You are not logged in.
- Topics: Active | Unanswered
#1 2015-06-12 00:41:47
- genEric
- Member
- From: Sweden
- Registered: 2013-09-26
- Posts: 38
[solved] Partition layout for Grub (GPT/Bios), and TRIM questions
Hi all,
I've got my self a new (old) 17" laptop (yaaay), and I'm about to do a new installation on it. This time I'll do a different setup. After doing my research before I install it, I have a few questions. 
More to confirm it'll be ok.
My previous install(s) have usually been a (~)250Mb boot partition for Syslinux, and then the partition for LVM with N mountpoints. Now I plan to use Grub2 and LVM on LUKS, and using an SSD. Will add a SATA disk later for a few partitions on that one.
So, first question is about the partition layout. I know with Grub2 on GTP/Bios (eg. no UEFI), one need to use an xtra 1MB partition for that. A lot of examples are simular to:
sdX1 grub_bios 1MB
sdX2 /boot nnnMB
sdX3 crypt/LVM +100%But also seen examples like this one ... with just a small(er) bios partition + an LVM, like my previous install. I guess that will work to, but if someone could say it's ok before I try it, it would feel better.
Perhaps the 3 partition layout is better if I plan to move the bootpartition to a USBstick later? Or would that work anyway - with the boot code on the stick as well - not just the “/boot”?
SSD (TRIM)
I haven't used an SSD before (on Linux), but I had one xtra now I planned to put it in the laptop, and later on replace the DVD with the mechanical one - when I get a converter for that. But the question is about all the misc. “discard” options.
To setup TRIM:
cryptsetup (luksOpen --allow-discards)
crypttab (,allow-discards)
fstab (,discard) # per entry
grub (:allow-discards)4 places, right? Or have I missed any one?
Keys (LUKS)
Planning to just use manual entries to begin with but later add keyfiles on a USB stick, like this example at the ArchBang forum.
Now... I've been trying really hard to find an old article I read (somewhere) a year ago or so, but couldn't find it. It was either about LUKS or Geli (on FreeBSD). But the idea was to put the keys between 2 partitions on the USB stick, in the unformatted area. I liked the idea in general. Anyone who could give a basic example of that, or have a pointer to an article for more reading?
I think it was about to random out the stick, add the 2'nd partition with a small gap and then read a chunk of the random code in between as the key. Or if they used “dd” to put the “file” in that area.
Thanks for any help.
· Eric
Last edited by genEric (2015-06-12 15:16:31)
[genEric@…] ~$
Offline
#2 2015-06-12 05:37:14
- grandtheftjiujitsu
- Member
- Registered: 2013-07-27
- Posts: 91
Re: [solved] Partition layout for Grub (GPT/Bios), and TRIM questions
/boot should work on a USBstick, but you'll want to specify the boot order in your BIOS. You also probably want to make use of the UUIDs in your fstab rather than /dev/sdXY, or find out which USB ports are read first and always use that one for your USBboot.
Same thing with the USBkey, but specify that it should be mounted in fstab and use the respective destination of the keyfile in your crypttab. The key file can be any file, for example, some random.jpg already on your thumb drive; just don't delete it.
I'm don't know about for GRUB, but I think it will work fine only specifying the "discard" option in your fstab. I don't recall ever having to use a special option for cryptsetup or in crypttab. I don't know if there is a reason to run TRIM / discard on an encrypted volume (e.g., different than a filesystem to be mounted).
Offline
#3 2015-06-12 07:10:40
- Head_on_a_Stick
- Member
- From: London
- Registered: 2014-02-20
- Posts: 7,769
- Website
Re: [solved] Partition layout for Grub (GPT/Bios), and TRIM questions
I can't help directly (I've never used LVM/LUKS), but:
But also seen examples like this one
Do not follow any advice in that guide: the author's first sequence of commands are `pacman -Syy` followed by `pacman -S gdisk` -- this may break your system.
https://wiki.archlinux.org/index.php/Pa … nsupported
Also, non-EFI support with GPT disks is firmware dependent and may not work at all.
https://wiki.archlinux.org/index.php/GU … OS_systems
Offline
#4 2015-06-12 11:48:07
- genEric
- Member
- From: Sweden
- Registered: 2013-09-26
- Posts: 38
Re: [solved] Partition layout for Grub (GPT/Bios), and TRIM questions
/boot should work on a USBstick, but you'll want to specify the boot order in your BIOS. You also probably want to make use of the UUIDs in your fstab rather than /dev/sdXY, or find out which USB ports are read first and always use that one for your USBboot.
Same thing with the USBkey, but specify that it should be mounted in fstab and use the respective destination of the keyfile in your crypttab. The key file can be any file, for example, some random.jpg already on your thumb drive; just don't delete it.
I'm don't know about for GRUB, but I think it will work fine only specifying the "discard" option in your fstab. I don't recall ever having to use a special option for cryptsetup or in crypttab. I don't know if there is a reason to run TRIM / discard on an encrypted volume (e.g., different than a filesystem to be mounted).
Thanks for your reply... Yes of course I use UUID's, the names I used was for the layout example(s), weither I can use a 2partition layout, or “must” go with 3.
Yes, an image file is an alterative, but I'd really like to see how I could do like the “betwwen the partitions”-example I read about once.
I can't help directly (I've never used LVM/LUKS), but:
genEric wrote:But also seen examples like this one
Do not follow any advice in that guide: the author's first sequence of commands are `pacman -Syy` followed by `pacman -S gdisk` -- this may break your system.
https://wiki.archlinux.org/index.php/Pa … nsupportedAlso, non-EFI support with GPT disks is firmware dependent and may not work at all.
https://wiki.archlinux.org/index.php/GU … OS_systems
No, sorry for the confusion. I'm not following that giude... I have my own installation notes from previous installs. It was just the example about the 2 partition layout compared to using 3 with that 1MB sized one for the boot code.
GTP hasn't been any problems before (using Syslinux), even on older hardware I've used than this laptop. (knock on wood).
About the different partition layouts I mentioned, I guess the main questions is: Can I use a 2 partition layout and skip the 1'st 1MB sized?
[genEric@…] ~$
Offline
#5 2015-06-12 12:40:45
- frostschutz
- Member
- Registered: 2013-11-15
- Posts: 1,422
Re: [solved] Partition layout for Grub (GPT/Bios), and TRIM questions
sdX1 grub_bios 1MB sdX2 /boot nnnMB sdX3 crypt/LVM +100%
This is common for setups that use GPT partitions but prefer the traditional grub boot over the new-style EFI stuff.
I usually squeeze the grub_bios partition before the first partition that starts at 1MiB offset. So bios_grub goes from sector 64-2047 (for 512 Byte sectors).
cryptsetup (luksOpen --allow-discards) crypttab (,allow-discards) fstab (,discard) # per entry grub (:allow-discards)
Except for fstab those three examples all refer to cryptsetup's allow-discards, which you need if you encrypt your SSD but want to use TRIM anyway. TRIM will make free space visible on your disk - which is not a problem for most people.
The fstab discard flag will TRIM everything instantly; the alternative is to have a cron job that does 'fstrim' once per week or month. I prefer 'fstrim' because that way, if you have an accident (deleted the wrong file), you can disable the cron job, and then still have some chance of recovery. TRIM discards data - what's gone is gone and there have been bugs in the (very recent) past that caused data loss. Have a very good backup if you use the TRIM feature of your SSD.
But the idea was to put the keys between 2 partitions on the USB stick, in the unformatted area.
From a security point of view, that is nonsense.
If you feel the need to hide your keyfiles, I suggest you encrypt them instead, so you have both: /boot on USB, the USB in your pocket with your door keys (so no one steals or modifies it in your absence), keyfiles on the USB, and keyfiles password protected.
I've previously described that setup here: https://bbs.archlinux.org/viewtopic.php … 1#p1502651
But if you're just starting out with encryption don't worry too much about it, LUKS lets you change passphrases any time so you can set this kind of thing up later - if you feel you need more than the regular passphrase, which is secure as long as: no one installs a keylogger and no one modifies your /boot partition.
Offline
#6 2015-06-12 14:03:37
- genEric
- Member
- From: Sweden
- Registered: 2013-09-26
- Posts: 38
Re: [solved] Partition layout for Grub (GPT/Bios), and TRIM questions
genEric wrote:sdX1 grub_bios 1MB sdX2 /boot nnnMB sdX3 crypt/LVM +100%This is common for setups that use GPT partitions but prefer the traditional grub boot over the new-style EFI stuff.
I usually squeeze the grub_bios partition before the first partition that starts at 1MiB offset. So bios_grub goes from sector 64-2047 (for 512 Byte sectors).
Yes, it looks like the common way, desripbed in both the eiki an my “guides”. But would it be totally wrong (unpractical) to only use 2 ... meaning, put the boot code and /boot content on the same partition, and make that partition, let's say ~ 250-300MB?
The “squeezing part”, is that to get a better alignment?
cryptsetup (luksOpen --allow-discards) crypttab (,allow-discards) fstab (,discard) # per entry grub (:allow-discards)Except for fstab those three examples all refer to cryptsetup's allow-discards, which you need if you encrypt your SSD but want to use TRIM anyway. TRIM will make free space visible on your disk - which is not a problem for most people.
The fstab discard flag will TRIM everything instantly; the alternative is to have a cron job that does 'fstrim' once per week or month. I prefer 'fstrim' because that way, if you have an accident (deleted the wrong file), you can disable the cron job, and then still have some chance of recovery. TRIM discards data - what's gone is gone and there have been bugs in the (very recent) past that caused data loss. Have a very good backup if you use the TRIM feature of your SSD.
Thanks for clarifying that part. I saw that “fstrim” alternative to, and yes - that might be a better option.
Yes, backup-backup-backup...
But the idea was to put the keys between 2 partitions on the USB stick, in the unformatted area.
From a security point of view, that is nonsense.
If you feel the need to hide your keyfiles, I suggest you encrypt them instead, so you have both: /boot on USB, the USB in your pocket with your door keys (so no one steals or modifies it in your absence), keyfiles on the USB, and keyfiles password protected.
I've previously described that setup here: https://bbs.archlinux.org/viewtopic.php … 1#p1502651
But if you're just starting out with encryption don't worry too much about it, LUKS lets you change passphrases any time so you can set this kind of thing up later - if you feel you need more than the regular passphrase, which is secure as long as: no one installs a keylogger and no one modifies your /boot partition.
That is definitely something I'll look into later. Looks really interesting. Thanks.
So, I'd guess I might want to get back to you on that one, if it's ok.
No, it's not much of security in that (put in between partitions), more than if someone plugs it in - it will look like a normal portable storage, with misc files, docs, images etc.
For now it will just be a setup so it works, and I'll do changes later. That's why I also wondered about the partition layout, in regard to that - to eventually move things to a USB key.
I'm most at home, and when I'm out I don't leave it unattended. Perhaps when I visit my mother, it'll sit alone in her apartment. The laptop will be used most as a complement to my desktop(s) and when travelling. But, this one is ok (enough) to use it temporarily as my main computer, while I make my switch (eg computers & OS).
[genEric@…] ~$
Offline
#7 2015-06-12 14:11:37
- frostschutz
- Member
- Registered: 2013-11-15
- Posts: 1,422
Re: [solved] Partition layout for Grub (GPT/Bios), and TRIM questions
But would it be totally wrong (unpractical) to only use 2 ... meaning, put the boot code and /boot content on the same partition, and make that partition, let's say ~ 250-300MB?
You can do this with msdos partition only.
With gpt you have the choice between using EFI (vfat) /boot partition or bios_grub partition + root partition (or + boot partition + encrypted root partition).
You can not combine the bios_grub partition with /boot. The bios_grub partition is just a place for grub to dump it's core program, it's not a filesystem.
The “squeezing part”, is that to get a better alignment?
No, and you don't have to follow that advice, I just like to point out it's possible - if all other partitions are MiB aligned, you can put bios_grub before the 1st MiB. Essentially the same thing happens with msdos partitions, it just doesn't tell you where it goes.
Alignment of the boot loader does not matter, it boots and done. Alignment of the data partitions is what matters.
Last edited by frostschutz (2015-06-12 14:12:29)
Offline
#8 2015-06-12 15:15:42
- genEric
- Member
- From: Sweden
- Registered: 2013-09-26
- Posts: 38
Re: [solved] Partition layout for Grub (GPT/Bios), and TRIM questions
genEric wrote:But would it be totally wrong (unpractical) to only use 2 ... meaning, put the boot code and /boot content on the same partition, and make that partition, let's say ~ 250-300MB?
You can do this with msdos partition only.
With gpt you have the choice between using EFI (vfat) /boot partition or bios_grub partition + root partition (or + boot partition + encrypted root partition).
You can not combine the bios_grub partition with /boot. The bios_grub partition is just a place for grub to dump it's core program, it's not a filesystem.
The “squeezing part”, is that to get a better alignment?
No, and you don't have to follow that advice, I just like to point out it's possible - if all other partitions are MiB aligned, you can put bios_grub before the 1st MiB. Essentially the same thing happens with msdos partitions, it just doesn't tell you where it goes.
Alignment of the boot loader does not matter, it boots and done. Alignment of the data partitions is what matters.
I've have used Syslinyx before with that setup + the gptmbr hybrid code one add in there for GPT. When I saw that other guide using the same layout (2 partitions) with GPT, I hoped that would work ... and I would get more|less same as before. But I'll go with 3 then.
Thanks...
· Eric
I'll mark this solved now, since I've got answers on all questions.
[genEric@…] ~$
Offline
#9 2015-06-12 15:26:40
- frostschutz
- Member
- Registered: 2013-11-15
- Posts: 1,422
Re: [solved] Partition layout for Grub (GPT/Bios), and TRIM questions
Can't say anything about syslinux, I was referring to grub2.
Offline
#10 2015-06-12 21:47:48
- Head_on_a_Stick
- Member
- From: London
- Registered: 2014-02-20
- Posts: 7,769
- Website
Re: [solved] Partition layout for Grub (GPT/Bios), and TRIM questions
@OP: A BIOS Boot Partition is only needed for GRUB on a GPT disk -- syslinux does not need one.
https://wiki.archlinux.org/index.php/Sy … tion_table
Offline