How to install Void Linux with Full Single Disk Encryption (GPT, UEFI, LVM on LUKS1)

2020-05-25

(last time edited: 2021-03-14)

tags: linux, void

Void Linux is a general purpose operating system, based on the monolithic Linux® kernel. Its package system allows you to quickly install, update and remove software; software is provided in binary packages or can be built directly from sources with the help of the XBPS source packages collection.

It is available for the Intel x86®, ARM® and MIPS® processor architectures. Software packages can be built natively or cross compiled through the XBPS source packages collection

At the end of this guide you will have a setup like this:

Download

Download a live image from here.

Choose between the multiple architectures and flavours offered. (x86_64, x86_64-musl, i686, pcc64, pcc64-musl, aarch64-musl, etc.)

Burn

Check your connected storage devices.

# lsblk

Burn the live image.

# dd if=voiddistro.iso of=/dev/sdX

Reboot

# reboot

Boot

Boot the USB and log in using the following credentials:

user: root
password: voidlinux

Update

Update your live image.

# xbps-install -Su xbps

Partition

Check your connected devices.

# lsblk

Partition your device using fdisk.

# fdisk /dev/sdX

Create a new GPT partition table.

Command (m for help): g

Created a new GPT disklabel with disk identifier XxXXXXXXXXXXXX

Create the first partition. This will be your EFI partition. Choose a considerable size. (+200M, +300M)

Command (m for help): n

Partition number (1-128, default 1): 1

First sector (2048-xxxxxxxxxxxx, default 2048): ENTER

Last sector, +-sectors or +/-size{K,M,G,T,P} (2048-xxxxxxxxx, default xxxxxxxxx): +350M

Created a new partition 1 of type 'xxxxxxxxx' and of size 350 MiB.

Create a second partition. This will be your LUKS partition.

Command (m for help): n

Partition number (2-128, default 2): 2

First sector (xxxxxxxxxxxx-xxxxxxxxxxxxx, default xxxxxxxxxx): ENTER

Last sector, +/-sectors or +/-size{K,M,G,T,P} (xxxxxxxxx-xxxxxxxx, default xxxxxxxxx): ENTER

Created a new partition 2 of type 'xxxxx' and of size XXXXXX GiB.

Write changes and exit

Command (m for help): w

The partition table has been altered.
Calling iotcl() to re-read partition table.
Syncing disks.

Re-read the partition table so the Linux kernel see the changes.

# kpartx /dev/sdX

Encrypt

Initialize LUKS on the single partition.

# cryptsetup luksFormat --type luks1 /dev/sdX2

Open the partition. You can assign whatever label you want instead of voidcrypt.

# cryptsetup open /dev/sdX1 voidluks

Initialize a physical volume.

# pvcreate /dev/mapper/voidluks

Create a volume group. You can assign whatever label you want instead of voidluks.

# vgcreate voidvg /dev/mapper/voidluks

Create a logical volume for root. You can choose the size you want instead of 50G.

# lvcreate -n root -L 50G voidvg

Optional: Create a logical volume for swap. It's only recommended when you don't have a lot of RAM.

The Void community recommends 2 times the amount of RAM for systems with less than 2 GB. Equal to the amount of RAM for 2-8GB systems. And 4GB for systems with more than 8GB.

# lvcreate -n swap -L 4G voidvg

Create a logical volume for home designating all of the free space left.

# lvcreate -n home -l 100%FREE voidvg

Format

Format the EFI partition and logical volumes.

# mkfs.vfat /dev/sdX1

# mkfs.ext4 /dev/mapper/voidvg-root

Optional: Activate swap if you created a swap partition.

# mkswap /dev/mapper/voidvg-swap

# mkfs.ext4 /dev/mapper/voidvg-home

Mount

Create a directory to start working on your new system.

# mkdir /mnt/nusys

Mount the root logical volume.

# mount /dev/mapper/voidvg-root /mnt/nusys

Create a home directory in the mounted root volume.

# mkdir /mnt/nusys/home

Mount the home logical volume.

# mount /dev/mapper/voidvg-home /mnt/nusys/home

Mount Bind

Bind mount important directories on your new system.

# for DIR in proc sys dev; do mkdir /mnt/nusys/$DIR; done

# mount -t proc /proc /mnt/nusys/proc

# mount -t sysfs /sys /mnt/nusys/sys

# mount -B /dev /mnt/nusys/dev

# mount -t devpts pts /mnt/nusys/dev/pts

Install

Install base-system, linux, GRUB, cryptsetup and lvm2.

# xbps-install -S -R https://alpha.de.repo.voidlinux.org/current -r /mnt/void base-system linux grub lvm2 cryptsetup

Fstab

With the following commands we will tell our new system where to look for devices when we boot.

# echo tmpfs /tmp tmpfs defaults 0 0 > /mnt/nusys/etc/fstab

# echo /dev/mapper/voidvg-root / ext4 defaults 0 0 >> /mnt/nusys/etc/fstab

Optional: Add swap to fstab if you created a swap partition.

# echo /dev/mapper/voidvg-swap none swap defaults 0 0 >> /mnt/nusys/etc/fstab

# echo /dev/mapper/voidvg-home /home ext4 defaults 0 0 >> /mnt/nusys/etc/fstab

Mount EFI

# chroot /mnt/nusys mkdir -p /boot/efi

# chroot /mnt/nusys mount /boot/efi

GRUB

Edit GRUB's configuration file so it can read LUKS root.

# sed -i "/GRUB_CMDLINE.*=/s/\"$/ rd.auto=1&/" /mnt/nusys/etc/default/grub

Install GRUB.

# chroot /mnt/nusys grub-install /dev/sdX

Create a configuration file for GRUB.

# chroot /mnt/nusys grub-mkconfig -o /boot/grub/grub.cfg

User Creation

Create your user.

# chroot /mnt/nusys useradd -m yourusername

Assign a password to your user.

# chroot /mnt/nusys passwd yourusername

Root Password

Assign a password to the root account.

# chroot /mnt/nusys passwd root

System Configuration

Edit hostname and rc configuration.

# echo void > /mnt/nusys/etc/hostname

# echo HOSTNAME=void > /mnt/nusys/etc/rc.conf

# echo HARDWARECLOCK=localtime >> /mnt/nusys/etc/rc.conf

# echo TIMEZONE=US/Michigan >> /mnt/nusys/etc/rc.conf

# echo KEYMAP=us >> /mnt/nusys/etc/rc.conf

Add your user to important user groups.

# chroot /mnt/nusys usermod -G audio,video,input -a yourusername

Configure locales only if you are installing a glibc Void Linux version.

# echo LANG=en_US.UTF-8 > /mnt/void/etc/locale.conf

# echo en_US.UTF-8 UTF-8 > /mnt/void/etc/default/libc-locales

# xbps-reconfigure -r /mnt/void -f glibc-locales

Services

Activate the dhcpcd service for ethernet networking.

# chroot /mnt/nusys ln -s /etc/sv/dhcpcd /etc/runit/runsvdir/current

Reboot

The system will unmount everything when you send a reboot command.

Just run:

# reboot

And make sure to disconnect the USB drive before it boots.