diff --git a/content/posts/uefi-netbsd-archlinux-dual-boot.md b/content/posts/uefi-netbsd-archlinux-dual-boot.md index c9cbb4a..81e003a 100644 --- a/content/posts/uefi-netbsd-archlinux-dual-boot.md +++ b/content/posts/uefi-netbsd-archlinux-dual-boot.md @@ -1,5 +1,5 @@ --- -title: "UEFI NetBSD Arch Linux Dual Boot" +title: "Dual-Boot NetBSD And Archlinux" date: 2024-07-18T20:32:52+02:00 slug: 2024-07-18-uefi-netbsd-archlinux-dual-boot type: posts @@ -37,32 +37,21 @@ In your working time, if your profession allows it. Working with a new tool is painful and frustrating. So certain discipline is required. -But once the initial pain goes, stuff becomes easier with time. +But once the initial pain goes away, stuff becomes easier with time. And the new tool becomes a little bit more familiar every day. Then, you can judge this tools by its own merits. With experience you can tell where this tool is stronger, and where is weaker. -With NetBSD I can use Darktable to edit and process my photos. +With NetBSD I can use [Darktable](https://www.darktable.org/) to edit and process my photos. Basic stuff like reading my e-mail and browse the web. -I can use my favorite password manager and synchronize the keyring it with my phone. +I can use my favorite [password manager](https://keepassxc.org/) and [synchronize](https://syncthing.net/) the keyring with my phone. But I can't use my Wacom tablet in NetBSD. -While, I can do some photo editing with it, NetBSD is not really meant to do artistic stuff with it. +While, I can do some photo editing with it, NetBSD is not really meant to do artwork with it. Probably, NetBSD has been heavily tested with server workloads, but not so much with desktop ones. And hardware support is not comparable with Linux. -So, If you want to draw stuff with your compute, I wouldn't recommend NetBSD. - -Now, you see, I'm a big computer nerd. -I have multiple old laptops that have been literally "resurrected" from death with a libre OS. -I do have a lot of experience with sysadmin stuff and I know how to fix my OSes. -I can smell a potentially dangerous stuff for my workflow and backup what I need, and experiment with little risk. -I've lost a drive from one of my laptops without losing any data, because I do have serious backup strategies for my personal stuff. -Specially for photo editing and drawing. - -I'm sure that professional photographers take better photos than me. -And I'm equally sure their backups strategy are way more expensive and/or weaker than mine. -Even if losing some photos means very little for me. +So, If you want to draw stuff with your computer, I wouldn't recommend NetBSD. So, in order to keep using NetBSD and have the ability to fallback to a more familiar OS when needed, I've decided to dual-boot Archlinux and NetBSD. @@ -71,9 +60,9 @@ This is a tutorial that I've written to myself to do this. # Arch Linux Installation This blog post have been written with a virtual machine to keep track of the steps and test them. -In this kind of environment, is better to use the serial port for terminal, than the virtual screen. +In this kind of environment, is better to use the serial port for terminal, rather than the virtual screen. -Once the arch installer image boot, you may use the serial port. +Once the arch installer image boots, you may use the serial port. ``` # systemctl start serial-getty@ttyS0.service @@ -82,7 +71,7 @@ Once the arch installer image boot, you may use the serial port. This tutorial assumes two drives in a machine, which is the setup of my laptop. It could be done with a single drive though. -See disks what disks you have available: +Let's see what disks we have available: ``` # fdisk -l @@ -113,9 +102,9 @@ It's a FAT partition that contains binaries that loads your OS. It may contain configuration and data files too. In this partition we are going to put the boot-loaders for Archlinux and NetBSD. -And also we are going to install here rEFInd, a tool that helps us to manage and boot different OSes. +Also, here we are going to install [rEFInd](https://www.rodsbooks.com/refind/), a tool that helps us to manage and boot different OSes. -In theory we could use the boot menu from the machine firmware. +In theory, we could use the boot menu from the machine firmware. Or GRUB, or something similar. So rEFInd is not mandatory, but it will give us a nicer graphical boot menu to select what OS we want to use. @@ -155,7 +144,7 @@ Device Start End Sectors Size Type /dev/vda3 16779264 67106815 50327552 24G Linux filesystem ``` -In this case and EFI partition of 4GiB. +In this case I've created an EFI partition of 4GiB. A Linux `/boot` partition of 4GiB. And 24GiB for `/` and other filesystems of Archlinux. @@ -185,22 +174,20 @@ And LVM will make logical volumes out of that partition. # cryptsetup open /dev/vda3 cryptlvm ``` -Usually here I use 4 random words a la diceware, for the passphrase. +Usually, I use 4 random words [a la diceware](https://diceware.dmuth.org/) for the passphrase. That's not a very strong passphrase. But I believe it's good enough for off-line stuff, like a encrypted drive. -You see, my threat model is based on very probable stuff, like some thief stealing my laptop. -So my threat model doesn't consider state-sponsored agents trying to break into my drives. -If a totalitarian regime wants to access my data, they will send their minions to kidnap me, instead of breaking my encryption. - For internet stuff, where malicious actors do have access to credentials sometimes, I use a password manager. And 24 to 32 random characters as the passwords. With 2FA when possible. -But for the drive encryption I don't recommend a password too hard to remember. +But for the drive encryption, I don't recommend a password too hard to remember. And, unlike some advice on The Internet, I do recommend writing the passphrase in a piece of paper, and store it with other important documents. If you are not a state-level target, that's good enough. +If you need a strong password, 7 diceware words should be enough for everybody. + Now, we create the LVM group with the logical volumes. ``` @@ -221,7 +208,7 @@ Then, we create the filesystems for it. ``` Then, mount everything under new rootfs. -As the Archlinux installation guide suggest, we are going to use `/mnt` as the new root filesystem. +As the [Archlinux installation guide](https://wiki.archlinux.org/title/Installation_guide#) suggest, we are going to use `/mnt` as the new root filesystem. ``` # mount /dev/arch/root /mnt @@ -307,6 +294,9 @@ So your kernel parameters should look like this. GRUB_CMDLINE_LINUX_DEFAULT="loglevel=3 cryptdevice=UUID=83e10b9c-2420-4b23-b8a5-3e0a09749f52:cryptlvm root=/dev/arch/root" ``` +Of course, you replace my partition UUID with yours. +You print that with `blkid`. + If it's good, we proceed to make the GRUB configuration. ``` @@ -323,7 +313,7 @@ We need NetBSD in this computer too. # Install NetBSD -I've already written a guide to install NetBSD, with encrypted partitions. +I've already written a guide to install [NetBSD with encrypted partitions](https://vsis.online/posts/2024-05-27-uefi-full-disk-encryption/). This will be almost the same, with a few differences for EFI configuration. The first thing: we need to know the available drives. @@ -335,6 +325,10 @@ The first thing: we need to know the available drives. ``` Of course, it puts different names for the drives. +`ld0` and `ld1` are the name of my virtual drives in this machine. +Yours may be different. +Keep in mind those differences in names. + We need to make sure we are formatting and writing in the right drive. ``` @@ -353,7 +347,7 @@ Assuming `ld1` is the right one. ``` Here stuff may get complicated. -Since we have created new partition, the numbers of `dk*` will change. +Since we have created new partitions, the numbers of `dk*` will change. So you have to list the wedges again and make sure that you are going to format the right ones. ``` @@ -419,8 +413,8 @@ Then, proceed with the new encrypted CGD device. # disklabel -Ii cgd0 # echo 'cgd0 NAME=syscgd /etc/cgd/syscgd' > /targetroot/etc/cgd/cgd.conf ``` -These steps are better explained in my last blog entry, and the documentation. -After the `disklabel -Ii cgd0` part you should have the partitions for the protected drives. +These steps are better explained in [my last blog entry](https://vsis.online/posts/2024-05-27-uefi-full-disk-encryption/), and [the documentation](https://www.netbsd.org/docs/guide/en/chap-cgd.html). +After the `disklabel -Ii cgd0` part you should have the partitions for the protected CGD device. I usually use `cgd0a` for `/var`, `cgd0b` for swap, `cgd0e` for `/usr`, and `cgd0f` for `/home`. Let's test our new CGD device. @@ -520,8 +514,8 @@ Then we add the kernel to EFI partition. You see, this part may not be needed. Maybe because of UEFI firmware issues, the second drive was not available always in bootloader runtime. -So, couldn't read the kernel from the second drive. -I added the kernel to the EFI drive and, if your recall it, we told the bootloader to find root filesystem in `root NAME=NetBSD`. +So, [I couldn't read the kernel from the second drive](https://mastodon.bsd.cafe/deck/@release_candidate/112899481162302628). +I added the kernel to the EFI drive and, if you recall it, we told the bootloader to find root filesystem in `root NAME=NetBSD`. ``` cp -v /targetroot/netbsd /mnt @@ -547,7 +541,7 @@ Then shutdown or reboot: At this point, you have Archlinux and NetBSD installed in your system. you could add a new `menuentry` in GRUB to access NetBSD. -Or you could use the boot menu from your UEFI firmware. +Or you could use the boot menu from your machine firmware. I will use rEFInd to have a nice menu where I can select the OS. @@ -570,3 +564,6 @@ But I'm too familiar with Linux, so I have to go outside my comfort zone. NetBSD is an amazing OS. Simple, consistent, documented and straightforward. But I have to use it more, so it becomes familiar to me. + +Dual-boot is a good way to force yourself to use a different OS, with the fallback in case you need your familiar one. +That's why a lot of people dual-boot Windows and some Linux distro.