Package: installation-reports
Severity: normal
X-Debbugs-Cc: vagr...@debian.org
Boot method: USB
Image version:
https://d-i.debian.org/daily-images/amd64/20230101-00:19/netboot/mini.iso
Date: Late One New Years Eve 2022
Machine: framework laptop 11th gen intel
Partitions:
Filesystem Type 1K-blocksUsed Available Use% Mounted on
udevdevtmpfs 16308768 0 16308768 0% /dev
tmpfs tmpfs 32660881500 3264588 1% /run
/dev/mapper/wireframe-root ext4 9509056 3065904 5938528 35% /
tmpfs tmpfs 16330436 456 16329980 1% /dev/shm
tmpfs tmpfs 5120 0 5120 0% /run/lock
tmpfs tmpfs 16330436 148 16330288 1% /tmp
/dev/mapper/nvme0n1p2_crypt ext4445378 55201361761 14% /boot
/dev/nvme0n1p1 vfat4864565936480520 2% /boot/efi
tmpfs tmpfs 3266084 436 3265648 1%
/run/user/1000
Base System Installation Checklist:
[O] = OK, [E] = Error (please elaborate below), [ ] = didn't try it
Initial boot: [O]
Detect network card:[O]
Configure network: [O]
Detect media: [ ]
Load installer modules: [O]
Clock/timezone setup: [O]
User/password setup:[O]
Detect hard drives: [O]
Partition hard drives: [E]
Install base system:[O]
Install tasks: [O]
Install boot loader:[O]
Overall install:[E]
Comments/Problems:
Overall, went fine, just a couple tricky bits with wifi, and a problem
of my own making trying to enable encrypted /boot...
Had to load a USB stick with non-free firmware for the
firmware-iwlwifi.deb on it to do install over wifi. Worked fine after
I found the correct .deb file.
Also wifi related, on first boot, there was no wifi device configured,
and I did not happen to install anything that pulled in
network-manager or something similar. I am not sure I even did an
install using wifi before, so this was a bit of a surprise. There were
wpasupplicant and maybe sufficient things to actually manually set up
wifi, but I worked around having to do that by plugging in a USB
ethernet adapter and installed network-manager, and then wifi just
worked fine via network-manager.
I tried manually partitioning to get an encrypted /boot partition, and
that did not end up working really. It warned me about it, and I
ignored the warnings. It did not give me a warning when I tried
installing without a boot partition with LVM on a luks2 encrypted
device. Managed to get it to work after the fact with an unencrypted
/boot partition running d-i in rescue mode.
Once it was booted, I managed to switch to an encrypted /boot after a
few more false starts by creating a crypsetup device using luks1
headers, probably with reduced security, but grub is able to actually
decrypt luks1... process was something roughly along these lines...
# format for luks1 so grub can decrypt the partition, using
# /etc/cryptkeys/nvme0n1p2 as a key file
cryptsetup luksFormat --type luks1 /dev/nvme0n1p2 /etc/cryptkeys/nvme0n1p2
# Add a passphrase I can actually type and maybe even remember
cryptsetup luksAddKey /dev/nvme0n1p2 --key-file /etc/cryptkeys/nvme0n1p2
# an an approrpiate entry in /etc/crypttab get
echo 'nvme0n1p2_crypt UUID=XXX...YYY /etc/cryptkeys/nvme0n1p2 luks,discard' >
/etc/crypttab
# start the device
cryptsetup open /dev/nvme0n1p2 nvme0n1p2_crypt
# Enable grub encryption
echo 'GRUB_ENABLE_CRYPTODISK=y' > /etc/grub.d/cryptdisk.cfg
# mkfs.ext4 on the device, add to fstab, mount, copy /boot files,
# update-grub, grub-install, etc...
Going through all that trouble feels a little silly, because /boot/efi
is still entirely unencrypted, but, well, shored up what I could, I
guess.
live well,
vagrant
-- Package-specific info:
==
Installer lsb-release:
==
DISTRIB_ID=Debian
DISTRIB_DESCRIPTION="Debian GNU/Linux installer"
DISTRIB_RELEASE="12 (bookworm) - installer build 20230101-00:01:34"
X_INSTALLATION_MEDIUM=netboot
==
Installer hardware-summary:
==
uname -a: Linux wireframe 6.0.0-6-amd64 #1 SMP PREEMPT_DYNAMIC Debian 6.0.12-1
(2022-12-09) x86_64 GNU/Linux
lspci -knn: 00:00.0 Host bridge [0600]: Intel Corporation 11th Gen Core
Processor Host Bridge/DRAM Registers [8086:9a14] (rev 01)
lspci -knn: Subsystem: Device [f111:0001]
lspci -knn: 00:02.0 VGA compatible controller [0300]: Intel Corporation
TigerLake-LP GT2 [Iris Xe Graphics] [8086:9a49] (rev 01)
lspci -knn: Subsystem: Device [f111:0001]
lspci -knn: 00:04.0 Signal processing controller [1180]: Intel Corporation
TigerLake-LP Dynamic Tuning Processor Participant [8086:9a03] (rev 01)
lspci -knn: Subsystem: Device [f111:0001]
lspci -knn: