Booting Libreboot/Trisquel with full encryption
- Login o registrati per inviare commenti
I just installed Trisquel on a Librebooted X200, using full disk encryption. After a couple of false starts, I now have it to where I can boot the system using the following commands at the GRUB command line:
grub> cryptomount -a
grub> set root='lvm/[volume]-root'
grub> linux /vmlinuz root=/dev/mapper/[volume]-root cryptdevice=/dev/mapper/[volume]-root:root
grub> initrd /initrd.img
grub> boot
However, I'm having a difficult time when it comes to setting up the system to boot automatically instead of having to go through all that each time. I've tried the following two approaches, while the system is up and running:
1. Add those commands to /boot/grub/grub.cfg
2. Make a new file containing those commands called 'libreboot_grub.cfg' in /boot/grub.
Neither attempt worked. I got the usual errors at startup: "error: unknown filesystem" etc.
Any help would be greatly appreciated.
Thanks for the welcome!
Yes, that's what I followed. Unfortunately, this part is the one that's giving me trouble:
Modify grub.cfg (CBFS)
Now you need to set it up so that the system will automatically boot, without having to type a bunch of commands.
Modify your grub.cfg (in the firmware) using this tutorial; just change the default menu entry 'Load Operating System' to say this inside:
cryptomount -a
set root='lvm/matrix-root'
linux /vmlinuz root=/dev/mapper/matrix-root cryptdevice=/dev/mapper/matrix-root:root
initrd /initrd.img
When I read through the tutorial that's mentioned here, it makes it seem as if the relevant changes can be made in /boot/grub and will take effect upon re-boot. Here's what it says: "Simply create your custom GRUB configuration and save it to /boot/grub/libreboot_grub.cfg on the running system. The next time you boot, GRUB (in libreboot) will automatically switch to this configuration file. This means that you do not have to re-flash, recompile or otherwise modify libreboot at all!"
I thought I did that (as described in my opening post), but no luck. Do I need to flash the ROM?
What SuperTramp83 said.
Libreboot doesn't read grub from the disk. Grub is inside libreboot. So you need to modify your grub.cfg inside libreboot using the cbfstool. It's easiest to flash new modified roms from inside trisquel. I'm assuming you flashed the x200 yourself, so you don't need to worry to much about flashing a rom and then it doesn't boot as you can just reflash it externally again.
OK, I see, I was hoping the 1st option ("don't reflash") would do it, but now I see better how things work. So I guess the grub files on the disk are pretty much irrelevant for Libreboot systems?
I think that the don't reflash part only applies if you didn't go with full disk encryption. I could be wrong though.
Yes, I would consider the grub files on the disk irrelevant.
I'm on this webpage: https://libreboot.org/docs/gnulinux/grub_cbfs.html, and trying to follow these instructions:
Acquiring the correct ROM image
You can either work directly with one of the ROM images already included in the libreboot ROM archives, or re-use the ROM that you have currently flashed. For the purpose of this tutorial it is assumed that your ROM image file is named libreboot.rom, so please make sure to adapt.
ROM images are included pre-compiled in libreboot. You can also dump your current firmware, using flashrom:
$ sudo flashrom -p internal -r libreboot.rom
# flashrom -p internal -r libreboot.rom
If you are told to specify the chip, add the option -c {your chip} to the command, for example:
# flashrom -c MX25L6405 -p internal -r libreboot.rom
Since I'm on an X200 with a Core 2, I assume I'm supposed to be using the flashrom in the x86_64 folder. Now, following the instructions *to the letter* doesn't work; it spits back "flashrom: command not found". So I tried prefixing "./" and got back a big FUD warning about how running flashrom on an unsupported laptop can cause the sky to fall. Then the process aborted, saying, "Error: Programmer initialization failed". Apparently I'm doing something wrong, but I don't know what.
I think I see what the issue is now. Reading the man page for flashrom, it says:
"Using flashrom on laptops is dangerous and may easily make your hardware unusable (see also the BUGS section). The embedded controller (EC) in these machines often interacts badly with flashing. http://www.flashrom.org/Laptops has more information. For example the EC firmware sometimes resides on the same flash chip as the host firmware. While flashrom tries to change the contents of that memory the EC might need to fetch new instructions or data from it and could stop working correctly. Probing for and reading from the chip may also irritate your EC and cause fan failure, backlight failure, sudden poweroff, and other nasty effects. flashrom will attempt to detect if it is running on a laptop and abort immediately for safety reasons if it clearly identifies the host computer as one. If you want to proceed anyway at your own risk, use flashrom -p internal:laptop=force_I_want_a_brick We will not help you if you force flashing on a laptop because this is a really dumb idea."
I wouldn't have thought that merely trying to read the ROM image would risk any adverse effect on the system.
- Login o registrati per inviare commenti