"Arch By Hand" UEFI GPT SSD LUKS Install Script

the.ridikulus.rat · 2012-04-06 07:45:37

Ahadiel wrote:

the.ridikulus.rat wrote:
Fixed scripts:
Patch: http://sprunge.us/jAeY?diff
archbyhand_efi_crypto.sh: http://sprunge.us/cSeX?sh
archbyhand_efi.sh: http://sprunge.us/HYUN?sh
Changes:
Added proper /proc, /sys, /dev bind mounts for TARGET_PACMAN and CHROOT operations
Load the efivars and dm-mod modules before chrooting (kernel version mismatch)
Separate /boot and /boot/efi (UEFISYS)
/boot/efi = 512 MiB FAT32
/boot = 400 MiB ext3
grub2 2.00beta3 grub-install fix
Fix efibootmgr path
Which version of Archboot did you test this on?

This requires updated grub2 packages from extra (2.00beta3), not the Archboot's local copy (1.99) . So it won't work if you have not updated the packages list via "pacman -Sy" first. Also I changed only the bootloader commands (and related fixes), not the LVM/LUKS part as I do not know anything about such things (never tried such a setup).

Dieter@be · 2012-04-06 09:12:16

Hey guys, since I had a bunch of problems with the install resulting from the script, I tried to port the script to an aif automatic profile, and running it on archiso
This is what I currently have http://pastie.org/3737804
it seems to work mostly fine, except that after loading the efivars module there's no /sys/firmware/efi (do you need to boot through EFI for this to work? archiso still boots the old way), so the efibootmgr command is commented out for now. I assumed I could reuse an old entry as created by the arch-by-hand script but somehow that also doesn't work (when i select a boot entry, it returns to the same boot menu)

the.ridikulus.rat · 2012-04-06 09:23:22

Dieter@be wrote:

Hey guys, since I had a bunch of problems with the install resulting from the script, I tried to port the script to an aif automatic profile, and running it on archiso
This is what I currently have http://pastie.org/3737804
it seems to work mostly fine, except that after loading the efivars module there's no /sys/firmware/efi (do you need to boot through EFI for this to work? archiso still boots the old way), so the efibootmgr command is commented out for now.

Yes, for efibootmgr to work, you need to be booted in UEFI mode - https://wiki.archlinux.org/index.php/Un … es_Support

EDIT: Archiso UEFI boot support (still baking) https://github.com/djgera/archiso/commi … 87a9a4c343 - not via grub2, requires EFISTUB enabled kernel (>=3.3) and only x86_64 UEFI + x86_64 kernel support . Archboot supports x86_64 UEFI + both i686 and x86_64 kernels via grub2.

EDIT 2: You need to remove "--no-floppy" from grub-install command, in both your custom arch-by-hand script and aif profile, it has been replaced by --allow-floppy .

I assumed I could reuse an old entry as created by the arch-by-hand script but somehow that also doesn't work (when i select a boot entry, it returns to the same boot menu)

Yesterday in IRC you said the efibootmgr created boot entries work properly. Try deleting all the manually created entries using efibootmgr (http://linux.dell.com/cgi-bin/gitweb/gi … ME;hb=HEAD) and retry the arch-by-hand script.

EDIT: The reason the previous entries do not work is because the UEFI boot entries are referenced using the Unique Partition GUID (UUID) of the GPT partition. The arch-by-hand script erases the partition table and recreates a new GPT table in which the partitions have different Unique GUIDs and the boot entries naturally fail. Therefore before running the script, manually remove stale boot entries using efibootmgr.

Eg: Running

sudo efibootmgr --create --gpt --disk /dev/sda --part 1 --write-signature --label "SHELL 2.0" --loader '\efi\shell\shellx64.efi'

creates

Boot0001* SHELL 2.0 HD(1,800,c8000,540d80fd-d4a7-4fcb-b9d3-658c5f1db02b)File(\efi\shell\shellx64.efi)

where "540d80fd-d4a7-4fcb-b9d3-658c5f1db02b" is the Unique GPT GUID of /dev/sda1 (stored in the GPT table, independent of the underlying FS or FS UUIDs)

Last edited by the.ridikulus.rat (2012-04-06 11:03:55)

the.ridikulus.rat · 2012-04-06 10:14:21

For creating a UEFI bootable Archiso based USB

1. Download one of the Archiso files with x86_64 Linux >=3.3 kernel from http://releng.archlinux.org/isos/ (any iso after 10-APR-2012).
2. Format any USB as FAT32 and label (FS) it with <ARCHISO_LABEL> corresponding to the iso
3. Extract the Archiso ISO contents to the USB FAT32 partition.

4. Replace (USB) with the actual mountpoint of the USB FAT32 partition.

# mkdir -p (USB)/EFI/{archiso,boot}
# cp (USB)/arch/boot/x86_64/vmlinuz (USB)/EFI/archiso/vmlinuz.efi
# cp (USB)/arch/boot/x86_64/archiso.img (USB)/EFI/archiso/archiso.img
# wget -O (USB)/EFI/boot/bootx64.efi https://edk2.svn.sourceforge.net/svnroot/edk2/trunk/edk2/EdkShellBinPkg/FullShell/X64/Shell_Full.efi
# wget -O (USB)/EFI/boot/startup.nsh http://projects.archlinux.org/archiso.git/plain/configs/releng/efiboot/EFI/boot/startup.nsh

5. Replace %INSTALL_DIR% with "arch" (without quotes) in (USB)/EFI/boot/startup.nsh .
6. Replace %ARCHISO_LABEL% with <ARCHISO_LABEL> corresponding to the iso, in (USB)/EFI/boot/startup.nsh .
7. (Optional) Copy the aif profile from https://bbs.archlinux.org/viewtopic.php … 3#p1084283 .
8. Reboot

Last edited by the.ridikulus.rat (2012-04-17 17:35:31)

djgera · 2012-04-06 15:55:33

Steps 4 to 7 replace with (needs mtools and assumed that your ISO is EFI enabled, this is build agains my efi_Stub tree, just one patch ahead of master)

mcopy -s -i (USB)/EFI/archiso/efiboot.img ::/EFI (USB)/

EDIT: Optionally remove uneeded efiboot.img from (USB)

rm (USB)/EFI/archiso/efiboot.img

Last edited by djgera (2012-04-06 15:57:57)

the.ridikulus.rat · 2012-04-08 06:13:56

EDIT: Fixed efibootmgr duplicate entries, added quotes for ${INSTALL_TARGET} .

Diff: https://github.com/the-ridikulus-rat/ar … e/uefi_fix
archbyhand_efi_crypto.sh: https://github.com/the-ridikulus-rat/ar … _crypto.sh
archbyhand_efi.sh: https://github.com/the-ridikulus-rat/ar … and_efi.sh

Dieterbe's aif profile - efibootmgr and grub-install fixes - https://github.com/the-ridikulus-rat/ar … b2-uefi.sh
Diff - http://sprunge.us/jJWS?diff

EDIT: Unload efivars and do not run efibootmgr when used in Apple Macs, in all the 3 scripts.

Last edited by the.ridikulus.rat (2012-04-08 18:42:00)

Dieter@be · 2012-04-08 16:40:30

allright! using the original aif profile i showed (but the efibootmgr line enabled again) + archiso image built per the.ridikulus.rat's instructions with these testbuilds: http://releng.archlinux.org/isos/2012.0 … 1-testing/
I got a efi-booting archiso usb stick, ran the aif script, and the install worked fine and the new system is running I just need to tweak inittab to be able to still see all boot messages because due to the SSD everything happens way too fast

beta990 · 2012-04-10 10:46:30

New version works great with Archboot 2012.01:

#!/bin/bash

set -o nounset

# Globals
INSTALL_TARGET="/install"
HR="--------------------------------------------------------------------------------"
PACMAN="pacman --noconfirm --config /tmp/pacman.conf"
TARGET_PACMAN="pacman --noconfirm --config /tmp/pacman.conf -r ${INSTALL_TARGET}"
FILE_URL="file:///packages/core-$(uname -m)/pkg"
FTP_URL='ftp://ftp.nluug.nl/pub/os/Linux/distr/archlinux/$repo/os/$arch'
HTTP_URL='http://ftp.nluug.nl/pub/os/Linux/distr/archlinux/$repo/os/$arch'

# ------------------------------------------------------------------------
# Initialize
# ------------------------------------------------------------------------

# Warn
# ------------------------------------------------------------------------
timer=9
timer=1
echo -n "This procedure will completely format /dev/sda. Please cancel with ctrl-c to cancel within $timer seconds..."
while [[ $timer -gt 0 ]]
do
	sleep 1
	let timer-=1
	echo -en "$timer seconds..."
done

echo "STARTING"

# Get Network
# ------------------------------------------------------------------------
echo -n "Waiting for network address.."
#dhclient eth0
dhcpcd -p eth0
echo -n "Network address acquired."

# Mount packages squashfs images
# ------------------------------------------------------------------------
umount "/packages/core-$(uname -m)"
umount "/packages/core-any"
rm -rf "/packages/core-$(uname -m)"
rm -rf "/packages/core-any"

mkdir -p "/packages/core-$(uname -m)"
mkdir -p "/packages/core-any"

modprobe -q loop
modprobe -q squashfs
mount -o ro,loop -t squashfs "/src/packages/archboot_packages_$(uname -m).squashfs" "/packages/core-$(uname -m)"
mount -o ro,loop -t squashfs "/src/packages/archboot_packages_any.squashfs" "/packages/core-any"

# Create temporary pacman.conf file
# ------------------------------------------------------------------------
cat << PACMANEOF > /tmp/pacman.conf
[options]
Architecture = auto
CacheDir = ${INSTALL_TARGET}/var/cache/pacman/pkg
CacheDir = /var/cache/pacman/pkg
CacheDir = /packages/core-$(uname -m)/pkg
CacheDir = /packages/core-any/pkg
SigLevel = Never

[core]
Server = ${FILE_URL}
Server = ${FTP_URL}
Server = ${HTTP_URL}

[extra]
Server = ${FILE_URL}
Server = ${FTP_URL}
Server = ${HTTP_URL}
PACMANEOF

# Prepare pacman
# ------------------------------------------------------------------------
${PACMAN} -Sy

# Install prereqs from network (not on archboot media)
# ------------------------------------------------------------------------
echo -e "\nInstalling prereqs...\n$HR"
sed -i "s/^#S/S/" /etc/pacman.d/mirrorlist
sed -i -e '/# PGP signature checking/ a\SigLevel = Never' /etc/pacman.conf
${PACMAN} -Sy gptfdisk btrfs-progs

# ------------------------------------------------------------------------
# Configure Host
# ------------------------------------------------------------------------

#echo -e "\nFormatting disk...\n$HR"

# disk prep
#sgdisk -Z /dev/sda # zap all on disk
#sgdisk -a 2048 -o /dev/sda # new gpt disk 2048 alignment

# create partitions
#sgdisk -n 1:0:+512M /dev/sda # partition 1 (UEFI SYS), default start block, 512MB
#sgdisk -n 2:0:+400M /dev/sda # partition 2 (BOOT), default start block, 400MB
#sgdisk -n 3:0:+4G /dev/sda # partition 3 (SWAP), default start block, 4GB
#sgdisk -n 4:0:0 /dev/sda # partition 4, (LUKS), default start, remaining space
#sgdisk -n 4:0:0 /dev/sda # partition 4, (Arch Linux), default start, remaining space

# set partition types
#sgdisk -t 1:ef00 /dev/sda
#sgdisk -t 2:8300 /dev/sda
#sgdisk -t 3:8200 /dev/sda
#sgdisk -t 4:8300 /dev/sda

# label partitions
#sgdisk -c 1:"UEFISYS" /dev/sda
#sgdisk -c 2:"BOOT" /dev/sda
#sgdisk -c 3:"SWAP" /dev/sda
#sgdisk -c 4:"LUKS" /dev/sda

# make filesystems
echo -e "\nCreating Filesystems...\n$HR"
#mkfs.vfat -F32 -n "UEFISYS" /dev/sda1
mkfs.ext2 -L "BOOT" /dev/sdb1
mkswap -L "SWAP" /dev/sda3
#swapon /dev/sda3
mkfs.ext4 -L "ARCHLINUX" /dev/sda4
mkfs.ext4 -L "HOME" /dev/sdb2
mkfs.ext4 -L "VAR" /dev/sdb3

# mount target
mkdir "${INSTALL_TARGET}"
mount -t ext4 /dev/sda4 "${INSTALL_TARGET}"
mkdir "${INSTALL_TARGET}"/boot
mount -t ext2 /dev/sdb1 "${INSTALL_TARGET}"/boot
mkdir "${INSTALL_TARGET}"/boot/efi
mount -t vfat /dev/sda1 "${INSTALL_TARGET}"/boot/efi
mkdir "${INSTALL_TARGET}"/home
mount -t ext4 /dev/sdb2 "${INSTALL_TARGET}"/home
mkdir "${INSTALL_TARGET}"/var
mount -t ext4 /dev/sdb3 "${INSTALL_TARGET}"/var

# Fix permission issues
chmod 755 "${INSTALL_TARGET}"/home
chmod 755 "${INSTALL_TARGET}"/var

# ------------------------------------------------------------------------
# Prepare to chroot to target
# ------------------------------------------------------------------------

if [[ "$(cat "/sys/class/dmi/id/sys_vendor")" == 'Apple Inc.' ]] || [[ "$(cat "/sys/class/dmi/id/sys_vendor")" == 'Apple Computer, Inc.' ]]; then
    modprobe -r -q efivars || true
else
    modprobe -q efivars
fi

modprobe -q dm-mod

# ------------------------------------------------------------------------
# mount proc, sys, dev in install root
# ------------------------------------------------------------------------
mkdir -p "${INSTALL_TARGET}"/proc
mkdir -p "${INSTALL_TARGET}"/sys
mkdir -p "${INSTALL_TARGET}"/dev
# mkdir -p "${INSTALL_TARGET}"/tmp

mount -o bind /proc "${INSTALL_TARGET}"/proc
mount -o bind /sys "${INSTALL_TARGET}"/sys
mount -o bind /dev "${INSTALL_TARGET}"/dev
# mkdir -o bind /tmp "${INSTALL_TARGET}"/tmp

mkdir -m 755 -p "${INSTALL_TARGET}"/tmp
cp /tmp/pacman.conf "${INSTALL_TARGET}"/tmp/pacman.conf

# ------------------------------------------------------------------------
# Install base, necessary utilities
# ------------------------------------------------------------------------
[[ ! -d "${INSTALL_TARGET}/var/cache/pacman/pkg" ]] && mkdir -m 755 -p "${INSTALL_TARGET}/var/cache/pacman/pkg"
[[ ! -d "${INSTALL_TARGET}/var/lib/pacman" ]] && mkdir -m 755 -p "${INSTALL_TARGET}/var/lib/pacman"

sed -i -e '/# PGP signature checking/ a\SigLevel = Never' ${INSTALL_TARGET}/etc/pacman.conf
${TARGET_PACMAN} -Sy

# curl could be installed later but we want it ready for rankmirrors
${TARGET_PACMAN} -Su base curl

${TARGET_PACMAN} -R grub
cp -r "${INSTALL_TARGET}"/boot/grub "${INSTALL_TARGET}"/boot/grub.bak
rm -rf "${INSTALL_TARGET}"/boot/grub
echo -e "${HR}\nINSTALL BASE COMPLETE\n${HR}"

${TARGET_PACMAN} -S grub2-efi-x86_64

mv "${INSTALL_TARGET}"/etc/resolv.conf "${INSTALL_TARGET}"/etc/resolv.conf.orig
cp /etc/resolv.conf "${INSTALL_TARGET}"/etc/resolv.conf
#mv "${INSTALL_TARGET}"/etc/pacman.d/mirrorlist "${INSTALL_TARGET}"/etc/pacman.d/mirrorlist.orig
#cp /etc/pacman.d/mirrorlist "${INSTALL_TARGET}"/etc/pacman.d/mirrorlist
#mv "${INSTALL_TARGET}"/etc/pacman.conf "${INSTALL_TARGET}"/etc/pacman.conf.orig
#cp /etc/pacman.conf "${INSTALL_TARGET}"/etc/pacman.conf

# umount or things get confused. yes, really.
umount "${INSTALL_TARGET}"/boot/efi
umount "${INSTALL_TARGET}"/boot

# ------------------------------------------------------------------------
# Write Files
# ------------------------------------------------------------------------

# install_efi (to be run *after* chroot /install)
# ------------------------------------------------------------------------
touch "${INSTALL_TARGET}"/install_efi
chmod a+x "${INSTALL_TARGET}"/install_efi
cat > "${INSTALL_TARGET}"/install_efi <<EFIEOF
# remount here or grub et al gets confused
mkdir -p /boot
mount -t ext2 /dev/sdb1 /boot

mkdir -p /boot/efi
mount -t vfat /dev/sda1 /boot/efi

# ${PACMAN} -Su base

mkinitcpio -p linux
sed -i "s/#\(en_US\.UTF-8.*$\)/\1/" /etc/locale.gen
locale-gen

#pacman --noconfirm -R grub
#pacman --noconfirm -S grub2-efi-x86_64

${PACMAN} -Sy
${PACMAN} -R grub
cp -r /boot/grub /boot/grub.bak
rm -rf /boot/grub

${PACMAN} -S grub2-efi-x86_64

mkdir -p /boot/efi/EFI
grub-install --directory=/usr/lib/grub/x86_64-efi --target=x86_64-efi --root-directory=/boot/efi --bootloader-id=arch_grub --boot-directory=/boot --recheck --debug &>/boot/grub.log

if [[ "\$(cat "/sys/class/dmi/id/sys_vendor")" != 'Apple Inc.' ]] && [[ "\$(cat "/sys/class/dmi/id/sys_vendor")" != 'Apple Computer, Inc.' ]]; then
    for _bootnum in \$(efibootmgr | grep '^Boot[0-9]' | fgrep -i 'ARCH LINUX (GRUB2)' | cut -b5-8) ; do
        efibootmgr --bootnum "\${_bootnum}" --delete-bootnum
    done
    
    efibootmgr --verbose --create --gpt --disk /dev/sda --part 1 --write-signature --label 'ARCH LINUX (GRUB2)' --loader '\\EFI\\arch_grub\\grubx64.efi'
fi

#mkdir -p /boot/grub/fonts
#cp /usr/share/grub/unicode.pf2 /boot/grub/fonts

grub-mkconfig -o /boot/grub/grub.cfg

exit
EFIEOF

# fstab
# ------------------------------------------------------------------------
cat > "${INSTALL_TARGET}"/etc/fstab <<FSEOF
# 
# /etc/fstab: static file system information
#
# <file system>	<dir>	<type>	<options>	<dump>	<pass>
/dev/sda4	/	ext4	defaults,noatime,discard	0	1
tmpfs	/tmp	tmpfs	defaults,nodev,nosuid,mode=1777,size=7G		0	0
/dev/sdb1	/boot	ext2	defaults	0	0
/dev/sda1	/boot/efi	vfat	defaults	0	0
/dev/sda3	none	swap	swap	0	0
/dev/sdb3	/var	ext4	defaults,noatime	0	1
/dev/sdb2	/home	ext4	defaults,noatime	0	1
FSEOF

# ------------------------------------------------------------------------
# Install EFI
# ------------------------------------------------------------------------
chroot "${INSTALL_TARGET}" /install_efi
# rm "${INSTALL_TARGET}"/install_efi

/dev/sda = SSD
/dev/sdb = HDD

UEFI partition was already created by Windows. Gparted used for the rest.
So that is why some lines are comment.

Thanks!

Last edited by beta990 (2012-04-10 10:47:55)

the.ridikulus.rat · 2012-04-28 07:55:37

Archboot 2012.04-2 iso has support for setting up rEFInd+EFISTUB in the UEFISYS partition. That can be used as an alternative for GRUB2.

And http://releng.archlinux.org/isos/2012.04.27_11-37-49/ boots in UEFI mode via Archiso EFISTUB booting.

Last edited by the.ridikulus.rat (2012-04-28 07:58:41)

Fallback · 2012-07-11 19:53:57

I want to mention that the script isn't working on the new archboot 2012.06 „2k12-R3“ release because pacman want to use signed packages.

I will make a new script that uses gpg keyfiles.
https://wiki.archlinux.org/index.php/Dm … d_Keyfiles

daijizai · 2012-07-23 23:57:30

Fallback wrote:

I want to mention that the script isn't working on the new archboot 2012.06 „2k12-R3“ release because pacman want to use signed packages.
I will make a new script that uses gpg keyfiles.
https://wiki.archlinux.org/index.php/Dm … d_Keyfiles

in the tmp pacman.conf after line 119 you could just throw in a couple "SigLevel = Optional TrustAll" for the install process i imagine...

Arch Linux

#76 2012-04-06 07:45:37

Re: "Arch By Hand" UEFI GPT SSD LUKS Install Script

#77 2012-04-06 09:12:16

Re: "Arch By Hand" UEFI GPT SSD LUKS Install Script

#78 2012-04-06 09:23:22

Re: "Arch By Hand" UEFI GPT SSD LUKS Install Script

#79 2012-04-06 10:14:21

Re: "Arch By Hand" UEFI GPT SSD LUKS Install Script

#80 2012-04-06 15:55:33

Re: "Arch By Hand" UEFI GPT SSD LUKS Install Script

#81 2012-04-08 06:13:56

Re: "Arch By Hand" UEFI GPT SSD LUKS Install Script

#82 2012-04-08 16:40:30

Re: "Arch By Hand" UEFI GPT SSD LUKS Install Script

#83 2012-04-10 10:46:30

Re: "Arch By Hand" UEFI GPT SSD LUKS Install Script

#84 2012-04-28 07:55:37

Re: "Arch By Hand" UEFI GPT SSD LUKS Install Script

#85 2012-07-11 19:53:57

Re: "Arch By Hand" UEFI GPT SSD LUKS Install Script

#86 2012-07-23 23:57:30

Re: "Arch By Hand" UEFI GPT SSD LUKS Install Script

Board footer