnt - # swapoff -a + # umount -R /mnt + # swapoff -a Deactivate the **root** and **swapvol** logical volumes: - # lvchange -an /dev/matrix/root - # lvchange -an /dev/matrix/swapvol + # lvchange -an /dev/matrix/root + # lvchange -an /dev/matrix/swapvol Lock the encrypted partition (i.e., close it): - # cryptsetup luksClose lvm + # cryptsetup luksClose lvm Shutdown the machine: - # shutdown -h now + # shutdown -h now After the machine is off, remove the installation media, and turn it on. @@ -435,11 +435,11 @@ After the computer starts, Press `C` to bring up the GRUB command line. You can either boot the normal kernel, or the LTS kernel we installed; here are the commands for the normal kernel: - grub> cryptomount -a - grub> set root='lvm/matrix-root' - grub> linux /boot/vmlinuz-linux-libre root=/dev/matrix/root cryptdevice=/dev/sda1:root - grub> initrd /boot/initramfs-linux-libre.img - grub> boot + grub> cryptomount -a + grub> set root='lvm/matrix-root' + grub> linux /boot/vmlinuz-linux-libre root=/dev/matrix/root cryptdevice=/dev/sda1:root + grub> initrd /boot/initramfs-linux-libre.img + grub> boot If you're trying to boot the LTS kernel, simply add **-lts** to the end of each command that contains the kernel (e.g., **/boot/vmlinuz-linux-libre** diff --git a/docs/gnulinux/encrypted_trisquel.md b/docs/gnulinux/encrypted_trisquel.md index d8292aba..8768c5c7 100644 --- a/docs/gnulinux/encrypted_trisquel.md +++ b/docs/gnulinux/encrypted_trisquel.md @@ -54,7 +54,7 @@ I recommend combining the *diceware* method with something personal about yourse For example, say that your cat's name is **Max**, and he is three years old; you could do something like this: - diceware_word_1 diceware_word_2 diceware_word_3 diceware_word_4 Max=3old + diceware_word_1 diceware_word_2 diceware_word_3 diceware_word_4 Max=3old This has a large degree of randomness (due to the usage of the *diceware* method), and also contains a unique piece of personal information that someone would need to know you, in order to guess; it's a very potent combination. @@ -153,21 +153,21 @@ The installer will now give you a message that the installation is complete. Cho ## Booting your system At this point, you will have finished the installation. At your GRUB boot screen, press `C` to get to the command line, and enter the following commands at the `grub>` prompt: - grub> cryptomount -a - grub> set root='lvm/grubcrypt-trisquel' - grub> linux /vmlinuz root=/dev/mapper/grubcrypt-trisquel \ - >cryptdevice=/dev/mapper/grubcrypt-trisquel:root - grub> initrd /initrd.img - grub> boot + grub> cryptomount -a + grub> set root='lvm/grubcrypt-trisquel' + grub> linux /vmlinuz root=/dev/mapper/grubcrypt-trisquel \ + >cryptdevice=/dev/mapper/grubcrypt-trisquel:root + grub> initrd /initrd.img + grub> boot Without specifying a device, **cryptomount's** `-a` parameter tries to unlock *all* detected LUKS volumes (i.e., any LUKS-encrypted device that is connected to the system). You can also specify `-u` (for a UUID). Once logged into the operating system, you can find the UUID by using the `blkid` command: - $ sudo blkid + $ sudo blkid ## ecryptfs If you didn't encrypt your home directory, then you can safely ignore this section; if you did choose to encrypt it, then after you log in, you'll need to run this command: - $ sudo ecryptfs-unwrap-passphrase + $ sudo ecryptfs-unwrap-passphrase This will be needed in the future, if you ever need to recover your home directory from another system. Write it down, or (preferably) store it using a password manager (I recommend `keepass`,`keepasX`, or `keepassXC`). diff --git a/docs/gnulinux/grub_boot_installer.md b/docs/gnulinux/grub_boot_installer.md index aaa1165f..085ad34b 100644 --- a/docs/gnulinux/grub_boot_installer.md +++ b/docs/gnulinux/grub_boot_installer.md @@ -12,15 +12,15 @@ If you downloaded your ISO while on an existing GNU+Linux system, here is how to Connect the USB drive. Check `lsblk`, to confirm its device name (e.g., **/dev/sdX**): - $ lsblk + $ lsblk For this example, let's assume that our drive's name is `sdb`. Make sure that it's not mounted: - $ sudo umount /dev/sdb + $ sudo umount /dev/sdb Overwrite the drive, writing your distro ISO to it with `dd`. For example, if we are installing Trisquel 7.0 64-bit, and it's located in our Downloads folder, this is the command we would run: - $ sudo dd if=~/Downloads/trisquel_7.0_amd64.iso of=/dev/sdb bs=8M; sync + $ sudo dd if=~/Downloads/trisquel_7.0_amd64.iso of=/dev/sdb bs=8M; sync That's it! You should now be able to boot the installer from your USB drive (the instructions for doing so will be given later). @@ -36,19 +36,19 @@ how to create the bootable GNU+Linux USB drive: Connect the USB drive. Run `lsblk` to determine which drive it is: - $ lsblk + $ lsblk To confirm that you have the correct drive, use `disklabel`. For example, if you thought the correct drive were **sd3**, run this command: - $ disklabel sd3 + $ disklabel sd3 Make sure that the device isn't mounted, with `doas`; if it is, this command will unmount it: - $ doas umount /dev/sd3i + $ doas umount /dev/sd3i `lsblk` told you what device it is. Overwrite the drive, writing the OpenBSD installer to it with `dd`. Here's an example: - $ doas dd if=gnulinux.iso of=/dev/rsdXc bs=1M; sync + $ doas dd if=gnulinux.iso of=/dev/rsdXc bs=1M; sync That's it! You should now be able to boot the installer from your USB drive (the instructions for doing so will be given later). @@ -59,17 +59,17 @@ That's it! You should now be able to boot the installer from your USB drive (the 3. Boot the USB, and enter these commands in the GRUB terminal (for 64-bit Intel or AMD): - grub> set root='usb0' - grub> linux /install.amd/vmlinuz - grub> initrd /install.amd/initrd.gz - grub> boot + grub> set root='usb0' + grub> linux /install.amd/vmlinuz + grub> initrd /install.amd/initrd.gz + grub> boot 4. If you are on a 32-bit system (e.g. some Thinkpad X60's), you will need to use these commands: - grub> set root='usb0' - grub> linux /install.386/vmlinuz - grub> initrd /install.386/initrd.gz - grub> boot + grub> set root='usb0' + grub> linux /install.386/vmlinuz + grub> initrd /install.386/initrd.gz + grub> boot ## Booting ISOLINUX Images (Automatic Method) Boot it in GRUB using the `Parse ISOLINUX config (USB)` option. A new menu should appear in GRUB, showing the boot options for that distro; this is a GRUB menu, converted from the usual ISOLINUX menu provided by that distro. @@ -79,15 +79,15 @@ These are generic instructions. They may or may not be correct for your distribu If the `ISOLINUX parser` or `Search for GRUB configuration` options won't work, then press `C` in GRUB to access the command line, then run the `ls` command: - grub> ls + grub> ls Get the device name from the above output (e.g., `usb0`). Here's an example: - grub> cat (usb0)/isolinux/isolinux.cfg + grub> cat (usb0)/isolinux/isolinux.cfg Either the output of this command will be the ISOLINUX menuentries for that ISO, or link to other `.cfg` files (e.g, **/isolinux/foo.cfg**). For example, if the file found were **foo.cfg**, you would use this command: - grub> cat (usb0)/isolinux/foo.cfg + grub> cat (usb0)/isolinux/foo.cfg And so on, until you find the correct menuentries for ISOLINUX. @@ -97,14 +97,14 @@ For Debian-based distros (e.g., Trisquel, Devuan), there are typically menuentri Now, look at the ISOLINUX menuentry; it'll look like this: - kernel /path/to/kernel append PARAMETERS initrd=/path/to/initrd ... + kernel /path/to/kernel append PARAMETERS initrd=/path/to/initrd ... GRUB works similarly; here are some example GRUB commands: - grub> set root='usb0' - grub> linux /path/to/kernel PARAMETERS MAYBE\_MORE\_PARAMETERS - grub> initrd /path/to/initrd - grub> boot + grub> set root='usb0' + grub> linux /path/to/kernel PARAMETERS MAYBE\_MORE\_PARAMETERS + grub> initrd /path/to/initrd + grub> boot Note: `usb0` may be incorrect. Check the output of the `ls` command (in GRUB), to see a list of USB devices/partitions. Of course, this will vary from distro to distro. If you did all of that correctly, then it should now be booting your USB drive in the way that you specified. @@ -119,7 +119,7 @@ Use one of the ROM images with `vesafb` in the filename (uses Coreboot framebuff ### debian-installer Graphical Corruption in Text-Mode (Debian and Devuan) When using the ROM images that use Coreboot's `text mode`, instead of the Coreboot framebuffer, booting the Debian or Devuan net installer results in graphical corruption, because it is trying to switch to a framebuffer, which doesn't exist. Use that kernel parameter on the `linux` line, when booting it: - vga=normal fb=false + vga=normal fb=false This forces debian-installer to start in `text-mode`, instead of trying to switch to a framebuffer. diff --git a/docs/gnulinux/grub_cbfs.md b/docs/gnulinux/grub_cbfs.md index d3222e66..b76dd654 100644 --- a/docs/gnulinux/grub_cbfs.md +++ b/docs/gnulinux/grub_cbfs.md @@ -31,11 +31,11 @@ which (if you don't know) allows you to download files from the internet. If you don't already have it installed, you can install it, using the `apt-get` command (in Debian-based distributions): - $ sudo apt-get install wget + $ sudo apt-get install wget You can install it in Arch-based systems, using `pacman`: - $ sudo pacman -S wget + $ sudo pacman -S wget Once you've installed `wget`, use it to download the file, simply by passing it the URL as an argument; you can save the file anywhere, @@ -43,23 +43,23 @@ but for the purpose of this guide, save it in **~/Downloads** (your **Home** directory's downloads folder). First, change the current working directory to **~/Downloads**: - $ cd ~/Downloads + $ cd ~/Downloads This guide assumes you are using the **20160907** version of Libreboot; if using a different version, modify the following commands accordingly: - $ wget https://www.mirrorservice.org/sites/libreboot.org/release/stable/20160907/\ - >libreboot_r20160907_util.tar.xz + $ wget https://www.mirrorservice.org/sites/libreboot.org/release/stable/20160907/\ + >libreboot_r20160907_util.tar.xz After the file is downloaded, use the `tar` command to extract its contents: - $ tar -xf libreboot_r20160907_util.tar.xz + $ tar -xf libreboot_r20160907_util.tar.xz After extraction, the folder will have the same name as the archive: in this case, **libreboot\_r20160907\_util**. For simplicity's sake, we'll rename it **libreboot\_util**, using the `mv` command: - $ mv "libreboot_r20160907_util" "libreboot_util" + $ mv "libreboot_r20160907_util" "libreboot_util" Now you have the folder with all the utilities necessary to read and modify the contents of the ROM. @@ -78,11 +78,11 @@ You could also compile both of these utilities; see [How to Build flashrom](../g `flashrom` is also available from the repositories; if using an Arch-based distribution, use `pacman`: - $ sudo pacman -S flashrom + $ sudo pacman -S flashrom Or, if you have a Debian-based distribution, use `apt-get`: - $ sudo apt-get install flashrom + $ sudo apt-get install flashrom ### Get the ROM Image You can either work directly with one of the ROM images already included @@ -102,12 +102,12 @@ variable flash chip sizes only apply for the Thinkpads that Libreboot supports ( You can find the flash chip size, by running the following command: - # flashrom -p internal -V + # flashrom -p internal -V Look for a line like this: - Found Macronix flash chip "MX25L6406E/MX25L6408E" (8192 kB, SPI) \ - mapped at physical address 0x00000000ff800000. + Found Macronix flash chip "MX25L6406E/MX25L6408E" (8192 kB, SPI) \ + mapped at physical address 0x00000000ff800000. Running this command on my Thinkpad X200 gives me the above result, so I know that my flash chip size is **8mb**. @@ -118,30 +118,30 @@ to download the correct ROM images for that model. First, we're going to navigate to the **libreboot\_util** folder: - $ cd ~/Downloads/libreboot_util/ + $ cd ~/Downloads/libreboot_util/ Then, we will download the ROM images, using `wget`: - $ wget https://www.mirrorservice.org/sites/libreboot.org/release/stable/\ - 20160907/rom/grub/libreboot_r20160907_grub_x200_8mb.tar.xz + $ wget https://www.mirrorservice.org/sites/libreboot.org/release/stable/\ + >20160907/rom/grub/libreboot_r20160907_grub_x200_8mb.tar.xz Extract the archive, using `tar`: - $ tar -xf libreboot_r20160907_grub_x200_8mb.tar.xz + $ tar -xf libreboot_r20160907_grub_x200_8mb.tar.xz Navigate to the directory that you just created: - $ cd libreboot_r20160907_grub_x200_8mb + $ cd libreboot_r20160907_grub_x200_8mb Now that we are in the archive, we must choose the correct ROM image. To figure out the correct image, we must first parse the filenames for each ROM. For example, for the file named **x200_8mb_usqwerty_vesafb.rom**: - Model Name: x200 - Flash Chip Size: 8mb - Country: us - Keyboard Layout: qwerty - ROM Type: vesafb or txtmode + Model Name: x200 + Flash Chip Size: 8mb + Country: us + Keyboard Layout: qwerty + ROM Type: vesafb or txtmode Since I am using a QWERTY keyboard, I will ignore all the non-QWERTY options. Note that there are two types of ROMs: **vesafb** and **txtmode**; @@ -152,19 +152,19 @@ used by coreboot native graphics initialization. I'll choose **x200_8mb_usqwerty_vesafb.rom**; I'll copy the file (to the `cbfstool` directory), and rename it with one command: - $ mv "x200_8mb_usqwerty_vesafb.rom" ../cbfstool/x86_64/cbfstool/x86_64/libreboot.rom + $ mv "x200_8mb_usqwerty_vesafb.rom" ../cbfstool/x86_64/cbfstool/x86_64/libreboot.rom #### 2. Create an Image from the Current ROM The simpler way to get a ROM image is to just create it from your current ROM, using `flashrom`, making sure to save it in the `cbfstool` folder, inside **libreboot\_util**: - $ sudo flashrom -p internal -r ~/Downloads/libreboot_util/cbfstool/\ - x86_64/cbfstool/x86_64/libreboot.rom + $ sudo flashrom -p internal -r ~/Downloads/libreboot_util/cbfstool/\ + >x86_64/cbfstool/x86_64/libreboot.rom If you are told to specify the chip, add the option `-c {your chip}` to the command, like this: - $ sudo flashrom -c MX25L6405 -p internal -r ~/Downloads/libreboot_util/\ - cbfstool/x86_64/cbfstool/x86_64/libreboot.rom + $ sudo flashrom -c MX25L6405 -p internal -r ~/Downloads/libreboot_util/\ + >cbfstool/x86_64/cbfstool/x86_64/libreboot.rom Now you are ready to extract the GRUB configuration files from the ROM, and modify them the way you want. @@ -173,12 +173,12 @@ Now you are ready to extract the GRUB configuration files from the ROM, and modi You can check the contents of the ROM image, inside CBFS, using `cbfstool`. First, navigate to the cbfstool folder: - $ cd ~/Downloads/libreboot_util/cbfstool/x86_64/cbfstool/x86_64/ + $ cd ~/Downloads/libreboot_util/cbfstool/x86_64/cbfstool/x86_64/ Then, run the `cbfstool` commmand, with the `print` option; this will display a list of all the files located in the ROM: - $ ./cbfstool libreboot.rom print + $ ./cbfstool libreboot.rom print You should see **grub.cfg** and **grubtest.cfg** in the list. **grub.cfg** is loaded by default, with a menu entry for switching to **grubtest.cfg**. In @@ -187,7 +187,7 @@ reduce the possibility of bricking your device, so *DO NOT SKIP THIS!* Extract (i.e., get a copy of ) **grubtest.cfg** from the ROM image: - $ ./cbfstool libreboot.rom extract -n grubtest.cfg -f grubtest.cfg + $ ./cbfstool libreboot.rom extract -n grubtest.cfg -f grubtest.cfg By default `cbfstool` will extract files to the current working directory; so, **grubtest.cfg** should appear in the same folder as **libreboot.rom**. @@ -199,24 +199,24 @@ or the one located in the ROM, the modifications will be the same. Once the file is open, look for the following line (it will be towards the bottom of the file): - menuentry 'Load Operating System [o]' --hotkey='o' --unrestricted + menuentry 'Load Operating System [o]' --hotkey='o' --unrestricted After this line, there will be an opening bracket **{**, followed by a several lines of code, and then a closing bracket **}**; delete everything that is between those two brackets, and replace it with the following code, if you're using an Arch-based disribution (e.g., Parabola GNU+Linux-Libre): - cryptomount -a - set root='lvm/matrix-root' - linux /boot/vmlinuz-linux-libre root=/dev/matrix/root cryptdevice=/dev/sda1:root \ - cryptkey=rootfs:/etc/mykeyfile - initrd /boot/initramfs-linux-libre.img + cryptomount -a + set root='lvm/matrix-root' + linux /boot/vmlinuz-linux-libre root=/dev/matrix/root cryptdevice=/dev/sda1:root \ + cryptkey=rootfs:/etc/mykeyfile + initrd /boot/initramfs-linux-libre.img Or, replace it with this, if you are using a Debian-based distribution (e.g., Trisquel GNU+Linux): - cryptomount -a - set root='lvm/matrix-rootvol' - linux /vmlinuz root=/dev/mapper/matrix-rootvolcryptdevice=/dev/mapper/matrix-rootvol:root - initrd /initrd.img + cryptomount -a + set root='lvm/matrix-rootvol' + linux /vmlinuz root=/dev/mapper/matrix-rootvolcryptdevice=/dev/mapper/matrix-rootvol:root + initrd /initrd.img Remember, that these names come from the instructions to install GNU+Linux on Libreboot systems, located [here](index.md). If you followed different instructions, @@ -243,8 +243,8 @@ the main storage for **/boot/grub/libreboot\_grub.cfg** or **/grub/libreboot\_gr Therefore, we need to either copy **libreboot\_grub.cfg** to **/grub**, or to **/boot/grub**: - $ sudo cp ~/Downloads/libreboot_util/cbfstool/x86_64/cbfstool/x86_64/grubtest.cfg \ - >/boot/grub # or /grub + $ sudo cp ~/Downloads/libreboot_util/cbfstool/x86_64/cbfstool/x86_64/grubtest.cfg \ + >/boot/grub # or /grub Now, the next time we boot our computer, GRUB (in Libreboot) will automatically switch to this configuration file. *This means that you do not have to re-flash, @@ -259,11 +259,11 @@ Now that you have the modified **grubtest.cfg**, we need to remove the old **grubtest.cfg** from the ROM, and put in our new one. To remove the old one, we will use `cbfstool`: - $ ./cbfstool libreboot.rom remove -n grubtest.cfg + $ ./cbfstool libreboot.rom remove -n grubtest.cfg Then, add the new one to the ROM: - $ ./cbfstool libreboot.rom add -n grubtest.cfg -f grubtest.cfg -t raw + $ ./cbfstool libreboot.rom add -n grubtest.cfg -f grubtest.cfg -t raw #### Change MAC address in ROM The last step before flashing the new ROM, is to change the MAC address inside it. @@ -286,12 +286,12 @@ and look for a set of characters like this: `00:f3:f0:45:91:fe`. Next, you need to move **libreboot.rom** to the following folder; this is where the executable for `ich9gen` is located: - $ mv libreboot.rom ~/Downloads/libreboot_r20160907_util/ich9deblob/ + $ mv libreboot.rom ~/Downloads/libreboot_r20160907_util/ich9deblob/ Once there, run the following command, making sure to use your own MAC address, instead of what's written below: - $ ./ich9gen --macaddress XX:XX:XX:XX:XX:XX + $ ./ich9gen --macaddress XX:XX:XX:XX:XX:XX Three new files will be created: @@ -304,11 +304,11 @@ if your flash chip size is **8mb**, you'll want to use **ich9fdgbe_8m.bin**. Now, insert this file (called the `descriptor+gbe`) into the ROM image, using `dd`: - dd if=ich9fdgbe_8m.bin of=libreboot.rom bs=1 count=12k conv=notrunc + $ dd if=ich9fdgbe_8m.bin of=libreboot.rom bs=1 count=12k conv=notrunc Move **libreboot.rom** back to the **libreboot\_util** directory: - $ mv libreboot.rom ~/Downloads/libreboot_util + $ mv libreboot.rom ~/Downloads/libreboot_util You are finally ready to flash the ROM! @@ -316,18 +316,18 @@ You are finally ready to flash the ROM! The last step of flashing the ROM requires us to change our current working directory to **libreboot\_util**: - $ cd ~/Downloads/libreboot_util + $ cd ~/Downloads/libreboot_util Now, all we have to do is use the `flash` script in this directory, with the `update` option, using **libreboot.rom** as the argument: - $ sudo ./flash update libreboot.rom + $ sudo ./flash update libreboot.rom Ocassionally, coreboot changes the name of a given board. If `flashrom` complains about a board mismatch, but you are sure that you chose the correct ROM image, then run this alternative command: - $ sudo ./flash forceupdate libreboot.rom + $ sudo ./flash forceupdate libreboot.rom You will see the `flashrom` program running for a little while, and you might see errors, but if it says `Verifying flash... VERIFIED` at the end, then it’s flashed, @@ -354,11 +354,11 @@ of **grubtest.cfg**, called **grub.cfg**. First, go to the `cbfstool` directory: - $ cd ~/Downloads/libreboot_util/cbfstool/x86_64/cbfstool/x86_64/ + $ cd ~/Downloads/libreboot_util/cbfstool/x86_64/cbfstool/x86_64/ Then, create a copy of **grubest.cfg**, named **grub.cfg**: - $ cp grubtest.cfg ./grub.cfg + $ cp grubtest.cfg ./grub.cfg Now you will use the `sed` command to make several changes to the file: the menu entry `'Switch to grub.cfg'` will be changed to `Switch to grubtest.cfg`, @@ -367,25 +367,25 @@ This is so that the main configuration still links (in the menu) to **grubtest.c so that you don't have to manually switch to it, in case you ever want to follow this guide again in the future (modifying the already modified config).: - $ sed -e 's:(cbfsdisk)/grub.cfg:(cbfsdisk)/grubtest.cfg:g' -e \ - >'s:Switch to grub.cfg:Switch to grubtest.cfg:g' < grubtest.cfg > \ - >grub.cfg + $ sed -e 's:(cbfsdisk)/grub.cfg:(cbfsdisk)/grubtest.cfg:g' -e \ + >'s:Switch to grub.cfg:Switch to grubtest.cfg:g' < grubtest.cfg > \ + >grub.cfg Move **libreboot.rom** from **libreboot\_util** to your current directory: - $ mv ~/Downloads/libreboot_util/libreboot.rom . + $ mv ~/Downloads/libreboot_util/libreboot.rom . Delete the **grub.cfg** that's already inside the ROM: - $ ./cbfstool libreboot.rom remove -n grub.cfg + $ ./cbfstool libreboot.rom remove -n grub.cfg Add your modified **grub.cfg** to the ROM: - $ ./cbfstool libreboot.rom add -n grub.cfg -f grub.cfg -t raw + $ ./cbfstool libreboot.rom add -n grub.cfg -f grub.cfg -t raw Move **libreboot.rom** back to **libreboot\_util**: - $ mv libreboot.rom ../.. + $ mv libreboot.rom ../.. If you don't remember how to flash it, refer back to the *Flash Updated ROM Image*, above; it's the same method as you used before. Afterwards, reboot the machine with your new configuration. -- cgit v1.2.3-70-g09d2