diff options
| author | xengineering <me@xengineering.eu> | 2025-10-16 15:21:20 +0200 |
|---|---|---|
| committer | xengineering <me@xengineering.eu> | 2025-10-16 20:36:25 +0200 |
| commit | 3cad1aa44bd3e6ec13090de2d87c00d625c6520a (patch) | |
| tree | 130e3a489af82dd9d3902256c0fb631b6075f6a2 | |
| parent | 6b365ca625f5e726df97f47ce8ef45566d09e6bd (diff) | |
| download | website-3cad1aa44bd3e6ec13090de2d87c00d625c6520a.tar website-3cad1aa44bd3e6ec13090de2d87c00d625c6520a.tar.zst website-3cad1aa44bd3e6ec13090de2d87c00d625c6520a.zip | |
articles: arch-installation: Switch to UEFI
This is an incremental step towards secure boot and modernizes the boot
process. Furthermore less packages have to be installed, the bootloader
configuration is simpler and everything is file-based instead of `dd`ing
into the master boot record directly.
| -rw-r--r-- | content/articles/arch-installation.md | 52 |
1 files changed, 26 insertions, 26 deletions
diff --git a/content/articles/arch-installation.md b/content/articles/arch-installation.md index f8059a8..afcf4b5 100644 --- a/content/articles/arch-installation.md +++ b/content/articles/arch-installation.md @@ -20,22 +20,24 @@ file which can be written to a physical drive like an USB stick or SSD. The installation is based on the following design decisions. -- BIOS / legacy boot -- GPT-based partition table +- UEFI boot +- GUID-based partition table - full disc encryption - Btrfs root filesystem - only a minimalistic set of installed packages (no graphical environment) -Those might change in the future. UEFI boot based on a unified kernel image -would be appreciated to support secure boot but could not be achieved so far. +Those might change in the future. Secure boot with a unified kernel image is +appreciated but not yet implemented. #### Installation First a virtual drive is created as a file as a starting point for the VM -installation. +installation. Additionally a writable copy of the UEFI variables is created to +keep settings. ``` qemu-img create -f qcow2 archlinux.qcow2 8G +cp /usr/share/edk2/x64/OVMF_VARS.4m.fd . ``` It is expected that the Arch Linux `*.iso` installation image is downloaded, @@ -44,6 +46,14 @@ verified and saved in the same folder. See the [download page][3] for details. The installation image can be booted with `qemu-system-x86_64`. The just created virtual machine disk is attached as an additional drive. +It is important that immediately after the first UEFI screen is shown the `e` +key is pressed and ` console=ttyS0 <Enter>` is typed. This makes sure the +console is exposed via a virtual serial console bound to the host terminal. +Booting will take some time. + +This is annoying but worth it since it allows to copy and paste all subsequent +commands instead of typing them by hand. + ``` qemu-system-x86_64 \ -enable-kvm \ @@ -53,21 +63,11 @@ qemu-system-x86_64 \ -smp cpus=4 \ -nographic \ -boot order=d \ + -drive if=pflash,format=raw,readonly=on,file=/usr/share/edk2/x64/OVMF_CODE.4m.fd \ + -drive if=pflash,format=raw,file=OVMF_VARS.4m.fd \ -cdrom archlinux-*.iso ``` -On the first screen of the bootloader it needs to be specified that only the -serial console should be used which is mapped to the host terminal. For that -purpose the text below has to be typed before the bootloader picks the default -options. - -``` -<TAB> console=ttyS0 -``` - -This is annoying but worth it since it allows to copy and paste all subsequent -commands instead of typing them by hand. - After specifying the console the installation image should boot. Next the user `root` without password is used to log in. @@ -83,7 +83,7 @@ The virtual machine disk can be partitioned with `parted`. parted /dev/vda --script mklabel gpt parted /dev/vda --script mkpart primary fat32 1MiB 2GiB parted /dev/vda --script mkpart primary 2GiB 100% -parted /dev/vda --script set 1 legacy_boot on +parted /dev/vda --script set 1 boot on ``` The following commands format the second partition for use with Linux Unified @@ -129,7 +129,6 @@ pacstrap -K /mnt \ linux \ linux-firmware \ parted \ - syslinux \ btrfs-progs \ networkmanager \ chrony \ @@ -169,15 +168,14 @@ systemctl enable NetworkManager systemctl enable chronyd ``` -The `syslinux` bootloader is installed and configured. +The systemd bootloader is installed and configured. ``` -mkdir -p /boot/syslinux -cp /usr/lib/syslinux/bios/*.c32 /boot/syslinux/ -extlinux --install /boot/syslinux -dd bs=440 count=1 conv=notrunc if=/usr/lib/syslinux/bios/gptmbr.bin of=/dev/vda -cp /usr/share/syslinux/syslinux.cfg /boot/syslinux/ -sed -i 's|root=/dev/sda3 rw|cryptdevice=/dev/disk/by-label/CRYPTO_ROOT:root root=/dev/mapper/root console=ttyS0 rw|g' /boot/syslinux/syslinux.cfg +bootctl install +echo 'title Arch Linux +linux /vmlinuz-linux +initrd /initramfs-linux.img +options cryptdevice=/dev/disk/by-label/CRYPTO_ROOT:root root=/dev/mapper/root console=ttyS0 rw' > /boot/loader/entries/arch.conf ``` The initial RAM filesystem (`initramfs`) is configured and created to ensure @@ -221,6 +219,8 @@ qemu-system-x86_64 \ -nic user,model=virtio \ -drive file=archlinux.qcow2,media=disk,if=virtio \ -smp cpus=4 \ + -drive if=pflash,format=raw,readonly=on,file=/usr/share/edk2/x64/OVMF_CODE.4m.fd \ + -drive if=pflash,format=raw,file=OVMF_VARS.4m.fd \ -nographic ``` |