Dual Boot Devuan & Mint on a Lenovo Yoga 720 with NVMe SSD
This was the first computer I've ever bought that's cost me more than £150. And its been dreamy to use. Its got a touch screen (which honestly, I don't need and haven't really touched). Getting Linux installed initially was mildly troublesome, and once I'd got a basic Ubuntu 16.04 Gnome version running, at the time I was happy settling for that, despite really wanting to experiment more, I just needed a working computer. So I made it a target for 2019 to learn more about partitioning, the Linux kernel, and how to properly manage your own system and to rebuild my computer. This target was thrust upon me forcefully when I woke up to this one morning...
This forced my hand.
So I set out to rebuild with Devuan as my main OS, and Mint as a secondary OS and fully encrypt each setup with LUKS encryption. I haven't yet encrypted the /shared
partition but its easy with the knowledge I've gained now.
Took me several attempts to get it right, here's how I got on and what I learned...
Steps
- Configure BIOS to boot using UEFI only
- Disable 'Secure Boot'
- Use gparted to layout drive paritions
- Create a FAT32 EFI system partition with flags /boot and /esp
- Create
/boot
partitions for each encrypted filesystem
- Install Devuan
- Manually install grub and update its settings once you've booted in once
- Use cryptsetup to create a LUKS partition for Mint
- Install Mint in the encrypted filesystem
- Update Mint's grub to tell it its dealing with an encrypted file system
Partitioning
I partitioned my drives thusly and left 30 GB at the end, just incase I want to add a third distro at some point:
# Partition # Filesystem # Mount Point # Size # Flags
/dev/nvme0n1p1 fat32 /boot/efi 512 MB boot, esp
/dev/nvme0n1p2 [Encrypted] (ext4) / (Devuan) 20480 MB
/dev/nvme0n1p3 [Encrypted] (ext4) / (Mint) 20480 MB
/dev/nvme0n1p4 extended
/dev/nvme0n1p5 ext4 /boot (Devuan) 1024 MB
/dev/nvme0n1p6 ext4 /boot (Mint) 1024 MB
/dev/nvme0n1p7 ext4 /shared ...the rest...
unallocated 30720 MB
Installing Devuan
Setting up the BIOS from the boot menu was easy, and once I'd connected with an Etherenet cable (via my Raspberry Pi which is forwarding its own wireless connection, whoop!), I was able to get Devuan to actually install. It doesn't recognise the Wifi and touchpad / touchscreen drivers, a problem which I have yet to tackle (am using Mint for the time being). If anyone has any info re: this, would be great! Anyway, with Devuan you can encrypt your partitions so I selected the partitions as above and go through the encryption steps. Complete the install, and OWCH. Grub doesn't install. My heart sinks. How am I going to boot this OS? Several days pass and I try multiple times to manually configure grub but its horrific. At one point somehow after booting Mint from a USB, it recognises a Devuan installation, but not with a custom partition configuration. Sigh.
Thanks to the wonder of stack exchange I was able to piece together a solution.
Before leaving the Devuan installation after GRUB fails to install, execute a shell and do the following:
mount --bind /dev /target/dev
mount --bind /dev/pts /target/dev/pts
mount --bind /proc /target/proc
mount --bind /sys /target/sys
cp /etc/resolv.conf /target/etc
chroot /target /bin/bash
apt update
apt install grub-efi-amd64
update-grub
grub-install --target=x86_64-efi /dev/nvme0n1
If I understand correctly, this is mounting the recently installed OS and we're then switching to a bash shell from which we can run apt
. This goes swimmingly until I run update-grub
, at which point we get an error:
/etc/grub.d/30_uefi-firmware arithmetic expression: expecting EOF: " 1f & 1"
ARGGGH
Resolved by modifying line 34 in /etc/grub.d/30_uefi-firemware
, replacing [ "$(( $(printf %x \'"$(cat $OsIndications | cut -b1)") & 1 ))" = 1 ]; then
with [ "$(( $(printf %d \'"$(cat $OsIndications | cut -b1)") & 1 ))" = 1 ]; then
Now grub will recognise Devuan and we can boot, once at least! Whoop! However, since the touchpad doesn't work, we have to plug in a mouse to open a terminal (hotkeys aren't yet configured..., or at least I don't know what it is)
First we add ourselves to the sudo group, running visudo
as root and adding ourselves with all permissions.
Now we add "nvme" to /etc/initramfs-tools/modules
, and run `sudo update-initramfs -u``.
We also need to edit our grub configuration to make sure it boots again, add the following line in /etc/default/grub
: GRUB_CMDLINE_LINUX="intel_pstate=no_hwp"
.
We also need to add 'nomodeset' to GRUB_CMDLINE_LINUX_DEFAULT
And now we have to run sudo update-grub
and grub will always recognise Devuan.
Installing Mint
Boot as normal from the USB, but before we begin the installation we have to encrypt the partiton we intend to install mint into. We also need to make sure we close the encrypted partition before we shutdown!
sudo cryptsetup luksFormat /dev/nvme0n1p3 # setup encryption - choose a memorable password!
sudo cryptsetup luksOpen /dev/nvme0n1p3 luks1 # open encrypted partition
# setup LVM (logical volume management)
sudo pvcreate /dev/mapper/luks1
sudo vgcreate vg0 /dev/mapper/luks1
sudo lvcreate -n root -l 8G vg0 # create a root volume of 8GB
sudo lvcreate -n home -l +100%Free vg0 # create a home volume of the rest (~12 GB)
Now run the installation, and select the relevant /dev/mapper/vg0-*
partitions inside the logical volume and assign to /
and /home
. Don't forget to create a separate /boot
partition to the Devuan one.
Once the installation is complete, DON'T REBOOT.
We now have to:
- Mount the newly installed system,
chroot
in to the mounted system- Tell grub2 (which was installed along with Mint) that its got an encrypted drive to deal with
- Generate a
/etc/crypttab/
file with the UUID of the encrypted/dev/nvme0n1p3
partition.
sudo blkid | grep LUKS # copy the UUID for /dev/nvme0n1p3
sudo mount /dev/vg0/root /mnt
sudo mount /dev/nvme0n1p6 /mnt/boot
sudo mount --bind /dev /mnt/dev
sudo mount --bind /run/lvm /mnt/run/lvm
sudo mount /dev/nvme0n1p1 /mnt/boot/efi
sudo chroot /mnt
mount -t proc proc /proc
mount -t sysfs sysfs /sys
mount -t devpts devpts /dev/pts
Generate a crypttab
file and input:
luks UUID="therootIDyoucopied" none luks,discard
And finally, rebuild the boot loader files:
update-initfamrs -k all -c
update-grub
Done! You should now be able to switch between Mint and Devuan from the BIOS screen using F2. Sadly this configuration they use two separate GRUB configs (ones using grub, ones using grub2) and so they don't appear on the same menu. But I don't care. I got it working!
Next challenge: find the right drivers for Devuan.
Posting this on scuttlebutt makes we wish #buttoverflow was a thing already
cc: #linux #partitioning