Successful boot!
This commit is contained in:
parent
b9a74a70d7
commit
1d6e7c3e8a
|
@ -22,4 +22,5 @@ Checksum=true
|
|||
|
||||
[Host]
|
||||
Incremental=true
|
||||
ToolsTree=default
|
||||
ToolsTree=default
|
||||
RuntimeSize=12G
|
|
@ -4,7 +4,6 @@ Format=directory
|
|||
[Content]
|
||||
Bootable=no
|
||||
SourceDateEpoch=0
|
||||
MakeInitrd=no
|
||||
CleanPackageMetadata=no
|
||||
Packages=
|
||||
# Minimal package set to define a basic Arch Linux installation
|
||||
|
|
|
@ -1,5 +1,6 @@
|
|||
# vim:set ft=sh
|
||||
HOOKS=(
|
||||
base
|
||||
systemd
|
||||
keyboard
|
||||
modconf
|
||||
|
|
|
@ -1,8 +0,0 @@
|
|||
# mkinitcpio preset file for the '%PKGBASE%' package
|
||||
|
||||
ALL_kver="/boot/vmlinuz-%PKGBASE%"
|
||||
ALL_microcode=(/boot/*-ucode.img)
|
||||
|
||||
PRESETS=('default')
|
||||
|
||||
default_image="/boot/initramfs-%PKGBASE%.img"
|
|
@ -1 +0,0 @@
|
|||
KEYMAP=de
|
|
@ -9,6 +9,7 @@ MakeInitrd=yes
|
|||
CleanPackageMetadata=yes
|
||||
Packages=
|
||||
systemd
|
||||
udev
|
||||
util-linux
|
||||
# for emergency logins
|
||||
bash
|
||||
|
|
1
mkosi.images/initrd/mkosi.extra/etc/crypttab
Normal file
1
mkosi.images/initrd/mkosi.extra/etc/crypttab
Normal file
|
@ -0,0 +1 @@
|
|||
root /dev/gpt-auto-root-luks -
|
1
mkosi.images/initrd/mkosi.extra/etc/fstab
Normal file
1
mkosi.images/initrd/mkosi.extra/etc/fstab
Normal file
|
@ -0,0 +1 @@
|
|||
/dev/mapper/root /sysroot btrfs defaults,x-mount.mkdir 0 1
|
|
@ -25,18 +25,25 @@ Packages=
|
|||
|
||||
KernelCommandLine=
|
||||
# Output fewer messages during boot. Errors will not be suppressed.
|
||||
quiet
|
||||
# prevents access to a shell if boot fails
|
||||
#quiet
|
||||
# prevent access to a shell if boot fails
|
||||
rd.shell=0
|
||||
# prevents access to a shell if the root is corrupt
|
||||
# prevent access to a shell if the root is corrupt
|
||||
rd.emergency=reboot
|
||||
# prevents untrusted code from running (the default behavior will just print an error to dmesg)
|
||||
systemd.verity_root_options=panic-on-corruption
|
||||
# reboots system 30 seconds after a kernel panic
|
||||
# reboot system 30 seconds after a kernel panic
|
||||
panic=30
|
||||
# enable apparmor (enables kernel lockdown mode, requires signed kernel modules)
|
||||
lsm=landlock,lockdown,yama,integrity,apparmor,bpf audit=1 audit_backlog_limit=256
|
||||
lsm=landlock,lockdown,yama,integrity,apparmor,bpf audit=1 audit_backlog_limit=8192
|
||||
# enable automatic unlock of rootfs via TPM2 security chip
|
||||
rd.luks.options=tpm2-device=auto
|
||||
# enable unlock of rootfs via FIDO2 security token
|
||||
rd.luks.options=fido2-device=auto
|
||||
# try automatic unlock of rootfs with empty password
|
||||
# prevent timeout for entering the password during boot
|
||||
# bypass dm-crypt internal workqueue and process read and write requests synchronously
|
||||
rd.luks.options=tpm2-device=auto,fido2-device=auto,try-empty-password=true,timeout=0,no-read-workqueue,no-write-workqueue
|
||||
rootflags=x-systemd.device-timeout=0
|
||||
# explicitly use rootfs from fstab (workaround current systemd limitations)
|
||||
root=fstab
|
||||
# use German keyboard layout
|
||||
vconsole.keymap=de-latin1
|
|
@ -4,6 +4,8 @@ Format=btrfs
|
|||
FactoryReset=true
|
||||
Label=%M-root
|
||||
Encrypt=key-file
|
||||
SizeMinBytes=5G
|
||||
MakeDirectories=/usr
|
||||
MakeDirectories=/etc
|
||||
MakeDirectories=/var
|
||||
MakeDirectories=/var/log
|
||||
|
|
|
@ -0,0 +1,9 @@
|
|||
[Partition]
|
||||
Type=swap
|
||||
Format=swap
|
||||
FactoryReset=true
|
||||
Encrypt=key-file
|
||||
SizeMinBytes=1G
|
||||
SizeMaxBytes=4G
|
||||
Weight=333
|
||||
Priority=1
|
Loading…
Reference in a new issue