Ben's notes

Linux, Unix, network, radio...

User Tools

Site Tools

Trace:
pc_engines_apu2_arch_linux

Link to this comparison view

Both sides previous revisionPrevious revision
Next revision		Previous revision
Next revisionBoth sides next revision
pc_engines_apu2_arch_linux [2019/12/30 18:14] adminpc_engines_apu2_arch_linux [2019/12/30 18:36] admin
Line 27: Line 27:
  
 ====Install Arch Linux==== ====Install Arch Linux====
-The next steps will install Arch Linux on a encrypted root filesystem. +  [[https://wiki.archlinux.org/index.php/installation_guide]] 
- +  * Configure serial consolewhen still in chroot and just before the reboot.<code>
-===Partitions and filesystems=== +
-  * Secure erase SSD +
-    Check that device is not frozen:<code># hdparm -I /dev/sdX +
-Security:  +
- Master password revision code = 65534 +
- supported +
- not enabled +
- not locked +
- not frozen +
- not expired: security count +
- supported: enhanced erase +
- 2min for SECURITY ERASE UNIT2min for ENHANCED SECURITY ERASE UNIT. +
-</code> +
-    * Set password, any password will do, it will be reset to NULL after erasing.<code> +
-# hdparm --user-master u --security-set-pass Meu3lieY43 /dev/sdX +
-security_password: "Meu3lieY43" +
- +
-/dev/sda: +
- Issuing SECURITY_SET_PASS command, password="Meu3lieY43", user=user, mode=high +
-</code> +
-    * Check that password is ''enabled'':<code> +
-# hdparm -I /dev/sdX +
-Security:  +
- Master password revision code = 65534 +
- supported +
- enabled</code> +
-    * Secure erase SSD:<code># hdparm --user-master u --security-erase Meu3lieY43 /dev/sdX +
-security_password: "Meu3lieY43" +
- +
-/dev/sda: +
- Issuing SECURITY_ERASE command, password="Meu3lieY43", user=user</code> +
-    * Check that master password is supported, but not enabled:<code> +
-# hdparm -I /dev/sdX +
-Security:  +
- Master password revision code = 65534 +
- supported +
- +
-</code> +
-  * Partition the SSD:<code> +
-+
-echo o     # Create a new empty DOS partition table +
-echo n     # Add a new partition +
-echo p     # Primary partition +
-echo 1     # Partition number +
-echo       # First sector (Accept default: 1) +
-echo +256M # Last sector (Accept default: varies) +
-echo n     # Add a new partition +
-echo p     # Primary partition +
-echo 2     # Partition number +
-echo       # First sector (Accept default) +
-echo       # Last sector (Accept defaultrest of the drive) +
-echo w     # Write changes +
-) | sudo fdisk /dev/sdX +
-</code> +
-  * You might reboot if you cannot use the new partitions yet:<code> +
-# partprobe /dev/sda                                                                                  :( +
-Error: Partition(s) 2 on /dev/sda have been written, but we have been unable to inform the kernel of the change, probably because it/they are in use.  As a result, the old partition(s) will remain in use.  You should reboot now before making further changes. +
-</code> +
-  * Create the /boot and root filesystems:<code> +
- +
- +
-# cryptsetup -y -v luksFormat /dev/sdX2 +
-# cryptsetup open /dev/sdX2 cryptroot +
-# mkfs.ext4 /dev/mapper/cryptroot +
-# mount /dev/mapper/cryptroot /mnt +
- +
-# mkfs.ext4 /dev/sdX1 +
-# mkdir /mnt/boot +
-# mount /dev/sdX1 /mnt/boot +
-</code> +
- +
-===Install Arch Linux=== +
-  * Copy Arch Linux to the new filesystems:<code># pacstrap /mnt base</code> +
-  * Generate a fstab:<code># genfstab -L /mnt >> /mnt/etc/fstab</code> +
-  * Chroot into the new system:<code># arch-chroot /mnt</code> +
-  * Set root password:<code># passwd root</code> +
-  * Setup system clock:<code> +
-# ln -s /usr/share/zoneinfo/Europe/Stockholm /etc/localtime +
-# hwclock --systohc --utc</code> +
-  * Set the hostname:<code># echo MYHOSTNAME > /etc/hostname</code> +
-  * Update locale:<code># vi /etc/locale.gen +
-# locale-gen</code> +
-  * Add encryption hook:<code># vi /etc/mkinitcpio.conf  +
-HOOKS="base udev autodetect modconf keyboard keymap block encrypt filesystems keyboard fsck" +
-</code> +
-  * Generate new initramfs:<code># mkinitcpio -p linux</code> +
-  * Install bootloader:<code># pacman -S grub +
-# grub-install /dev/sda +
-# grub-mkconfig -o /boot/grub/grub.cfg +
-</code> +
-  * Modify kernel options for decrypting the root filesystem:<code> +
-# vi /etc/default/grub +
-GRUB_CMDLINE_LINUX="cryptdevice=UUID=<device-UUID>:cryptroot" +
- +
-</code> +
-  * Configure serial port:<code>+
 # vi /etc/default/grub   # add options below # vi /etc/default/grub   # add options below
 GRUB_CMDLINE_LINUX_DEFAULT="console=tty0 console=ttyS0,115200n8" GRUB_CMDLINE_LINUX_DEFAULT="console=tty0 console=ttyS0,115200n8"
Line 137: Line 41:
   * Make new grub config:<code># grub-mkconfig -o /boot/grub/grub.cfg</code>   * Make new grub config:<code># grub-mkconfig -o /boot/grub/grub.cfg</code>
   * Reboot and connect with 115200 baud.   * Reboot and connect with 115200 baud.
- 
-====Post install==== 
-  * Configure network:<code> 
-# cp /etc/netctl/examples/ethernet-static /etc/netctl 
- 
-# vi /etc/netctl/ethernet-static 
- 
-# netctl list 
-# netctl start ethernet-static 
-# netctl enable ethernet-static 
-</code> 
-  * Add users 
-  * Enable SSH:<code> 
-# pacman -S openssh 
-# systemctl enable sshd 
-# systemctl start sshd 
-</code> 
-  * Configure simple firewall:<code> 
-# pacman -S ufw 
-# ufw default deny 
-# ufw allow SSH 
-# ufw enable 
-</code> 
-  * Configure timekeeping: <code> 
-vi /etc/systemd/timesyncd.conf 
-# timedatectl set-ntp true 
-</code> 
  
  
 {{tag>[hardware apu arch linux]}} {{tag>[hardware apu arch linux]}}
pc_engines_apu2_arch_linux.txt · Last modified: 2021/10/09 15:14 by 127.0.0.1