diff --git a/src/installation/guides/fde.md b/src/installation/guides/fde.md index 7eedbfe38..064749e7f 100644 --- a/src/installation/guides/fde.md +++ b/src/installation/guides/fde.md @@ -122,27 +122,9 @@ On a UEFI system, the EFI system partition also needs to be mounted. Before we enter the chroot to finish up configuration, we do the actual install. -`xbps-install` might ask you to [verify the RSA -keys](../../xbps/troubleshooting/common-issues.md#verifying-rsa-keys) for the -packages you are installing. - -``` -# xbps-install -Sy -R https://alpha.de.repo.voidlinux.org/current -r /mnt base-system lvm2 cryptsetup grub -[*] Updating `https://alpha.de.repo.voidlinux.org/current/x86_64-repodata' ... -x86_64-repodata: 1661KB [avg rate: 2257KB/s] -`https://alpha.de.repo.voidlinux.org/current' repository has been RSA signed by "Void Linux" -Fingerprint: 60:ae:0c:d6:f0:95:17:80:bc:93:46:7a:89:af:a3:2d -Do you want to import this public key? [Y/n] y -130 packages will be downloaded: -... -``` - -UEFI systems will have a slightly different package selection. The installation -command for a UEFI system will be as follows. - -``` -# xbps-install -Sy -R https://alpha.de.repo.voidlinux.org/current -r /mnt base-system cryptsetup grub-x86_64-efi lvm2 -``` +Follow the instructions for a [base installation](chroot.md#base-installation) +to install the `base-system` package together with the packages needed for this +guide: `lvm2` and `cryptsetup`. When it's done, we can enter the `chroot` and finish up the configuration. @@ -174,26 +156,6 @@ UEFI systems will also have an entry for the EFI system partition. /dev/sda1 /boot/efi vfat defaults 0 0 ``` -Next, configure GRUB to be able to unlock the filesystem. Add the following line -to `/etc/default/grub`: - -``` -GRUB_ENABLE_CRYPTODISK=y -``` - -Next, the kernel needs to be configured to find the encrypted device. First, -find the UUID of the device. - -``` -# blkid -o value -s UUID /dev/sda1 -135f3c06-26a0-437f-a05e-287b036440a4 -``` - -Edit the `GRUB_CMDLINE_LINUX_DEFAULT=` line in `/etc/default/grub` and add -`rd.lvm.vg=voidvm rd.luks.uuid=` to it. Make sure the UUID matches the one -for the `sda1` device found in the output of the -[blkid(8)](https://man.voidlinux.org/blkid.8) command above. - And now to avoid having to enter the password twice on boot, a key will be configured to automatically unlock the encrypted volume on boot. First, generate a random key. @@ -233,12 +195,35 @@ a new file at `/etc/dracut.conf.d/10-crypt.conf` with the following line: install_items+=" /boot/volume.key /etc/crypttab " ``` -Next, install the boot loader to the disk. +Next, install the bootloader, see the instructions on [Installing +GRUB](chroot.md#installing-grub) to install the correct GRUB package for your +system, but do not install it on the disk just yet (with `grub-install`) as we +will need to modify it's configuration before doing so. + +After installing the correct GRUB package, configure GRUB to be able to unlock +the filesystem. Add the following line to `/etc/default/grub`: + +``` +GRUB_ENABLE_CRYPTODISK=y +``` + +Next, the kernel needs to be configured to find the encrypted device. First, +find the UUID of the device. ``` -# grub-install /dev/sda +# blkid -o value -s UUID /dev/sda1 +135f3c06-26a0-437f-a05e-287b036440a4 ``` +Edit the `GRUB_CMDLINE_LINUX_DEFAULT=` line in `/etc/default/grub` and add +`rd.lvm.vg=voidvm rd.luks.uuid=` to it. Make sure the UUID matches the one +for the `sda1` device found in the output of the +[blkid(8)](https://man.voidlinux.org/blkid.8) command above. + +Next, install the bootloader onto the disk using the correct `grub-install` +command for your system, as explained in the ["Installing +GRUB"](chroot.md#installing-grub) section. + Ensure an initramfs is generated: ```