Difference between pages "Rootfs over encrypted lvm over raid-1 on GPT" and "Funtoo Linux Installation on ARM"

From Funtoo
(Difference between pages)
Jump to: navigation, search
(*its)
 
(Setting the default root password)
 
Line 1: Line 1:
This howto describes how to setup LVM and rootfs with cryptoLUKS-encrypted raid-1 over drive with GPT
+
Funtoo now provides [http://ftp.osuosl.org/pub/funtoo/funtoo-current/arm-32bit/ stage3 images] for arm platform. At this time are only armv6j_hardfp and armv7a_hardfp stages available. If you would like us to support other processors (see the list below), please fill a bug report on [http://bugs.funtoo.org].
= Rootfs over encrypted lvm over raid-1 on GPT =
+
  
To start read [[Rootfs_over_encrypted_lvm|Rootfs over encrypted lvm]]
 
  
How to prepare the hard disk for GPT read [[Funtoo_Linux_Installation#GPT_Partitions|Funtoo Linux Installation on GPT_Partitions]].
+
== List of ARM processor "flavors" ==
For example, installing a new system on /dev/sdb Be careful ;) I warned you!
+
* armv4l-unknown-linux-gnu (Rebel NetWinder, HP Armada and other devices having an ARMv4 processor, which is only capable of running the old ABI. Nevertheless it should work on newer CPUs)
 +
* armv4tl-softfloat-linux-gnueabi (OpenMoko FreeRunner and other devices using an ARMv4T processor. Uses the new ARM EABI and software floating point by default)
 +
* armv5tel-softfloat-linux-gnueabi (almost all ARM NAS, devices based on the Marvell Orion and Marvell Kirkwood, Marvell Sheevaplug, Marvell OpenRD, Guruplug, Dreamplug, QNAP TS109/TS209/TS409/TS119/TS219/TS419, Buffalo Linkstation/Kurobox PRO, HP mv2120, HP iPAQ, Linksys NSLU2 and other devices using an ARMv5TE processor. Uses the new ARM EABI and software floating point by default)
 +
* armv6j-unknown-linux-gnueabi ([[Raspberry Pi]], Nokia N800/N810, Smart Q7, OMAP2-based devices and other multimedia devices using an ARMv6 CPU and VFP. Uses the new ARM EABI and hardware floating point by default)
 +
* armv7a-unknown-linux-gnueabi (OMAP3-based devices(Beagleboard, IGEPv2, Devkit8000, AlwaysInnovating Touchbook, [[Nokia N900]]), OMAP4-based devices([[Pandaboard]]), Freescale i.MX515-based devices([[Efika MX]], Babbage Board, Lange Board…) Marvell Dove/Armada, Nvidia Tegra2-based devices(Toshiba AC100, Toshiba Folio), ST-Ericsson NOVA A9500-based devices(Snowball), Exynos 4412 ([[Odroid-X]], Odroid-Q, [[ODROID U2]]) and other devices using an ARMv7-A processor. Uses the new ARM EABI and generic(not NEON) hardware floating point by default
 +
* armv7a-hardfloat-linux-gnueabi (The same as armv7a-unknown-linux-gnueabi, but this one uses hardfloat instead of softfp. Read more about it here: http://wiki.debian.org/ArmHardFloatPort)
  
<pre>[root@localhost ~]# gdisk -l /dev/sdb
+
== Default installation of Funtoo on your platform/board ==
GPT fdisk (gdisk) version 0.6.13
+
This document is not a complete installation tutorial. Basic information about Funtoo Linux installation can be found on [[Funtoo Linux Installation]]. The goal of this document is to provide general information about installing Funtoo Linux on an ARM device, and highlight differences with a x86 installation.
  
Partition table scan:
+
The following notes are non-board specific. Other instructions can be found in the specific articles for the above mentioned devices.
  MBR: protective
+
  BSD: not present
+
  APM: not present
+
  GPT: present
+
  
Found valid GPT with protective MBR; using GPT.
 
Disk /dev/sdb: 625142448 sectors, 298.1 GiB
 
Logical sector size: 512 bytes
 
Disk identifier (GUID): 67AC0F92-E033-4B53-B6C5-D99DD8F49D90
 
Partition table holds up to 128 entries
 
First usable sector is 34, last usable sector is 625142414
 
Partitions will be aligned on 2048-sector boundaries
 
Total free space is 3038 sectors (1.5 MiB)
 
  
Number  Start (sector)   End (sector) Size      Code  Name
+
=== Overview ===
  1            2048          206847  100.0 MiB  0700  Linux/Windows data
+
Most of the ARM boards come with a SD card slot, so you will need an empty SD card (4GB is enough to get you started), in most cases the boards are also equipped with debug port which can be used with USB-to-serial cables, if you have one, you can use it to login to the machine without the need of connecting keyboards or displays. You will need a network connection to be able to download stages, kernel and update your portage tree.
  2          206848          207871  512.0 KiB  EF02  BIOS boot partition
+
 
  3         208896      625142414  298.0 GiB  FD00 Linux RAID
+
 
 +
=== Kernel and bootloader setup ===
 +
Before you start you will need a kernel and a bootloader for your device. Some of the devices look for bootloader (in most cases U-Boot) on the SD along with the kernel.
 +
 
 +
More information about the kernel and bootloader can be found on pages specific for your device.
 +
 
 +
 
 +
=== Installing Funtoo (overview) ===
 +
 
 +
The installation on these devices differs from the normal installation procedure of booting an installation environment and chrooting from there to your new root, and can be little bit easier, but in some cases tricky.  
 +
 
 +
Overview of the installation:
 +
* Extract stage3 to the 2nd partition of the SD card
 +
* Extract portage snapshot
 +
* Setup fstab
 +
* Setup root password
 +
* Configure hostname and networking (optional, but recommended)
 +
* Enable SSH access (optional, but recommended)
 +
* Enable serial console access (optional, but recommended)
 +
* Correct RTC "bug" with swclock
 +
 
 +
 
 +
==== Installing the Stage 3 tarball ====
 +
 
 +
ARM stage3 tarballs can be found on [http://ftp.osuosl.org/pub/funtoo/funtoo-current/arm-32bit/]. Use the subarchitecture that suits best your device.
 +
 
 +
Mount the partition that will hold your rootfs of the SD card and extract the stage3 you have downloaded.
 +
 
 +
<console>
 +
# ##i##mkdir /mnt/SD_root
 +
# ##i##mount /dev/sdcard-device-px /mnt/SD_root
 +
</console>
 +
 
 +
Extract the stage3 (it may take a while).
 +
<console>
 +
# ##i##tar xapf stage3-armv7a_hardfp-xxxx.tar.xz -C /mnt/SD_root
 +
</console>
 +
 
 +
 
 +
==== Extracting a portage snapshot ====
 +
 
 +
Now, download the portage snapshot from [http://ftp.osuosl.org/pub/funtoo/funtoo-current/snapshots/], and extract it to your partition.
 +
 
 +
<console>
 +
# ##i##tar xapf portage-latest.tar.xz -C /mnt/SD_root/usr
 +
</console>
 +
 
 +
 
 +
==== Setup fstab ====
 +
Edit the /mnt/SD_root/etc/fstab file to look like this:
 +
 
 +
<pre>
 +
  /dev/mmcblk0p1 /boot vfat noauto,noatime 1 2
 +
/dev/mmcblk0p2 / ext4 noatime 0 1
 
</pre>
 
</pre>
  
If you plan to use a raid-1 for installing only one partition (/dev/sdb3 in example) and, if successful, later add more to the mirror, issue something like:
+
Adjust the partition devices and types to suit your needs.
  
<pre>mdadm --create /dev/md0 --level=1 --raid-devices=2 missing /dev/sdb3</pre>
 
  
If you prefer to add the two final destination devices to the array in the first place, issue something like:
+
==== Setting the default root password ====
  
<pre>mdadm --create /dev/md0 --level=1 --raid-devices=2 /dev/sda3 /dev/sdb3</pre>
+
{{fancywarning|Don't skip this step. This part differs from the standard installation procedure, as the root password must be set outside of a chroot environment. Skipping this step will result in an impossibility to login.}}
  
If everything worked well, the arrays will start synchronising immediately. You can monitor this progress by viewing at the content of /proc/mdstat :
+
Normally, for setting the password, one has to be able to run passwd. However that's not possible in this case since an x86 system can't run ARM binaries. Therefore, it is needed to modify the file that contains the passwords (/etc/shadow) to set a default root password.
  
<pre>root@golf576:~# cat /proc/mdstat
+
===== Clearing the root password =====
Personalities : [raid1] [raid0] [raid6] [raid5] [raid4]
+
This will allow to login with a blank password for the root user.
md2 : active raid1 sdb5[1] sda5[0]
+
<console>
      581595328 blocks [2/2] [UU]
+
# ##i##nano -w /mnt/SD_root/etc/shadow
        resync=DELAYED
+
</console>
  
md1 : active raid1 sdb4[1] sda4[0]
+
Modify the line beginning by "root" to match the following:
      41942976 blocks [2/2] [UU]
+
<pre>
      [>....................]  resync =  1.6% (691456/41942976) finish=8.9min speed=76828K/sec
+
root::10770:0:::::
 +
</pre>
  
md0 : active raid1 sdb1[1] sda1[0]
+
{{fancywarning|After initial login, remember to change the root password using the passwd command.}}
      511936 blocks [2/2] [UU]
+
  
unused devices: <none>
+
===== Choosing a root password (alternative) =====
root@golf576:~#</pre>
+
  
Now, that's awesome, isn't it? :)
+
First, generate a password. The output of this command will be used to modify the shadow file.
Even more awesome is the fact that you can immediately start using your shiny new RAID. It will finish it's sync in the background while you do changes to its filesystem.
+
<console>
 +
# ##i##openssl passwd -1
 +
or
 +
# ##i##python -c "import crypt, getpass, pwd; print crypt.crypt('password', '\$6\$SALTsalt\$')"
 +
</console>
  
= Encrypting the raid-1 =
+
Then, edit the shadow file and use the output of the last command to replace "YOUR_PASSWORD_MD5".
  
<pre>cryptsetup -c aes-xts-plain luksFormat /dev/md0
+
<console>
cryptsetup luksOpen /dev/md0 dmcrypt_root</pre>
+
# ##i##nano -w /mnt/SD_root/etc/shadow
 +
</console>
  
Further, all the same [http://docs.funtoo.org/Rootfs_over_encrypted_lvm as here]… The differences begin with the "Initramfs setup and configuration"
+
<pre>
 +
root:YOUR_PASSWORD_MD5:14698:0:::::
 +
</pre>
  
To activate the raid-1 during boot to perform:
+
==== Setup hostname and networking ====
<pre>echo "Activating RAID device."
+
 
if [ ! -e '/etc/mdadm.conf' ]
+
Please read the [[Funtoo Linux Networking]] to configure your network.
then
+
 
echo "DEVICE /dev/sda[0-9] /dev/sdb[0-9] /dev/md[0-9]" > /etc/mdadm.conf
+
 
mdadm --examine --scan --config=/etc/mdadm.conf  >> /etc/mdadm.conf
+
==== Using swclock ====
mdadm --assemble --scan
+
One of the problems some of the devices have, is that they don't have a battery to save the clock time. To mitigate this, on Funtoo we have an option in our init system called swclock which sets the date of the system upon boot from a last modified date of a file.
fi</pre>
+
 
 +
 
 +
First, add swclock to the boot runlevel.
 +
<console>
 +
# ##i##ln -sf /etc/init.d/swclock /mnt/SD_root/etc/runlevels/boot
 +
</console>
 +
 
 +
Then, remove hwclock from the startup because it sets the date from the RTC, which is 2000-01-01 upon startup and overrides swclock's date.
 +
<console>
 +
# ##i##rm /mnt/SD_root/etc/runlevels/boot/hwclock
 +
</console>
 +
 
 +
swclock uses the /lib/rc/cache/shutdowntime's modification time to set the date, therefore we update it to have the current date and time.
 +
<console>
 +
# ##i##touch /mnt/SD_root/lib/rc/cache/shutdowntime
 +
</console>
 +
 
 +
Although this doesn't fix the issue, at least helps to set a sane date and time.
 +
Note: Consider using NTP, documented on the next chapter
 +
 
 +
 
 +
==== Enabling SSH access (optional) ====
 +
Adding sshd to the default runlevel will enable access to the device using ssh (if network has been configured).
 +
 
 +
<console>
 +
# ##i##ln -sf /etc/init.d/sshd /mnt/SD_root/etc/runlevels/default
 +
</console>
 +
 
 +
If no network has been configured yet, it might be a good idea to add dhcpcd in the default runlevel as well.
 +
 
 +
<console>
 +
# ##i##ln -sf /etc/init.d/dhcpcd /mnt/SD_root/etc/runlevels/default
 +
</console>
 +
 
 +
==== Enabling serial console access (optional) ====
 +
By default the ttyS0 port is configured at 9600 bps. However, almost all of the ARM devices run the serial port at 115200 bps. Also, the port device names differ (ttyO2 for Pandaboard, ttySAC1 for Odroid-X ...). So edit your /etc/inittab file:
 +
 
 +
<console>
 +
# ##i##nano -w /mnt/SD_root/etc/inittab
 +
</console>
 +
 
 +
(For example for Pandaboard: )
 +
<pre>
 +
s0:12345:respawn:/sbin/agetty 115200 ttyO2 vt100
 +
</pre>
  
Or use [https://bitbucket.org/piotrkarbowski/better-initramfs better-initramfs] with raid-1 mdadm support
 
<pre>git clone git@bitbucket.org:piotrkarbowski/better-initramfs.git</pre>
 
This script is well documented at it's GitHub overview site (which displays the documentation from README.rst).
 
  
= Grub2 configuration =
+
=== Finishing the installation and booting up the new system ===
Importantly do not forget <pre>enc_root=/dev/md0</pre>
+
Let's unmount the SD card.
 +
<console>
 +
# ##i##umount /mnt/SD_root
 +
</console>
  
= Additional links =
+
Once you have the card ready, put it into your device, and you should be able to boot it. If you have a debug port you will be able to see the boot process using minicom or similar program on another PC connected with the debug cable.
* [http://en.gentoo-wiki.com/wiki/RAID/Software RAID/Software]
+
* [http://www.gentoo.org/doc/en/gentoo-x86+raid+lvm2-quickinstall.xml Gentoo Linux x86 with Software Raid and LVM2 Quick Install Guide]
+
  
 
[[Category:HOWTO]]
 
[[Category:HOWTO]]
 +
[[Category:ARM]]

Revision as of 06:27, 10 April 2013

Funtoo now provides stage3 images for arm platform. At this time are only armv6j_hardfp and armv7a_hardfp stages available. If you would like us to support other processors (see the list below), please fill a bug report on [1].


List of ARM processor "flavors"

  • armv4l-unknown-linux-gnu (Rebel NetWinder, HP Armada and other devices having an ARMv4 processor, which is only capable of running the old ABI. Nevertheless it should work on newer CPUs)
  • armv4tl-softfloat-linux-gnueabi (OpenMoko FreeRunner and other devices using an ARMv4T processor. Uses the new ARM EABI and software floating point by default)
  • armv5tel-softfloat-linux-gnueabi (almost all ARM NAS, devices based on the Marvell Orion and Marvell Kirkwood, Marvell Sheevaplug, Marvell OpenRD, Guruplug, Dreamplug, QNAP TS109/TS209/TS409/TS119/TS219/TS419, Buffalo Linkstation/Kurobox PRO, HP mv2120, HP iPAQ, Linksys NSLU2 and other devices using an ARMv5TE processor. Uses the new ARM EABI and software floating point by default)
  • armv6j-unknown-linux-gnueabi (Raspberry Pi, Nokia N800/N810, Smart Q7, OMAP2-based devices and other multimedia devices using an ARMv6 CPU and VFP. Uses the new ARM EABI and hardware floating point by default)
  • armv7a-unknown-linux-gnueabi (OMAP3-based devices(Beagleboard, IGEPv2, Devkit8000, AlwaysInnovating Touchbook, Nokia N900), OMAP4-based devices(Pandaboard), Freescale i.MX515-based devices(Efika MX, Babbage Board, Lange Board…) Marvell Dove/Armada, Nvidia Tegra2-based devices(Toshiba AC100, Toshiba Folio), ST-Ericsson NOVA A9500-based devices(Snowball), Exynos 4412 (Odroid-X, Odroid-Q, ODROID U2) and other devices using an ARMv7-A processor. Uses the new ARM EABI and generic(not NEON) hardware floating point by default
  • armv7a-hardfloat-linux-gnueabi (The same as armv7a-unknown-linux-gnueabi, but this one uses hardfloat instead of softfp. Read more about it here: http://wiki.debian.org/ArmHardFloatPort)

Default installation of Funtoo on your platform/board

This document is not a complete installation tutorial. Basic information about Funtoo Linux installation can be found on Funtoo Linux Installation. The goal of this document is to provide general information about installing Funtoo Linux on an ARM device, and highlight differences with a x86 installation.

The following notes are non-board specific. Other instructions can be found in the specific articles for the above mentioned devices.


Overview

Most of the ARM boards come with a SD card slot, so you will need an empty SD card (4GB is enough to get you started), in most cases the boards are also equipped with debug port which can be used with USB-to-serial cables, if you have one, you can use it to login to the machine without the need of connecting keyboards or displays. You will need a network connection to be able to download stages, kernel and update your portage tree.


Kernel and bootloader setup

Before you start you will need a kernel and a bootloader for your device. Some of the devices look for bootloader (in most cases U-Boot) on the SD along with the kernel.

More information about the kernel and bootloader can be found on pages specific for your device.


Installing Funtoo (overview)

The installation on these devices differs from the normal installation procedure of booting an installation environment and chrooting from there to your new root, and can be little bit easier, but in some cases tricky.

Overview of the installation:

  • Extract stage3 to the 2nd partition of the SD card
  • Extract portage snapshot
  • Setup fstab
  • Setup root password
  • Configure hostname and networking (optional, but recommended)
  • Enable SSH access (optional, but recommended)
  • Enable serial console access (optional, but recommended)
  • Correct RTC "bug" with swclock


Installing the Stage 3 tarball

ARM stage3 tarballs can be found on [2]. Use the subarchitecture that suits best your device.

Mount the partition that will hold your rootfs of the SD card and extract the stage3 you have downloaded.

# mkdir /mnt/SD_root
# mount /dev/sdcard-device-px /mnt/SD_root

Extract the stage3 (it may take a while).

# tar xapf stage3-armv7a_hardfp-xxxx.tar.xz -C /mnt/SD_root


Extracting a portage snapshot

Now, download the portage snapshot from [3], and extract it to your partition.

# tar xapf portage-latest.tar.xz -C /mnt/SD_root/usr


Setup fstab

Edit the /mnt/SD_root/etc/fstab file to look like this:

 /dev/mmcblk0p1		/boot		vfat		noauto,noatime	1 2
 /dev/mmcblk0p2		/		ext4		noatime		0 1

Adjust the partition devices and types to suit your needs.


Setting the default root password

Warning: Don't skip this step. This part differs from the standard installation procedure, as the root password must be set outside of a chroot environment. Skipping this step will result in an impossibility to login.

Normally, for setting the password, one has to be able to run passwd. However that's not possible in this case since an x86 system can't run ARM binaries. Therefore, it is needed to modify the file that contains the passwords (/etc/shadow) to set a default root password.

Clearing the root password

This will allow to login with a blank password for the root user.

# nano -w /mnt/SD_root/etc/shadow

Modify the line beginning by "root" to match the following:

root::10770:0:::::
Warning: After initial login, remember to change the root password using the passwd command.
Choosing a root password (alternative)

First, generate a password. The output of this command will be used to modify the shadow file.

# openssl passwd -1
or
# python -c "import crypt, getpass, pwd; print crypt.crypt('password', '\$6\$SALTsalt\$')"

Then, edit the shadow file and use the output of the last command to replace "YOUR_PASSWORD_MD5".

# nano -w /mnt/SD_root/etc/shadow
 root:YOUR_PASSWORD_MD5:14698:0:::::

Setup hostname and networking

Please read the Funtoo Linux Networking to configure your network.


Using swclock

One of the problems some of the devices have, is that they don't have a battery to save the clock time. To mitigate this, on Funtoo we have an option in our init system called swclock which sets the date of the system upon boot from a last modified date of a file.


First, add swclock to the boot runlevel.

# ln -sf /etc/init.d/swclock /mnt/SD_root/etc/runlevels/boot

Then, remove hwclock from the startup because it sets the date from the RTC, which is 2000-01-01 upon startup and overrides swclock's date.

# rm /mnt/SD_root/etc/runlevels/boot/hwclock

swclock uses the /lib/rc/cache/shutdowntime's modification time to set the date, therefore we update it to have the current date and time.

# touch /mnt/SD_root/lib/rc/cache/shutdowntime

Although this doesn't fix the issue, at least helps to set a sane date and time. Note: Consider using NTP, documented on the next chapter


Enabling SSH access (optional)

Adding sshd to the default runlevel will enable access to the device using ssh (if network has been configured).

# ln -sf /etc/init.d/sshd /mnt/SD_root/etc/runlevels/default

If no network has been configured yet, it might be a good idea to add dhcpcd in the default runlevel as well.

# ln -sf /etc/init.d/dhcpcd /mnt/SD_root/etc/runlevels/default

Enabling serial console access (optional)

By default the ttyS0 port is configured at 9600 bps. However, almost all of the ARM devices run the serial port at 115200 bps. Also, the port device names differ (ttyO2 for Pandaboard, ttySAC1 for Odroid-X ...). So edit your /etc/inittab file:

# nano -w /mnt/SD_root/etc/inittab

(For example for Pandaboard: )

s0:12345:respawn:/sbin/agetty 115200 ttyO2 vt100


Finishing the installation and booting up the new system

Let's unmount the SD card.

# umount /mnt/SD_root

Once you have the card ready, put it into your device, and you should be able to boot it. If you have a debug port you will be able to see the boot process using minicom or similar program on another PC connected with the debug cable.