dualboot: fix some text and add links
This commit is contained in:
parent
27a3a3d5a6
commit
d4fdfd0cf8
1 changed files with 34 additions and 37 deletions
|
@ -1,5 +1,5 @@
|
||||||
---
|
---
|
||||||
title: "UEFI NetBSD Arch Linux Dual Boot"
|
title: "Dual-Boot NetBSD And Archlinux"
|
||||||
date: 2024-07-18T20:32:52+02:00
|
date: 2024-07-18T20:32:52+02:00
|
||||||
slug: 2024-07-18-uefi-netbsd-archlinux-dual-boot
|
slug: 2024-07-18-uefi-netbsd-archlinux-dual-boot
|
||||||
type: posts
|
type: posts
|
||||||
|
@ -37,32 +37,21 @@ In your working time, if your profession allows it.
|
||||||
Working with a new tool is painful and frustrating.
|
Working with a new tool is painful and frustrating.
|
||||||
So certain discipline is required.
|
So certain discipline is required.
|
||||||
|
|
||||||
But once the initial pain goes, stuff becomes easier with time.
|
But once the initial pain goes away, stuff becomes easier with time.
|
||||||
And the new tool becomes a little bit more familiar every day.
|
And the new tool becomes a little bit more familiar every day.
|
||||||
|
|
||||||
Then, you can judge this tools by its own merits.
|
Then, you can judge this tools by its own merits.
|
||||||
With experience you can tell where this tool is stronger, and where is weaker.
|
With experience you can tell where this tool is stronger, and where is weaker.
|
||||||
|
|
||||||
With NetBSD I can use Darktable to edit and process my photos.
|
With NetBSD I can use [Darktable](https://www.darktable.org/) to edit and process my photos.
|
||||||
Basic stuff like reading my e-mail and browse the web.
|
Basic stuff like reading my e-mail and browse the web.
|
||||||
I can use my favorite password manager and synchronize the keyring it with my phone.
|
I can use my favorite [password manager](https://keepassxc.org/) and [synchronize](https://syncthing.net/) the keyring with my phone.
|
||||||
|
|
||||||
But I can't use my Wacom tablet in NetBSD.
|
But I can't use my Wacom tablet in NetBSD.
|
||||||
While, I can do some photo editing with it, NetBSD is not really meant to do artistic stuff with it.
|
While, I can do some photo editing with it, NetBSD is not really meant to do artwork with it.
|
||||||
Probably, NetBSD has been heavily tested with server workloads, but not so much with desktop ones.
|
Probably, NetBSD has been heavily tested with server workloads, but not so much with desktop ones.
|
||||||
And hardware support is not comparable with Linux.
|
And hardware support is not comparable with Linux.
|
||||||
So, If you want to draw stuff with your compute, I wouldn't recommend NetBSD.
|
So, If you want to draw stuff with your computer, I wouldn't recommend NetBSD.
|
||||||
|
|
||||||
Now, you see, I'm a big computer nerd.
|
|
||||||
I have multiple old laptops that have been literally "resurrected" from death with a libre OS.
|
|
||||||
I do have a lot of experience with sysadmin stuff and I know how to fix my OSes.
|
|
||||||
I can smell a potentially dangerous stuff for my workflow and backup what I need, and experiment with little risk.
|
|
||||||
I've lost a drive from one of my laptops without losing any data, because I do have serious backup strategies for my personal stuff.
|
|
||||||
Specially for photo editing and drawing.
|
|
||||||
|
|
||||||
I'm sure that professional photographers take better photos than me.
|
|
||||||
And I'm equally sure their backups strategy are way more expensive and/or weaker than mine.
|
|
||||||
Even if losing some photos means very little for me.
|
|
||||||
|
|
||||||
So, in order to keep using NetBSD and have the ability to fallback to a more familiar OS when needed, I've decided to dual-boot Archlinux and NetBSD.
|
So, in order to keep using NetBSD and have the ability to fallback to a more familiar OS when needed, I've decided to dual-boot Archlinux and NetBSD.
|
||||||
|
|
||||||
|
@ -71,9 +60,9 @@ This is a tutorial that I've written to myself to do this.
|
||||||
# Arch Linux Installation
|
# Arch Linux Installation
|
||||||
|
|
||||||
This blog post have been written with a virtual machine to keep track of the steps and test them.
|
This blog post have been written with a virtual machine to keep track of the steps and test them.
|
||||||
In this kind of environment, is better to use the serial port for terminal, than the virtual screen.
|
In this kind of environment, is better to use the serial port for terminal, rather than the virtual screen.
|
||||||
|
|
||||||
Once the arch installer image boot, you may use the serial port.
|
Once the arch installer image boots, you may use the serial port.
|
||||||
|
|
||||||
```
|
```
|
||||||
# systemctl start serial-getty@ttyS0.service
|
# systemctl start serial-getty@ttyS0.service
|
||||||
|
@ -82,7 +71,7 @@ Once the arch installer image boot, you may use the serial port.
|
||||||
This tutorial assumes two drives in a machine, which is the setup of my laptop.
|
This tutorial assumes two drives in a machine, which is the setup of my laptop.
|
||||||
It could be done with a single drive though.
|
It could be done with a single drive though.
|
||||||
|
|
||||||
See disks what disks you have available:
|
Let's see what disks we have available:
|
||||||
|
|
||||||
```
|
```
|
||||||
# fdisk -l
|
# fdisk -l
|
||||||
|
@ -113,9 +102,9 @@ It's a FAT partition that contains binaries that loads your OS.
|
||||||
It may contain configuration and data files too.
|
It may contain configuration and data files too.
|
||||||
|
|
||||||
In this partition we are going to put the boot-loaders for Archlinux and NetBSD.
|
In this partition we are going to put the boot-loaders for Archlinux and NetBSD.
|
||||||
And also we are going to install here rEFInd, a tool that helps us to manage and boot different OSes.
|
Also, here we are going to install [rEFInd](https://www.rodsbooks.com/refind/), a tool that helps us to manage and boot different OSes.
|
||||||
|
|
||||||
In theory we could use the boot menu from the machine firmware.
|
In theory, we could use the boot menu from the machine firmware.
|
||||||
Or GRUB, or something similar.
|
Or GRUB, or something similar.
|
||||||
So rEFInd is not mandatory, but it will give us a nicer graphical boot menu to select what OS we want to use.
|
So rEFInd is not mandatory, but it will give us a nicer graphical boot menu to select what OS we want to use.
|
||||||
|
|
||||||
|
@ -155,7 +144,7 @@ Device Start End Sectors Size Type
|
||||||
/dev/vda3 16779264 67106815 50327552 24G Linux filesystem
|
/dev/vda3 16779264 67106815 50327552 24G Linux filesystem
|
||||||
```
|
```
|
||||||
|
|
||||||
In this case and EFI partition of 4GiB.
|
In this case I've created an EFI partition of 4GiB.
|
||||||
A Linux `/boot` partition of 4GiB.
|
A Linux `/boot` partition of 4GiB.
|
||||||
And 24GiB for `/` and other filesystems of Archlinux.
|
And 24GiB for `/` and other filesystems of Archlinux.
|
||||||
|
|
||||||
|
@ -185,22 +174,20 @@ And LVM will make logical volumes out of that partition.
|
||||||
# cryptsetup open /dev/vda3 cryptlvm
|
# cryptsetup open /dev/vda3 cryptlvm
|
||||||
```
|
```
|
||||||
|
|
||||||
Usually here I use 4 random words a la diceware, for the passphrase.
|
Usually, I use 4 random words [a la diceware](https://diceware.dmuth.org/) for the passphrase.
|
||||||
That's not a very strong passphrase.
|
That's not a very strong passphrase.
|
||||||
But I believe it's good enough for off-line stuff, like a encrypted drive.
|
But I believe it's good enough for off-line stuff, like a encrypted drive.
|
||||||
|
|
||||||
You see, my threat model is based on very probable stuff, like some thief stealing my laptop.
|
|
||||||
So my threat model doesn't consider state-sponsored agents trying to break into my drives.
|
|
||||||
If a totalitarian regime wants to access my data, they will send their minions to kidnap me, instead of breaking my encryption.
|
|
||||||
|
|
||||||
For internet stuff, where malicious actors do have access to credentials sometimes, I use a password manager.
|
For internet stuff, where malicious actors do have access to credentials sometimes, I use a password manager.
|
||||||
And 24 to 32 random characters as the passwords.
|
And 24 to 32 random characters as the passwords.
|
||||||
With 2FA when possible.
|
With 2FA when possible.
|
||||||
|
|
||||||
But for the drive encryption I don't recommend a password too hard to remember.
|
But for the drive encryption, I don't recommend a password too hard to remember.
|
||||||
And, unlike some advice on The Internet, I do recommend writing the passphrase in a piece of paper, and store it with other important documents.
|
And, unlike some advice on The Internet, I do recommend writing the passphrase in a piece of paper, and store it with other important documents.
|
||||||
If you are not a state-level target, that's good enough.
|
If you are not a state-level target, that's good enough.
|
||||||
|
|
||||||
|
If you need a strong password, 7 diceware words should be enough for everybody.
|
||||||
|
|
||||||
Now, we create the LVM group with the logical volumes.
|
Now, we create the LVM group with the logical volumes.
|
||||||
|
|
||||||
```
|
```
|
||||||
|
@ -221,7 +208,7 @@ Then, we create the filesystems for it.
|
||||||
```
|
```
|
||||||
|
|
||||||
Then, mount everything under new rootfs.
|
Then, mount everything under new rootfs.
|
||||||
As the Archlinux installation guide suggest, we are going to use `/mnt` as the new root filesystem.
|
As the [Archlinux installation guide](https://wiki.archlinux.org/title/Installation_guide#) suggest, we are going to use `/mnt` as the new root filesystem.
|
||||||
|
|
||||||
```
|
```
|
||||||
# mount /dev/arch/root /mnt
|
# mount /dev/arch/root /mnt
|
||||||
|
@ -307,6 +294,9 @@ So your kernel parameters should look like this.
|
||||||
GRUB_CMDLINE_LINUX_DEFAULT="loglevel=3 cryptdevice=UUID=83e10b9c-2420-4b23-b8a5-3e0a09749f52:cryptlvm root=/dev/arch/root"
|
GRUB_CMDLINE_LINUX_DEFAULT="loglevel=3 cryptdevice=UUID=83e10b9c-2420-4b23-b8a5-3e0a09749f52:cryptlvm root=/dev/arch/root"
|
||||||
```
|
```
|
||||||
|
|
||||||
|
Of course, you replace my partition UUID with yours.
|
||||||
|
You print that with `blkid`.
|
||||||
|
|
||||||
If it's good, we proceed to make the GRUB configuration.
|
If it's good, we proceed to make the GRUB configuration.
|
||||||
|
|
||||||
```
|
```
|
||||||
|
@ -323,7 +313,7 @@ We need NetBSD in this computer too.
|
||||||
|
|
||||||
# Install NetBSD
|
# Install NetBSD
|
||||||
|
|
||||||
I've already written a guide to install NetBSD, with encrypted partitions.
|
I've already written a guide to install [NetBSD with encrypted partitions](https://vsis.online/posts/2024-05-27-uefi-full-disk-encryption/).
|
||||||
This will be almost the same, with a few differences for EFI configuration.
|
This will be almost the same, with a few differences for EFI configuration.
|
||||||
|
|
||||||
The first thing: we need to know the available drives.
|
The first thing: we need to know the available drives.
|
||||||
|
@ -335,6 +325,10 @@ The first thing: we need to know the available drives.
|
||||||
```
|
```
|
||||||
|
|
||||||
Of course, it puts different names for the drives.
|
Of course, it puts different names for the drives.
|
||||||
|
`ld0` and `ld1` are the name of my virtual drives in this machine.
|
||||||
|
Yours may be different.
|
||||||
|
Keep in mind those differences in names.
|
||||||
|
|
||||||
We need to make sure we are formatting and writing in the right drive.
|
We need to make sure we are formatting and writing in the right drive.
|
||||||
|
|
||||||
```
|
```
|
||||||
|
@ -353,7 +347,7 @@ Assuming `ld1` is the right one.
|
||||||
```
|
```
|
||||||
|
|
||||||
Here stuff may get complicated.
|
Here stuff may get complicated.
|
||||||
Since we have created new partition, the numbers of `dk*` will change.
|
Since we have created new partitions, the numbers of `dk*` will change.
|
||||||
So you have to list the wedges again and make sure that you are going to format the right ones.
|
So you have to list the wedges again and make sure that you are going to format the right ones.
|
||||||
|
|
||||||
```
|
```
|
||||||
|
@ -419,8 +413,8 @@ Then, proceed with the new encrypted CGD device.
|
||||||
# disklabel -Ii cgd0
|
# disklabel -Ii cgd0
|
||||||
# echo 'cgd0 NAME=syscgd /etc/cgd/syscgd' > /targetroot/etc/cgd/cgd.conf
|
# echo 'cgd0 NAME=syscgd /etc/cgd/syscgd' > /targetroot/etc/cgd/cgd.conf
|
||||||
```
|
```
|
||||||
These steps are better explained in my last blog entry, and the documentation.
|
These steps are better explained in [my last blog entry](https://vsis.online/posts/2024-05-27-uefi-full-disk-encryption/), and [the documentation](https://www.netbsd.org/docs/guide/en/chap-cgd.html).
|
||||||
After the `disklabel -Ii cgd0` part you should have the partitions for the protected drives.
|
After the `disklabel -Ii cgd0` part you should have the partitions for the protected CGD device.
|
||||||
I usually use `cgd0a` for `/var`, `cgd0b` for swap, `cgd0e` for `/usr`, and `cgd0f` for `/home`.
|
I usually use `cgd0a` for `/var`, `cgd0b` for swap, `cgd0e` for `/usr`, and `cgd0f` for `/home`.
|
||||||
|
|
||||||
Let's test our new CGD device.
|
Let's test our new CGD device.
|
||||||
|
@ -520,8 +514,8 @@ Then we add the kernel to EFI partition.
|
||||||
You see, this part may not be needed.
|
You see, this part may not be needed.
|
||||||
|
|
||||||
Maybe because of UEFI firmware issues, the second drive was not available always in bootloader runtime.
|
Maybe because of UEFI firmware issues, the second drive was not available always in bootloader runtime.
|
||||||
So, couldn't read the kernel from the second drive.
|
So, [I couldn't read the kernel from the second drive](https://mastodon.bsd.cafe/deck/@release_candidate/112899481162302628).
|
||||||
I added the kernel to the EFI drive and, if your recall it, we told the bootloader to find root filesystem in `root NAME=NetBSD`.
|
I added the kernel to the EFI drive and, if you recall it, we told the bootloader to find root filesystem in `root NAME=NetBSD`.
|
||||||
|
|
||||||
```
|
```
|
||||||
cp -v /targetroot/netbsd /mnt
|
cp -v /targetroot/netbsd /mnt
|
||||||
|
@ -547,7 +541,7 @@ Then shutdown or reboot:
|
||||||
|
|
||||||
At this point, you have Archlinux and NetBSD installed in your system.
|
At this point, you have Archlinux and NetBSD installed in your system.
|
||||||
you could add a new `menuentry` in GRUB to access NetBSD.
|
you could add a new `menuentry` in GRUB to access NetBSD.
|
||||||
Or you could use the boot menu from your UEFI firmware.
|
Or you could use the boot menu from your machine firmware.
|
||||||
|
|
||||||
I will use rEFInd to have a nice menu where I can select the OS.
|
I will use rEFInd to have a nice menu where I can select the OS.
|
||||||
|
|
||||||
|
@ -570,3 +564,6 @@ But I'm too familiar with Linux, so I have to go outside my comfort zone.
|
||||||
NetBSD is an amazing OS.
|
NetBSD is an amazing OS.
|
||||||
Simple, consistent, documented and straightforward.
|
Simple, consistent, documented and straightforward.
|
||||||
But I have to use it more, so it becomes familiar to me.
|
But I have to use it more, so it becomes familiar to me.
|
||||||
|
|
||||||
|
Dual-boot is a good way to force yourself to use a different OS, with the fallback in case you need your familiar one.
|
||||||
|
That's why a lot of people dual-boot Windows and some Linux distro.
|
||||||
|
|
Loading…
Reference in a new issue