The officially official Devuan Forum!

You are not logged in.

#1 2021-03-09 10:30:14

dice
Member
Registered: 2020-11-22
Posts: 367  
Website

Copy Installation to USB with encryption using the f2fs filesystem.

Hope that subject heading sounds correct?

Doing this cause of boredom and just to see if i could wink. This is how i made a copy onto a usb3.0 drive of my devuan beowulf installation using f2fs as the filesystem.
Note this tutorial is only for legacy-bios not uefi. For this i opted to just have 1 boot partition and 1 encrypted root partition, no encrypted lvm, no home partitions etc etc...
The reason for the f2fs filesystem is that it is better suited to flash drives hence the name flash friendly file system, https://www.kernel.org/doc/html/v5.7/fi … /f2fs.html
Ive opted to create plain encrypted root partition but you can leave this out if you want, just skip the encryption steps and in point 4. ignore mkfs.f2fs /dev/mapper/usb and use mkfs.f2fs /dev/sdX2.

1. make sure to install these before moving forward.

# apt install f2fs-tools
# apt install cryptsetup
# apt install arch-install-scripts
# apt install rsync

2. get the boot and root partition ready
i use cfdisk for this, just create 2 partitions, the first atleast 500MB and make it bootable and the second the rest of the drive.
Use what ever disk utility you like though, just make sure their is a boot partition and a root partition nothing more as it is out of the scope of this tutorial.
Make sure that the usb has enough space for your operating system, im using a 128GB usb3.0 stick and my system is only around 20GB in total.

3. create the encryption and take note of what the usb device partions are for, /dev/sdX2 in my case is /dev/sdb2 the root partition.

# cryptsetup luksFormat /dev/sdX2

answer YES in capitals, then input a password.

Now open the the encrypted partition.

# cryptsetup open /dev/sdX2 usb

4. create the filesystems for boot and root, if you have no other usb devices plugged in these should be sdb1 for boot and sdb2 for root.

# mkfs.ext2 /dev/sdX1 
# mkfs.f2fs /dev/mapper/usb

5. now lets just mount the root then the boot partition.

# mount /dev/mapper/usb /mnt 
# mount /dev/sdX1 /mnt/boot

6. now lets rsync the root filesystem to the /mnt

# rsync -aAXHv --exclude={"/dev/*","/proc/*","/sys/*","/tmp/*","/run/*","/mnt/*","/media/*","/lost+found"} / /mnt

7. after the rsync has completed successfully lets chroot into the usb filesystem and edit a few things.

# arch-chroot /mnt

lets get the uuids of the usb device to edit /etc/fstab and /etc/crypttab with the blkid command, (blkid - locate/print block device attributes).

# blkid
/dev/sdX1: UUID="<this is your boot partition UUID>" TYPE="ext2" PARTUUID="0000000-01" 
/dev/sdX2: UUID="<this is the crypto_luks partition UUID>" TYPE="crypto_LUKS" PARTUUID="00000000-02" 
/dev/mapper/usb: UUID="<this the unencrypted filesystem UUID>" TYPE="f2fs"

lets edit /etc/fstab first so it looks like below.

# /etc/fstab: static file system information.
#
# Use 'blkid' to print the universally unique identifier for a
# device; this may be used with UUID= as a more robust way to name devices
# that works even if disks are added and removed. See fstab(5).
#
# <file system> <mount point>   <type>  <options>       <dump>  <pass>
/dev/mapper/usb /               f2fs    rw,defaults      0       1
# /boot was on /dev/sda1 during installation
UUID=<this is your boot partition UUID> /boot           ext2    noatime         0       2

now edit /etc/crypttab and insert the /dev/sdX2 uuid...

usb UUID=<this is the crypto_luks partition UUID> none luks,discard

8. now lets remove grub.cfg then install and update-grub

# rm /boot/grub/grub.cfg
# grub-install /dev/sdX # this should be your usb device, mine was /dev/sdb
# update-grub

9.now we need some modules added to the initramfs, ive read that debian stable should have the f2fs module in grub to make root file systems work, this might not be the case for devuan ?
But without adding these to /etc/initramfs-tools/modules the usb failed to boot for me.

# List of modules that you want to include in your initramfs.
# They will be loaded at boot time in the order below.
#
# Syntax:  module_name [args ...]
#
# You must run update-initramfs(8) to effect this change.
#
# Examples:
#
# raid1
# sd_mod

f2fs
fscrypto
crc32-pclmul
crc32c_generic
crc32c-intel
crc32_generic
libcrc32c

now update the initramfs

# update-initramfs -u

lets update grub just in case.

# update-grub

---

Now just ...

# exit 
# unmount -R /mnt
# cryptsetup close usb
# reboot into the usb

This should be enough to boot the usb stick via the bios boot menu into a grub screen. This is working for me as im typing all this out from it.
please let me know if ive made any mistake or this guide needs improvement.

happy hacking!


Do good things.  Share.  Be helpful.  Be decent.  Live large.

Offline

Board footer