Differences between version 8 and previous revision of CyberLeo/BootstrapGentoo.
Other diffs: Previous Major Revision, Previous Author
| Newer page: | version 8 | Last edited on Saturday, 17 September 2011 22:29:30 | by CyberLeo | Revert |
| Older page: | version 7 | Last edited on Monday, 14 March 2011 10:50:18 | by CyberLeo | Revert |
@@ -1,67 +1,91 @@
-<code brush="bash">
OCz Vertex 2 probably has an eraseblock size of 512kiB, so 1MB alignment works
+Same with Kingston SSDNow V-series
Pregap only needs 32 sectors; boot only needs about 16MB
-Make sure luks
partition (type 0x44)
is aligned to 2048 sectors (1MB) on both sides!
+Make sure LUKS
partition is aligned to 2048 sectors (1MB) on both sides!
Leave about 40MB at the end. Might as well
+Here's a layout for MBR:
+<pre>
p start end size type
----------------------------------------
p 0 31 32 0x00 # Pregap
1 32 34815 34784 0x83 # Boot
2 34816 107380735 107345920 0x44 # LUKS
3 107380736 107463887 83152 0x00 # SSD-padding
+</pre>
-cryptsetup luksFormat -v -s 256 -c aes-xts
-essiv:sha256 -h sha1 --align-payload 2048 /dev/sda2
+Here's a layout for GPT: Note the presence of EFIboot (32MB FAT32 /boot filesystem) and BIOSboot (where the GRUB2 stage1.5 code). Once again, make sure the LUKS partition is aligned to 2048 sectors (1MB) on both sides!
+
+<small>Ended up using Windows 7 installer to create the necessary GPT stuff; apparently the boot settings manager in the system configuration rom does not set it up correctly.</small>
+
+<pre>
+----start ------end -----size -----type ----name
+ 0 0 1 pmbr ----
+ 1 33 33 GPT ----
+ 34 67583 67550 efi EFIboot
+ 67584 107462655 107395072 LUKS LUKS
+107462656 107463854 1199 boot BIOSboot
+107463855 107463887 33 GPT ----
+</pre>
+
+<code brush="bash"?
+# Create the encrypted store
+# aes-xts-plain and aes-cbc-essiv:sha256 are equivalent, since they both mask the watermarking attacks present in aes-cbc-plain; aes-xts-essiv:sha256 is unnecessary.
+
cryptsetup luksFormat -v -s 256 -c aes-cbc
-essiv:sha256 -h sha1 --align-payload 2048 /dev/sda2
cryptsetup luksOpen /dev/sda2 mapajani
+
+# Obfuscate all empty space on the backing store
badblocks -b1024 -c1024 -vvwt 0x00 /dev/mapper/mapajani # Or random or whatever; just need to write every sector of the raw dev
+
+# Carve up the encrypted store using LVM
lvm pvcreate --verbose --metadatasize 1000k /dev/mapper/mapajani
-lvm pvs -oname,vg_mda_size,pe_start --units s
+lvm pvs -oname,vg_mda_size,pe_start --units s # Make sure 'pe_start' is a multiple of 2048 (1MB)
lvm vgcreate --verbose mapajani /dev/mapper/mapajani
-lvm pvs -oname,vg_mda_size,pe_start --units s
+lvm pvs -oname,vg_mda_size,pe_start --units s # Output changes; make sure 'pe_start' is a multiple of 2048 (1MB)
lvm lvcreate --verbose --extents 12079 --name root mapajani
lvm lvcreate --verbose --extents 1024 --name swap mapajani
+# If using MBR:
mke2fs -vvt ext2 -L mapajani-boot /dev/sda1
+# If using GPT:
+mkdosfs -vvF32 -n mapajani-boot /dev/sda1
+
+# Make root and swap:
mke2fs -vvt ext4 -E lazy_itable_init=1 -L mapajani-root /dev/mapper/mapajani-root
mkswap -f -L mapajani-swap /dev/mapper/mapajani-swap
-
</code>
-GPT?
-
+When reconstituting an existing image, do something like this:
<code brush="bash">
-----start
------end
-----size
-----type
- 0 0 1 pmbr
- 1 33 33 GPT
- 34 34815 34782 efi
- 34816 107462655 107427840 LUKS
-107462656 107463853 1198 unused
-107463854 107463886 33 GPT
-<
/code>
+mkdir
-p /media/dst
+mount
-t ext4
-orelatime /dev/mapper/mapajani
-root /media/dst
+# Copy critical stuff first
+( cd /media/src/root; rsync
--archive
--hard
-links
--progress
--sparse
--stats
--verbose +boot bin boot etc lib lib32 lib64 sbin /media/dst/ )
+# Copy core stuff next
+( cd /media/src/root; rsync
--archive
--hard-links --progress --sparse --stats --verbose dev root usr var /media/dst/ )
+# Copy all the rest
+( cd /media/src/root; rsync --archive --hard-links --progress --sparse --stats --verbose ./ /media/dst
/ )
-uEFI won'
t boot from that. Since mkdosfs was giving warnings, try with a larger EFI part?
+# Mount stuff to prepare for chroot
+# For MBR:
+mount -
t ext2 -orelatime /dev/sda1 /media/dst/
boot
+# For GPT:
+mount -t vfat -orelatime /dev/sda1 /media/dst/boot
+# Prepare for chroot
+mount -t devtmpfs devtmpfs /media/dst/dev
+mount -t devpts devpts /media/dst/dev/pts
+mount -t proc procfs /media/dst/proc
+mount -t sysfs sysfs /media/dst/sysfs
-<code brush="bash">
-----start ------end -----size -----type
- 0 0 1 pmbr
- 1 33 33 GPT
- 34 206847 206814 efi
- 206848 107462655 107255808 LUKS
-107462656 107463853 1198 unused
-107463854 107463886 33 GPT
-<
/code>
+# Chroot:
+chroot
/media/dst bash
-Nope. That didn't work either.
+# Install boot
+rsync --archive --hard-links --progress --sparse --stats --verbose /+boot/ /boot/
-Ended up using Windows 7 installer to create the necessary GPT stuff; apparently the boot settings manager in the system configuration rom does not set it up correctly.
-
-<code brush="plain">
-----start ------end -----size -----type ----name
- 0 0 1 pmbr ----
- 1 33 33 GPT ----
- 34 67583 67550 efi EFIboot
- 67584 107462655 107395072 LUKS LUKS
-107462656 107463854 1199 boot BIOSboot
-107463855 107463887 33 GPT ---
-
+# Install grub
+grub
-install /dev/sda
</code>
+
+Make sure to update grub boot to include the new LUKS UUID so it can be autoloaded by initrd
version 8
OCz Vertex 2 probably has an eraseblock size of 512kiB, so 1MB alignment works Same with Kingston SSDNow V-series
Pregap only needs 32 sectors; boot only needs about 16MB Make sure LUKS partition is aligned to 2048 sectors (1MB) on both sides! Leave about 40MB at the end. Might as well
Here's a layout for MBR:
p start end size type ---------------------------------------- p 0 31 32 0x00 # Pregap 1 32 34815 34784 0x83 # Boot 2 34816 107380735 107345920 0x44 # LUKS 3 107380736 107463887 83152 0x00 # SSD-padding
Here's a layout for GPT: Note the presence of EFIboot (32MB FAT32 /boot filesystem) and BIOSboot (where the GRUB2 stage1.5 code). Once again, make sure the LUKS partition is aligned to 2048 sectors (1MB) on both sides!
Ended up using Windows 7 installer to create the necessary GPT stuff; apparently the boot settings manager in the system configuration rom does not set it up correctly.
----start ------end -----size -----type ----name
0 0 1 pmbr ----
1 33 33 GPT ----
34 67583 67550 efi EFIboot
67584 107462655 107395072 LUKS LUKS
107462656 107463854 1199 boot BIOSboot
107463855 107463887 33 GPT ----
# Create the encrypted store # aes-xts-plain and aes-cbc-essiv:sha256 are equivalent, since they both mask the watermarking attacks present in aes-cbc-plain; aes-xts-essiv:sha256 is unnecessary. cryptsetup luksFormat -v -s 256 -c aes-cbc-essiv:sha256 -h sha1 --align-payload 2048 /dev/sda2 cryptsetup luksOpen /dev/sda2 mapajani # Obfuscate all empty space on the backing store badblocks -b1024 -c1024 -vvwt 0x00 /dev/mapper/mapajani # Or random or whatever; just need to write every sector of the raw dev # Carve up the encrypted store using LVM lvm pvcreate --verbose --metadatasize 1000k /dev/mapper/mapajani lvm pvs -oname,vg_mda_size,pe_start --units s # Make sure 'pe_start' is a multiple of 2048 (1MB) lvm vgcreate --verbose mapajani /dev/mapper/mapajani lvm pvs -oname,vg_mda_size,pe_start --units s # Output changes; make sure 'pe_start' is a multiple of 2048 (1MB) lvm lvcreate --verbose --extents 12079 --name root mapajani lvm lvcreate --verbose --extents 1024 --name swap mapajani # If using MBR: mke2fs -vvt ext2 -L mapajani-boot /dev/sda1 # If using GPT: mkdosfs -vvF32 -n mapajani-boot /dev/sda1 # Make root and swap: mke2fs -vvt ext4 -E lazy_itable_init=1 -L mapajani-root /dev/mapper/mapajani-root mkswap -f -L mapajani-swap /dev/mapper/mapajani-swap
When reconstituting an existing image, do something like this:
mkdir -p /media/dst mount -t ext4 -orelatime /dev/mapper/mapajani-root /media/dst # Copy critical stuff first ( cd /media/src/root; rsync --archive --hard-links --progress --sparse --stats --verbose +boot bin boot etc lib lib32 lib64 sbin /media/dst/ ) # Copy core stuff next ( cd /media/src/root; rsync --archive --hard-links --progress --sparse --stats --verbose dev root usr var /media/dst/ ) # Copy all the rest ( cd /media/src/root; rsync --archive --hard-links --progress --sparse --stats --verbose ./ /media/dst/ ) # Mount stuff to prepare for chroot # For MBR: mount -t ext2 -orelatime /dev/sda1 /media/dst/boot # For GPT: mount -t vfat -orelatime /dev/sda1 /media/dst/boot # Prepare for chroot mount -t devtmpfs devtmpfs /media/dst/dev mount -t devpts devpts /media/dst/dev/pts mount -t proc procfs /media/dst/proc mount -t sysfs sysfs /media/dst/sysfs # Chroot: chroot /media/dst bash # Install boot rsync --archive --hard-links --progress --sparse --stats --verbose /+boot/ /boot/ # Install grub grub-install /dev/sda
Make sure to update grub boot to include the new LUKS UUID so it can be autoloaded by initrd