Note: You are viewing an old version of this page. View the current version.

Differences between version 11 and predecessor to the previous major change of CyberLeo/BootstrapGentoo.

Other diffs: Previous Revision, Previous Author

Newer page: version 11 Last edited on Saturday, 17 September 2011 22:34:50 by CyberLeo Revert
Older page: version 7 Last edited on Monday, 14 March 2011 10:50:18 by CyberLeo Revert
@@ -1,67 +1,91 @@
-<code brush="bash">  
- OCz Vertex 2 probably has an eraseblock size of 512kiB, so 1MB alignment works 
+OCz Vertex 2 probably has an eraseblock size of 512kiB, so 2048 sector ( 1MB) alignment works  
+Same with Kingston SSDNow V-series  
  
 Pregap only needs 32 sectors; boot only needs about 16MB 
-Make sure luks partition (type 0x44) is aligned to 2048 sectors (1MB) on both sides! 
+Make sure LUKS partition is aligned to 2048 sectors (1MB) on both sides! 
 Leave about 40MB at the end. Might as well 
  
+Here's a layout for MBR:  
+<pre>  
 p start end size type 
 ---------------------------------------- 
 p 0 31 32 0x00 # Pregap 
 1 32 34815 34784 0x83 # Boot 
 2 34816 107380735 107345920 0x44 # LUKS 
 3 107380736 107463887 83152 0x00 # SSD-padding 
+</pre>  
  
-cryptsetup luksFormat -v -s 256 -c aes-xts -essiv:sha256 -h sha1 --align-payload 2048 /dev/sda2 
+Here's a layout for GPT: Note the presence of EFIboot (32MB FAT32 /boot filesystem) and BIOSboot (where the GRUB2 stage1.5 code resides). Once again, make sure the LUKS partition is aligned to 2048 sectors (1MB) on both sides!  
+  
+<small>Ended up using Windows 7 installer to create the necessary GPT stuff; apparently the boot settings manager in the system configuration rom does not set it up correctly.</small>  
+  
+<pre>  
+----start ------end -----size -----type ----name  
+ 0 0 1 pmbr ----  
+ 1 33 33 GPT ----  
+ 34 67583 67550 efi EFIboot  
+ 67584 107462655 107395072 LUKS LUKS  
+107462656 107463854 1199 boot BIOSboot  
+107463855 107463887 33 GPT ----  
+</pre>  
+  
+<code brush="bash">  
+# Create the encrypted store  
+# aes-xts-plain and aes-cbc-essiv:sha256 are equivalent, since they both mask the watermarking attacks present in aes-cbc-plain; aes-xts-essiv:sha256 is unnecessary.  
+ cryptsetup luksFormat -v -s 256 -c aes-cbc -essiv:sha256 -h sha1 --align-payload 2048 /dev/sda2 
 cryptsetup luksOpen /dev/sda2 mapajani 
+  
+# Obfuscate all empty space on the backing store  
 badblocks -b1024 -c1024 -vvwt 0x00 /dev/mapper/mapajani # Or random or whatever; just need to write every sector of the raw dev 
+  
+# Carve up the encrypted store using LVM  
 lvm pvcreate --verbose --metadatasize 1000k /dev/mapper/mapajani 
-lvm pvs -oname,vg_mda_size,pe_start --units s 
+lvm pvs -oname,vg_mda_size,pe_start --units s # Make sure 'pe_start' is a multiple of 2048 (1MB)  
 lvm vgcreate --verbose mapajani /dev/mapper/mapajani 
-lvm pvs -oname,vg_mda_size,pe_start --units s 
+lvm pvs -oname,vg_mda_size,pe_start --units s # Output changes; make sure 'pe_start' is a multiple of 2048 (1MB)  
 lvm lvcreate --verbose --extents 12079 --name root mapajani 
 lvm lvcreate --verbose --extents 1024 --name swap mapajani 
  
+# If using MBR:  
 mke2fs -vvt ext2 -L mapajani-boot /dev/sda1 
+# If using GPT:  
+mkdosfs -vvF32 -n mapajani-boot /dev/sda1  
+  
+# Make root and swap:  
 mke2fs -vvt ext4 -E lazy_itable_init=1 -L mapajani-root /dev/mapper/mapajani-root 
 mkswap -f -L mapajani-swap /dev/mapper/mapajani-swap 
-  
 </code> 
  
-GPT?  
-  
+When reconstituting an existing image, do something like this:  
 <code brush="bash"> 
-----start ------end -----size -----type  
- 0 0 1 pmbr  
- 1 33 33 GPT  
- 34 34815 34782 efi  
- 34816 107462655 107427840 LUKS  
-107462656 107463853 1198 unused  
-107463854 107463886 33 GPT  
-< /code>  
+mkdir -p /media/dst  
+mount -t ext4 -orelatime /dev/mapper/mapajani -root /media/dst  
+# Copy critical stuff first  
+( cd /media/src/root; rsync --archive --hard -links --progress --sparse --stats --verbose +boot bin boot etc lib lib32 lib64 sbin /media/dst/ )  
+# Copy core stuff next  
+( cd /media/src/root; rsync --archive --hard-links --progress --sparse --stats --verbose dev root usr var /media/dst/ )  
+# Copy all the rest  
+( cd /media/src/root; rsync --archive --hard-links --progress --sparse --stats --verbose ./ /media/dst / )  
  
-uEFI won' t boot from that. Since mkdosfs was giving warnings, try with a larger EFI part?  
+# Mount stuff to prepare for chroot  
+# For MBR:  
+mount - t ext2 -orelatime /dev/sda1 /media/dst/ boot  
+# For GPT:  
+mount -t vfat -orelatime /dev/sda1 /media/dst/boot  
+# Prepare for chroot  
+mount -t devtmpfs devtmpfs /media/dst/dev  
+mount -t devpts devpts /media/dst/dev/pts  
+mount -t proc procfs /media/dst/proc  
+mount -t sysfs sysfs /media/dst/sysfs  
  
-<code brush="bash">  
-----start ------end -----size -----type  
- 0 0 1 pmbr  
- 1 33 33 GPT  
- 34 206847 206814 efi  
- 206848 107462655 107255808 LUKS  
-107462656 107463853 1198 unused  
-107463854 107463886 33 GPT  
-< /code>  
+# Chroot:  
+chroot /media/dst bash  
  
-Nope. That didn't work either.  
+# Install boot  
+rsync --archive --hard-links --progress --sparse --stats --verbose /+boot/ /boot/  
  
-Ended up using Windows 7 installer to create the necessary GPT stuff; apparently the boot settings manager in the system configuration rom does not set it up correctly.  
-  
-<code brush="plain">  
-----start ------end -----size -----type ----name  
- 0 0 1 pmbr ----  
- 1 33 33 GPT ----  
- 34 67583 67550 efi EFIboot  
- 67584 107462655 107395072 LUKS LUKS  
-107462656 107463854 1199 boot BIOSboot  
-107463855 107463887 33 GPT ---
+# Install grub  
+grub -install /dev/sda  
 </code> 
+  
+Make sure to update grub boot to include the new LUKS UUID so it can be autoloaded by initrd  

version 11

OCz Vertex 2 probably has an eraseblock size of 512kiB, so 2048 sector (1MB) alignment works Same with Kingston SSDNow V-series

Pregap only needs 32 sectors; boot only needs about 16MB Make sure LUKS partition is aligned to 2048 sectors (1MB) on both sides! Leave about 40MB at the end. Might as well

Here's a layout for MBR:

p      start        end       size  type
----------------------------------------
p          0         31         32  0x00 # Pregap
1         32      34815      34784  0x83 # Boot
2      34816  107380735  107345920  0x44 # LUKS
3  107380736  107463887      83152  0x00 # SSD-padding

Here's a layout for GPT: Note the presence of EFIboot (32MB FAT32 /boot filesystem) and BIOSboot (where the GRUB2 stage1.5 code resides). Once again, make sure the LUKS partition is aligned to 2048 sectors (1MB) on both sides!

Ended up using Windows 7 installer to create the necessary GPT stuff; apparently the boot settings manager in the system configuration rom does not set it up correctly.

----start  ------end  -----size  -----type  ----name
        0          0          1       pmbr      ----
        1         33         33        GPT      ----
       34      67583      67550        efi   EFIboot
    67584  107462655  107395072       LUKS      LUKS
107462656  107463854       1199       boot  BIOSboot
107463855  107463887         33        GPT      ----
# Create the encrypted store
# aes-xts-plain and aes-cbc-essiv:sha256 are equivalent, since they both mask the watermarking attacks present in aes-cbc-plain; aes-xts-essiv:sha256 is unnecessary.
cryptsetup luksFormat -v -s 256 -c aes-cbc-essiv:sha256 -h sha1 --align-payload 2048 /dev/sda2
cryptsetup luksOpen /dev/sda2 mapajani

# Obfuscate all empty space on the backing store
badblocks -b1024 -c1024 -vvwt 0x00 /dev/mapper/mapajani # Or random or whatever; just need to write every sector of the raw dev

# Carve up the encrypted store using LVM
lvm pvcreate --verbose --metadatasize 1000k /dev/mapper/mapajani
lvm pvs -oname,vg_mda_size,pe_start --units s # Make sure 'pe_start' is a multiple of 2048 (1MB)
lvm vgcreate --verbose mapajani /dev/mapper/mapajani
lvm pvs -oname,vg_mda_size,pe_start --units s # Output changes; make sure 'pe_start' is a multiple of 2048 (1MB)
lvm lvcreate --verbose --extents 12079 --name root mapajani
lvm lvcreate --verbose --extents 1024 --name swap mapajani

# If using MBR:
mke2fs -vvt ext2 -L mapajani-boot /dev/sda1
# If using GPT:
mkdosfs -vvF32 -n mapajani-boot /dev/sda1

# Make root and swap:
mke2fs -vvt ext4 -E lazy_itable_init=1 -L mapajani-root /dev/mapper/mapajani-root
mkswap -f -L mapajani-swap /dev/mapper/mapajani-swap

When reconstituting an existing image, do something like this:

mkdir -p /media/dst
mount -t ext4 -orelatime /dev/mapper/mapajani-root /media/dst
# Copy critical stuff first
( cd /media/src/root; rsync --archive --hard-links --progress --sparse --stats --verbose +boot bin boot etc lib lib32 lib64 sbin /media/dst/ )
# Copy core stuff next
( cd /media/src/root; rsync --archive --hard-links --progress --sparse --stats --verbose dev root usr var /media/dst/ )
# Copy all the rest
( cd /media/src/root; rsync --archive --hard-links --progress --sparse --stats --verbose ./ /media/dst/ )

# Mount stuff to prepare for chroot
# For MBR:
mount -t ext2 -orelatime /dev/sda1 /media/dst/boot
# For GPT:
mount -t vfat -orelatime /dev/sda1 /media/dst/boot
# Prepare for chroot
mount -t devtmpfs devtmpfs /media/dst/dev
mount -t devpts devpts /media/dst/dev/pts
mount -t proc procfs /media/dst/proc
mount -t sysfs sysfs /media/dst/sysfs

# Chroot:
chroot /media/dst bash

# Install boot
rsync --archive --hard-links --progress --sparse --stats --verbose /+boot/ /boot/

# Install grub
grub-install /dev/sda

Make sure to update grub boot to include the new LUKS UUID so it can be autoloaded by initrd