Btrfs on main drive, replacing GPT/MBR
Encrypted main drive using key file on flash drive. Add backup passphrase
No swap, swap files (limitation of Btrfs) or swap partition (so no suspend-to-disk)
Boot directory and grub on flash drive
1st flash drive partition is Vfat partition to allow for cross-platform file transfers
Ext4 ISO partition for Linux-only data/ISO files, if desired.
TODO - edit grub to allow booting ISOs stored on the flash drive.
TODO - investigate and fix journalctl entries for failed fsck on missing BOOT partition:
Jun 15 09:02:09 scotty systemd[1]: Dependency failed for File System Check on /dev/disk/by-label/BOOT. Jun 15 09:02:09 scotty systemd[1]: Dependency failed for /boot. Jun 15 09:02:09 scotty systemd[1]: Timed out waiting for device Cruzer BOOT.
Partition flash drive like this (for GPT): (create partition #4 last even though it's first on the disk):
# gdisk -l /dev/sdb GPT fdisk (gdisk) version 0.8.10 Partition table scan: MBR: protective BSD: not present APM: not present GPT: present Found valid GPT with protective MBR; using GPT. Disk /dev/sdb: 15633408 sectors, 7.5 GiB Logical sector size: 512 bytes Disk identifier (GUID): 4D45181A-6297-4DB6-8F74-A2BB18E7BBDE Partition table holds up to 128 entries First usable sector is 34, last usable sector is 15633374 Partitions will be aligned on 2-sector boundaries Total free space is 0 sectors (0 bytes) Number Start (sector) End (sector) Size Code Name 1 2048 8390655 4.0 GiB 0700 Microsoft basic data 2 8390656 8800255 200.0 MiB EF00 EFI System 3 8800256 15633374 3.3 GiB 8300 Linux filesystem 4 34 2047 1007.0 KiB EF02 BIOS boot partition
Use parted to toggle the bootable flag if necessary on partition #2 (BOOT) and make sure #4 is bios_grub
Create labelled filesystems:
- #1 vfat DATA
mkfs.vfat -n DATA /dev/sdb1
- #2 ext4 BOOT
mkfs.ext4 -L BOOT /dev/sdb2
- #3 ext4 ISO
mkfs.ext4 -L ISO /dev/sdb3
- #1 vfat DATA
Copy existing /boot directory (or use grub-install with --dir) to the BOOT partition
Install grub to the flash drive:
grub-install --recheck /dev/sdx
Copy keyfile (along with any other desired files) to the ISO partition. Could be to anywhere, but the ISO part won't automount when I plug it into Windows machines. A little obscurity.
Repeat for 2 or 3 different flash drives so YOU HAVE A BACKUP!!
- Prepare (erase) disk:
- Create temporary container:
cryptsetup open --type plain /dev/sdb tmp_container
dd if=/dev/zero of=/dev/mapper/tmp_container
cryptsetup close tmp_container
- Create temporary container:
Encrypt disk
cryptsetup -v -c aes-xts-plain64 -s 512 -i 5000 -h sha512 --use-urandom luksFormat /dev/sdb <path/to/keyfile>
Add backup passphrase:
cryptsetup --key-file <path/to/keyfile> luksAddKey /dev/sdb
Create and mount filesystem:
cryptsetup --key-file <path to keyfile> luksOpen /dev/sdb root mkfs.btrfs -L SCOTTY /dev/mapper/root mount -o noatime,compress=lzo,ssd,discard,space_cache,autodefrag,inode_cache /dev/mapper/root /mnt/<mountpoint>
Mount the USB BOOT partition to <mountpoint>/boot
Copy current installtion to new disk or use pacstrap to chroot and setup new installation
rsync -aAXv /* /path/to/mountpoint --exclude={/dev/\*,/proc/\*,/sys/\*,/tmp/\*,/run/\*,/mnt/\*,/media/\*,/lost+found}
Edit <mountpoint>/etc/mkinitcpio.conf to add the correct modules for booting from the USB drive and the correct hooks:
MODULES="nls_cp437 ext4" .... HOOKS="base udev autodetect modconf block encrypt resume filesystems keyboard fsck"
Edit <mountpoint>/etc/default/grub:
GRUB_CMDLINE_LINUX="cryptdevice=/dev/disk/by-label/SCOTTY:root:allow-discards cryptkey=/dev/disk/by-label/ISO:ext4:/<path/to/keyfile/on/flash drive>"
Chroot into <mountpoint> and run (the users and nofail options allow unmounting and removal of the drive without issues)
genfstab -L . > /etc/fstab (and edit) -> /dev/disk/by-label/BOOT /boot ext4 rw,users,noatime,data=ordered,nofail 0 2 mkinitcpio -p linux grub-mkconfig > /boot/grub/grub.cfg
To install the kernel image on the backup flash drives:
- Unmount and remove the original flash drive
- Plug in and mount the /boot partition on the BACKUP flash drive
- Run
pacman -S linux
to install the kernel image to the flash drive grub-mkconfig > /boot/grub/grub.cfg
- Unmount and repeat as necessary
Repeat for each flash drive:
- Ensure /boot partition is mounted
pacman -S linux
- Unmount and remove