Introduction
+ Linux Mint Debian Edition is the alternate version of Linux Mint, but built on a Debian base. The result is + quite pleasant: the stability of desktop Debian, but with the rough edges polished smooth, nicely configured + fonts and ui, and all the multi-media codecs included.
+ ++ Unfortunately, the LMDE 3 installer does not support disk encryption, but manually setting this up by hand + is pretty straightforward. On the other hand, manually setting up your partitions by hand allows extra + freedom and flexibility, and so I have chosen a simple luks-encrypted "/" partition formatted xfs.
+ ++ As far as swap is concerned, my preference is to use a swap file instead of a swap partition. Having a swap + file instead of a swap partition is more flexible because obviously you can easily recreate a different size + swap file whenever you like (or use none at all), and the encryption requires no extra set up because the "/" + partition is encrypted anyway.
+ ++ Will this work with a dual-boot set up? Of course! Because you have to manually configure the partitions anyway, + just arrange them exactly how you would need for dual-boot. +
+ ++ Assumes uefi-configured boot, with separate partitions for /boot formatted ext4, /boot/efi formatted fat32, + and a regular luks-encrypted partition for "/" formatted xfs. +
+Prepare The Installation Media
+ Visit the Linux Mint Website and + download the iso file for LMDE 3 64bit. Download from + torrents if possible, to save bandwidth. +
+-
+
- verify the sha256 sum of the iso file
+sha256sum lmde-3-201808-cinnamon-64bit.iso+
+
+ Identify the thumb drive you are going to install from. +
+-
+
- type
lsblk, note the output, and then insert the thumb drive
+ - then type
lsblkagain and note the additional output
+
# lsblk /dev/sdb +NAME MAJ:MIN RM SIZE RO TYPE MOUNTPOINT +sdb 8:32 1 14.5G 0 disk +├─sdb1 8:33 1 3.4G 0 part /media/trent/Debian 9.6.0 amd64 1 +└─sdb2 8:34 1 416K 0 part+
+ In the above example output we see that our thumb drive is identified as /dev/sdb, + and partition /dev/sdb1 is automatically mounted. +
++ Take special care that you have accurately identified the thumb drive before proceeding. + For the sake of example, we will proceed on the assumption that our thumb drive is + identified as /dev/sdb, but you need to compensate accordingly. +
+-
+
- unmount any partition of the thumb drive that are automatically mounted
+umount /dev/sdb1+
+ - write the disk image to the thumb drive
+ddrescue -D --force lmde-3-201808-cinnamon-64bit.iso /dev/sdb+
+
Boot The Install Disc
-
+
- boot into bios to disable fastboot and secureboot +
- invoke your machine's device boot menu and boot the install disc in uefi mode +
- confirm that you have booted in uefi mode by listing efivars
+ls /sys/firmware/efi/vars+
+
Partition The Hard Drive
+ If you recall we are assuming the target hard drive is /dev/sda, as an example. + So, make adjustments as necessary.
++ If you would rather use a different partition tool, make sure the efi partition + is an efi partition type, and you definitely need a separate /boot partition.
+-
+
- if needed you can clear the drive with wipefs
+wipefs --all /dev/sda+
+ - create a new partition table for /dev/sda
+sgdisk /dev/sda -o+
+ - create a new efi partition for /dev/sda
+sgdisk /dev/sda --new=1::+512MiB --typecode=1:ef00+
+ - create a new /boot partition for /dev/sda
+sgdisk /dev/sda --new=2::+1G+
+ - create a new / partition for /dev/sda
+sgdisk /dev/sda --new=3+
+ - verify your partition work
+sgdisk /dev/sda -p+
+ - format the efi partition
+makefs.vfat -F32 /dev/sda1+
+ - format the /boot partition
+makefs.ext4 /dev/sda2+
+ - encrypt the / partition, you will be prompted for a password
+cryptsetup -y -v luksFormat --type luks2 /dev/sda3+
+ - decrypt the / partition, you will be prompted for a password
+cryptsetup open /dev/sda3 cryptroot+
+ - format the / device
+makefs.xfs /dev/mapper/cryptroot+
+
Mount The Hard Drive
+ This takes advantage of expert mode in the LMDE installer.
+-
+
- create an /target directory
+mkdir /target+
+ - mount the "/" device at /target
+mount /dev/mapper/cryptroot /target+
+ - create an /target/boot directory
+mkdir /target/boot+
+ - mount the /boot partition at /target/boot
+mount /dev/sda2 /target/boot+
+ - create an /target/boot/efi directory
+mkdir /target/boot/efi+
+ - mount the efi partition at /target/boot/efi
+mount /dev/sda1 /target/boot/efi+
+
Run The Installer App
+ At this point you're ready to run the live installer. You can click the disc + icon on the desktop.
++ The first three pages of the live-installer cover Language,Timezone, and Keymap. + The fourth page of the live-installer covers name, password, and hostname. + On the fifth page of the live-installer, you come to a partition configuration page. + But there is nothing to do, so select expert mode at the bottom of the page. +
++ Again select forward, and when you come to the page where you configure the + location to install grub, that should be the efi partition, i.e. /dev/sda1.
++ Select forward one more time, and then select install. + The installation will run for a few minutes and will then pause. During the pause you need + to manually configure fstab and crypttab.
+Configure Fstab
-
+
- find the UUID of the efi partition
+blkid /dev/sda1 -s UUID+
+ - find the UUID of the /boot partition
+blkid /dev/sda2 -s UUID+
+ - find the UUID of the "/" device
+blkid /dev/mapper/cryptroot -s UUID+
+
+ And when you find the correct UUID numbers, use them to + configure /etc/fstab which is actually currently at /target/etc/fstab.
+# /etc/fstab +############### +# efi partition +# run the command `blkid /dev/sda1 -s UUID` which outputs +# /dev/sda1: UUID="17C4-215D", from which derive +UUID=17C4-215D /boot/efi vfat defaults 0 2 + +# /boot partition +# run the command `blkid /dev/sda2 -s UUID` which outputs +# /dev/sda2: UUID="f2509fff-4854-4721-b546-0274c89e6aec", from which derive +UUID=f2509fff-4854-4721-b546-0274c89e6aec /boot ext4 defaults 0 2 + +# "/" device +# run the command `blkid /dev/mapper/cryptroot -s UUID` which outputs +# /dev/mapper/cryptroot: UUID="72241377-cd65-43a6-8363-1afce5bd93f6", from which derive +UUID=72241377-cd65-43a6-8363-1afce5bd93f6 / xfs defaults 0 1+ +
Configure Crypttab
+ But before the file systems can be mounted, crypttab needs to mount /dev/sda3 + at /dev/mapper/cryptroot. + Configure /etc/crypttab which is actually currently at /target/etc/crypttab +
-
+
- find the UUID of the partition that will be mounted at /dev/mapper/crypttab
+blkid /dev/sda3 -s UUID+
+
+ And when you find the correct UUID number for /dev/sda3, use that to + configure /etc/crypttab which is actually currently at /target/etc/crypttab.
+# /etc/crypttab +# run the command `blkid /dev/sda3 -s UUID` which outputs +# /dev/sdb3: UUID="da3e0967-711f-4159-85ac-7d5743a75201", from which derive +# <target name> <source device> <key file> <options> +cryptroot UUID=da3e0967-711f-4159-85ac-7d5743a75201 none luks+ +
Resume Installer App
+ At this point finish running the live installer, and you'll be done.
+UEFI Fix
+ On some machines, such as HP Laptops, UEFI is broken and efi boot entries don't persist.
+-
+
- remount the efi parition
+mount /dev/sda1 /mnt/ ; cd /mnt/EFI/+
+ - create a default efi executable
+mkdir BOOT ; cp linuxmint/grubx64.efi BOOT/BOOTX64.efi+
+
Optional Swap File
+ Visit the Arch Wiki and + they will hook you up. +
+