You are right, sorry about hijacking the thread. Bad manners. Anyway I was trying to get things to work yesterday and I ended up with a good solution in the end. When I tried to setup an encrypted LVM with the different installers I got stuck with having to reboot to let the changes take effect. Since that was impossible I had to find another solution and I ended up using a mix between information from the Mageia community and from how I did it before with Arch Linux. The final result was an encrypted LVM container (LVM on LUKS). These are my resourses:
1.
https://wiki.mageia.org/en/UEFI_how-to2.
https://www.youtube.com/watch?v=SLu1NwsZr48 (excellent video)
3.
https://wiki.archlinux.org/index.php/Beginners%27_GuideI updated my MacBookPro before I started and that whiped out the rEFInd boot manager. So in a way I started from scratch. This is how I proceeded, maybe it can help someone else with the same problem.
1. I had to use the live DVD installer with Gnome in my case since it can boot in EFI mode. Start up the MacBookPro and press alt immediately. Insert the DVD (much easier to use than an USB) and you will be presented with an EFI boot disk. Select it and the live DVD will boot.
2. Test if you have booted in UEFI mode. Start the terminal and do
- Code: Select all
# ls -1 /sys/firmware/efi
If this folder exisits it is OK.
3. After bootup I started gparted and cleaned up old partitions behind /dev/sda1 to 3. (These are the MacBook partitions. sda1 is the EFI partition, sda2 is the MacBook hdd and sda3 is the MacBook rescue disk. I had since before already shrunk my MacBook partition to around 30G, the rest 470G is for linux). I then created a new partition after sda3 that filled up the rest of the disk called sda4.
4. It is good practice to overwrite the disk with random data before you install an encrypted partition on it. It will take some time.
- Code: Select all
# shred -v -z /dev/sda4
5. I used gdisk to create the partitions on the HDD.
- Code: Select all
# gdisk /dev/sda
First erase sda4 using the menu. Then create a new partition (sda4) which will become /boot. Remember to put this partition +128M behind sda3 since OSX apparently need some space behind sda3. Don't know why. This is a standard linux partition type, i.e. 8300. Also label the disk, I used boot. Then create another partition (sda5) and fill up the rest of the disk (if you wish) and make this a Linux LVM partition i.e. 8e00. I labeled the disk sda5_crypt. Write and save changes.
6. Now it is time to set up the encrypted partition in the LVM, to create the volume groups and the logical volumes. This is what I did
- Code: Select all
# modprobe dm-crypt
# cryptsetup --cipher aes-xts-plain64 --key-size 512 --hash sha512 --iter-time 5000 --use-random --verify-passphrase luksFormat /dev/sda5
# cryptsetup luksOpen /dev/sda5 sda5_crypt
# pvcreate /dev/mapper/sda5_crypt
# vgcreate busta_crypt /dev/mapper/sda5_crypt
# vgdisplay
# lvcreate -L 15G -C y -n root busta_crypt
# lvcreate -L 4G -C y -n swap busta_crypt
# lvcreate -l +100%FREE -C y -n home busta_crypt
# lvdisplay
7. Now start the installer. When you come to the partition setup chose custom install and set up the mountpoints for (in my case) /boot, / and /home. Also change the type to swap for the swap partition. Proceed until you get the choice to select bootloader. Select grub2 and then go back to the terminal.
8. It is time to install grub2-efi
- Code: Select all
# chroot /mnt/install
# urpmi grub2-efi
Overwrite the old grub2 program. After the installation is complete, go back to the installer and continue to install grub2. I installed it on sda1. There will pop up some error messages, but it is OK.
9. Go back to the terminal and run
- Code: Select all
# fdisk -l
to check where the EFI partition is situated. In my case sda1
- Code: Select all
# chroot /mnt/install
# mkdir /boot/EFI
# mount /dev/sda1 /boot/EFI
# grub2-install --target=x86_64-efi --efi-directory=/boot/EFI/ --boot-directory=/boot/
grub2 is now installed on sda1 in the right place.
10. It is time to edit fstab. It is cruicial that the hdd are listed in the right order in this file otherwise you will get stuck in limbo while trying to boot. I found out the hard way and in my case I was unable to type the password for the LVM since the keyboard was not loaded. Select:
10.1 /boot/EFI
10.2 /dev/sda4 (the /boot partition)
10.3 /dev/busta_crypt/root (in my case)
10.4 and after that /home, proc and swap
- Code: Select all
# blkid
Note the UUID label for your EFI partition, mine in UUID="2860-11F4"
I use vim
- Code: Select all
vim /etc/fstab
and add the following at the top of the file. Edit the file as nessecary to load the partitions in the right sequence as I mentioned above.
- Code: Select all
UUID=2860-11F4 /boot/EFI vfat defaults 1 1
Save and reboot!
11. Continue with the installation and setup network and users. Start the terminal
- Code: Select all
# grub2-mkconfig -o /boot/grub2/grub.cfg
# grub2-install /dev/sda
Reboot.
12. Important! Remember to save the LUKS header on a USB stick. Keep the USB in a safe place. I use encfs to encrypt a folder on the usb, just in case.
- Code: Select all
cryptsetup luksHeaerBackup /dev/sda5 --header-backup-file /path/to/usb/LUKS_heaer.img
This is how far I have come in my setup. I still need to edit the grub.cfg file because I cannot load OSX from grub, I have to press alt during boot to start OSX. But I will do that later. I recommend to watch the youtube clip I linked to above. That was basically my only resource I used to get the EFI boot to work.
If there are any typos please let me know so that I can correct it
Cheers!
I am shredding /dev/sda4 on my MacBook at the moment to prepare for the Mageia install. I have been using Arch Linux on the MacBook with encrypted LVM and LUKS and it has beed working very good and that is the setup I am looking for with Mageia. But I am simplifying my computer use and I will put Mageia with Mate on all my computers back home (even if I am a deb user) because Mageia impressed me after my first install on the laptop. I especially liked the Mageia Control Center, the balanced choice of programs and the fact that my old laptop is finally running cool again.
