Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

FDE + EFI installation chapter needs reworking? #398

Closed
brihadeesh opened this issue Jul 12, 2020 · 7 comments
Closed

FDE + EFI installation chapter needs reworking? #398

brihadeesh opened this issue Jul 12, 2020 · 7 comments

Comments

@brihadeesh
Copy link

I was going through the FDE installation guide and came across some odd-looking bits. This is with regard to the instructions on EFI systems only. I've listed them out, mostly for clarification before actually considering whether to suggest edits; please correct me if I'm wrong - I'm no pro at this! I think that it might be worth adding clearer warnings for instructions specific to EFI systems to avoid any ambiguity, especially since most newer hardware comes with EFI support. I have actually (quite ambitiously) gone ahead with the suggestions :)

  1. Configuring the encrypted volume:

cryptsetup luksFormat --type luks1 /dev/sda1

This essentially encrypts the /boot/efi partition on EFI systems which I'm not sure is required. What should be encrypted is the /dev/sda2 block which holds the root, swap and (optional) home partitions. So perhaps explicitly state the differences for EFI systems?

Note: most of the other issues follow from this.

  1. Kernel configuration:
    The lsblk -f command displays a single /dev/sda1 block which is shown to be the base of the root, swap, etc directories when instead there should be an additional /dev/sda2 block under which the above mentioned logical volumes are placed.

  2. Adding luks key to encrypted volume:

cryptsetup luksAddKey /dev/sda1 /boot/volume.key

This should have /dev/sda2 in the place of /dev/sda1

  1. Crypttab setup: this is clear unlike the other bits; perhaps the warning specific to EFI systems should be highlighted in bold maybe?

voidvm /dev/sda1 /boot/volume.key luks

This last bit could perhaps be shown with /dev/sda2 with a comment indicating that this is for EFI systems.

If this sounds good, I'll go ahead and submit a PR with the suggested edits incorporated. Will wait for inputs before penning them down though.
@flexibeast
Copy link
Contributor

Thank you for your contribution!

We currently have an open issue about the need to refactor the FDE guide: #284. i don't have the domain knowledge to assist with this, but @ericonr and @jeffayle might be able to offer their own thoughts.

@brihadeesh
Copy link
Author

brihadeesh commented Jul 12, 2020
edited
Loading

Right, I wasn't too sure whether to add this to that issue but then I'd only just brushed through the checklist there (referenced issue i.e. #327). I'll take a closer look at it when I can and wait for their inputs on this. Thanks!

E: Just went through the list again and I did find mention of this in some 2-3 points. They were all unchecked though.

@ericonr
Copy link
Member

ericonr commented Jul 17, 2020

@brihadeesh thanks for opening an issue! So, in order:

  1. Right before the command you list, we have this note: Keep in mind this will be /dev/sda2 on EFI systems. Do you think we could highlight it more?
  2. We could indeed be more explicit here. So something like "If you are using UEFI boot, there will be another partition there". I would also try to find some way of adding a link to the lsblk(8) manpage.
  3. We could have a line like 4 has about using /dev/sda2 instead of sda1.
  4. This one has a line right before it: "Again, this will be /dev/sda2 on EFI systems."

So I think the changes should happen in 2. and 3., and possible 1 and 4 if you find some way of making them clearer.

@brihadeesh
Copy link
Author

brihadeesh commented Jul 18, 2020
edited
Loading

@ericonr thanks for your response! Sorry I didn't get back sooner.

Do you think we could highlight it more?

I think this could perhaps be italicised and/or on a separate line or maybe with a bold 'NOTE' tag? I might have missed it the first time around.

  1. Might I suggest that displaying a separate filesystem tree for UEFI systems might be a good idea? And yes, a link to the lsblk(8) manpage would be great too.

  2. On second thoughts, this seems clear enough except for the fact that it could be highlighted like (1)

  3. Same as above.

I get a strong feeling this was changed recently because I really don't remember seeing this when I installed Void some weeks back but I hope these inputs are indeed useful.

@ericonr
Copy link
Member

ericonr commented Jul 19, 2020

I think this could perhaps be italicised and/or on a separate line or maybe with a bold 'NOTE' tag? I might have missed it the first time around.

I wouldn't like to visually pollute the section too much, so we could highlight it more clearly on the start of the guide to help keep it fresh.

Might I suggest that displaying a separate filesystem tree for UEFI systems might be a good idea? And yes, a link to the lsblk(8) manpage would be great too.

I think that's ok. I don't love having this separation, but it might not be obvious for more inexperienced users.

@brihadeesh
Copy link
Author

Sorry I couldn't get back earlier. I think this sounds good. This actually is a really well-designed/though-out wiki. Keep up the good work!!

@flexibeast flexibeast mentioned this issue Aug 23, 2020
Open
4 tasks
@flexibeast
Copy link
Contributor

Superseded by #492.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
3 participants
@flexibeast @brihadeesh @ericonr