BIOS tweaks¶
First of all I went through the BIOS and did some basic securing by re-arranging the boot order1, disabling boot and wake from LAN, and password-protected the BIOS. If you have not done that on your laptop before and remotely concerned about security, I urge you to do it to prevent random people to boot from other devices.
Hat tip to Raphaël Jakse who reminded me to check the BIOS if it is possible to enable always-on USB there, which I complained about missing in a previous blog post. Unfortunately it is not.
I also list all the settings in the BIOS, if you are interested.
Main:
- System Time
- System Date
Advanced:
- Wake on LAN/WLAN – enable / disable
- Fn Lock for F1 to F12 – enable / disable
- Microphone – enable / disable
- Webcam – enable / disable
- Wifi – enable / disable
- Bluetooth – enable / disable
- S3 / Modern Standby Support
- Battery Protection Mode (to protect from high voltage)– high capacity / balanced / healthy
- Operating Mode (for the CPU and fan) – silent / performance
Security:
- Change Administrator Password
- Change User Password
- Password Login Control – setup / boot / both
- Secure Boot – enable / disable
Boot:
- LAN Remote Boot – enable / disable
- Boot Option Priorities – a list of all devices
Base install¶
So I booted into the EndeavourOS LiveUSB and stared the installer … here goes nothing!
Packages & Boot manager¶
In the Desktop and Packages sections I chose KDE Plasma (with X.org for now), and also checked the printing package, as well as Zen Kernel. I hear for certain use cases Zen is a better Linux kernel than the mainline/vanilla one, so I will try both.
I chose Grub as the boot loader and manager, because the installer hinted that it would be the best choice for booting off Btrfs snapshots. And a quick internet search also confirmed that booting from a snapshot in SystemD-boot is a bit trickier.
After discussing with the gurus on #btrfs IRC channel, I learnt about rEFInd as a great boot manager option. It leverages EFI as the boot loader (so LUKS2 is not an issue), has auto-detection features and is themeable too boot! It is still in beta, so that may be of concern. I may switch to it eventually, but will sleep it a few times over.
Partitioning¶
When it comes to Partitioning, things have started to become a bit more exciting (and dangerous). I decided to keep it (relatively) simple and risk that I will need to re-install everything once the
At this stage I have only one SSD in the laptop, as the Slimbook team instructed me to not open up the machine for 15 days in (unlikely) case there is a malfunction and I would need to send it back for repairs.
My initial plan was to divide my 1 TB SSD into cca.:
- 1 GB – ESP
- 999 GB – LUKS, and within it:
- 990 GB – Btrfs – subvolumes to follow
- 9 GB – swap
Luckily, this is exactly what Calamares installer does by default when I selected Erase disk with the options Swap (no Hibernate) and btrfs; and clicked the Encrypt system checkbox :)
Again, I checked with the gurus on #btrfs IRC channel, and thumbed-up the idea as a sane one.
Create a space reserve tank
When you add a new device to Btrfs it is advisable to ensure you have enough space unallocated for btrfs balance to operate.
The gurus on #btrfs IRC channel suggested to run the following command on each drive to make sure Btrfs always reserves 10 GB as unallocated:
btrfs filesystem resize -10G / (increase accordingly if you have more drives).
I also learnt about the Discoverable Partitions Specification, but will leave that for another day, in case the standard EndeavourOS install does not handle that by default already.
Username & Hostname¶
Finally, the most important bit – the naming, the baptism, the first word of the new machine.
Many people I know have a system how they name their computers, and so do I.
Since basically forever I name my machines by mythological people and creatures in alphabetical order.
This one is called Leza – supreme deity of several Bantu peoples.
Trip to BIOS again¶
At this stage I went back to BIOS and changed the boot order to only boot from the SSD.
(Interim) success & Plans¶
\o/ Success!!
Well, at least for today …
Calamares even automatically created the following Btrfs subvolumes, so I do not have to:
- @ –
/ - @home –
/home - @cache –
/var/cache - @log –
/var/log
As well as a Tmpfs partition mounted to /tmp.
All in all, a great start. I am surprised how easy this was with EndeavourOS – I expected much more manual work.
In the next few days I will finalise the installation and tweaking. Pretty soon I should dive into Btrfs snapshots.
After that, I will introduce the second SSD and turn them into a RAID-1.
hook out → day two with Slimbook, so far so good
-
Typically I disable all boot devices except one, and change that only if needed. ↩