User:Vokiel/Razer-Blade-15-2020
Razer Blade 15 Base Model (Early 2020) Installation Log
This page is an installation log of gentoo linux on a Razer Blade 15 Base Model with an OLED. I won't go into detailed technical explanations in this log. I may drop a number of links which may eventually die and become inaccessible. I will however document everything that I've done, what worked well and what didn't. I will try to log everything in a neutral position as much as possible. I'll set my own requirements, and make my own choices. Some of which will most likely be wrong, so don't take this page as a Guide without asking for multiple opinions on it. If you find some problematic setup, don't hesitate to share it under the Discussions tab.
This is the product string I get from dmidecode:
user $
dmidecode -s system-product-name
Blade 15 Base Model (Early 2020) - RZ09-0328
Requirements
- Must not dual boot Windows or any other system.
- Must use an EFI boot partition on a GPT disk.
- Must use an LVM partition setup inside a LUKS container.
- Must use a key file to unlock the LUKS partition from a USB thumb drive or key.
- Should be able to use a normal fallback password
- Must be able to suspend/hibernate
- Must use the Nvidia proprietary driver with Optimus.
- Should use OpenRC
- Should use OpenRazer
- Should use Enlightenment
- First alternative is i3
- Second alternative is Xfce
- Should use GRUB with custom Razer theme
- Should use SDDM with custom Razer theme
Making a Bootable EFI USB Key
Originally from Sakaki's EFI Install Guide
user $
mkdir tmp
user $
cd tmp
user $
wget -c http://distfiles.gentoo.org/releases/amd64/autobuilds/20210502T214503Z/install-amd64-minimal-20210502T214503Z.iso
user $
wget -c http://distfiles.gentoo.org/releases/amd64/autobuilds/20210502T214503Z/install-amd64-minimal-20210502T214503Z.iso.CONTENTS.gz
user $
wget -c http://distfiles.gentoo.org/releases/amd64/autobuilds/20210502T214503Z/install-amd64-minimal-20210502T214503Z.iso.DIGESTS.asc
user $
gpg --keyserver hkps.pool.sks-keyservers.net --recv-key 2D182910
user $
gpg --fingerprint 2D182910
pub rsa4096 2009-08-25 [SC] [expires: 2022-07-01] 13EB BDBE DE7A 1277 5DFD B1BA BB57 2E0E 2D18 2910 uid [ unknown] Gentoo Linux Release Engineering (Automated Weekly Release Key) <releng@gentoo.org> sub rsa2048 2019-02-23 [S] [expires: 2022-07-01]
user $
gpg --verify install-amd64-minimal-20210502T214503Z.iso.DIGESTS.asc
gpg: Signature made Sun 02 May 2021 07:41:05 PM EDT gpg: using RSA key 534E4209AB49EEE1C19D96162C44695DB9F6043D gpg: Good signature from "Gentoo Linux Release Engineering (Automated Weekly Release Key) <releng@gentoo.org>" [unknown] gpg: WARNING: This key is not certified with a trusted signature! gpg: There is no indication that the signature belongs to the owner. Primary key fingerprint: 13EB BDBE DE7A 1277 5DFD B1BA BB57 2E0E 2D18 2910 Subkey fingerprint: 534E 4209 AB49 EEE1 C19D 9616 2C44 695D B9F6 043D
user $
awk '/SHA512 HASH/{getline;print}' install-amd64-minimal-20210502T214503Z.iso.DIGESTS.asc | sha512sum --check
install-amd64-minimal-20210502T214503Z.iso: OK install-amd64-minimal-20210502T214503Z.iso.CONTENTS.gz: OK
user $
su -
root #
cd /home/.../tmp
root #
dd if=install-amd64-minimal-20210502T214503Z.iso of=/dev/sda bs=8192k status=progress && sync
All the above worked fine, however I had to use a different key server (hkps.pool.sks-keyservers.net) to retrieve the public key from Gentoo Release Engineering. Found this domain on some random forum post. Booting the Razer was successful with the livecd prompt showing up.
Connecting to the Network
Basically followed the Network Guide, but this always fails on WIFI for various reasons. My network is under WPA-PSK, so I used net-setup and followed the setup wizard. This gave me an Unreachable Network problem, which I had to fix by adding the default gateway manually with:
root #
route add default gw 192.168.1.1
I didn't need to install or deal with wpa_supplicant to have a connection initialized with net-setup
Creating the Partitions
LVM will be used on this laptop, so only 2 partitions are really needed: The standard EFI partition required for booting in UEFI mode and the actual Luks encrypted partition that will contain all other partitions.
root #
fdisk /dev/nvme0n1
With fdisk, we create a new GPT partition table and dump whatever was there before (g). After, it's simply a matter of creating an EFI partition (n, default, default, +512M, t, 1) and then an extended Linux Filesystem partition. (n, default, default, default)
This is a log. Only do this if you don't want to dual boot
root #
fdisk -l /dev/nvme0n1
Disk /dev/nvme0n1: 476.94 Gib, 512110190592 bytes, 1000215216 sectors Disk model: NVMe CA5-8D512 Units: sectors of 1 * 512 = 512 bytes Sector size (logical/physical): 512 bytes / 512 bytes I/O size (minimum/optimal): 512 bytes / 512 bytes Disklabel type: gpt Disk identifier: ... Device Start End Sectors Size Type /dev/nvme0n1p1 2048 1050623 1048576 512M EFI System /dev/nvme0n1p2 1050624 1000215182 999164559 476.4G Linux filesystem
EFI Partition
Needs to be vfat according to the EFI System Partition Guide.
root #
mkfs.vfat -F 32 /dev/nvme0n1p1
LUKS Partition
First step is to erase or randomize the disk data to avoid usage pattern attacks. Taken from Arch's DM-crypt Drive Preparation
root #
cryptsetup open --type plain -d /dev/urandom /dev/nvme0n1p2 crypt-wipe
root #
dd if=/dev/zero of=/dev/mapper/crypt-wipe status=progress
root #
cryptsetup close crypt-wipe
Encryption scheme is chosen to match cryptsetup's default values:
root #
cryptsetup luksFormat /dev/nvme0n1p2
WARNING! ======== This will overwrite data on /dev/nvme0n1p2 irrevocably. Are you sure? (Type 'yes' in capital letters): YES Enter passphrase for /dev/nvme0n1p2:
At this stage a simple passphrase is used to keep things simple. An encrypted key file will be added later.
root #
cryptsetup luksOpen /dev/nvme0n1p2 gentoo
Enter passphrase for /dev/nvme0n1p2:
LVM Partitions
The LVM partitions created are: swap, /, /var, /var/log, /var/tmp, /home and a toy partition on /media
root #
pvcreate /dev/mapper/gentoo
root #
vgcreate vg0 /dev/mapper/gentoo
root #
lvcreate --size 16G --name swap vg0
root #
lvcreate --size 48G --name root vg0
root #
lvcreate --size 12G --name var vg0
root #
lvcreate --size 8G --name varlog vg0
root #
lvcreate --size 12G --name vartmp vg0
root #
lvcreate --size 72G --name home vg0
root #
lvcreate --extents 100%FREE --name media vg0
root #
vgchange --available y
root #
pvdisplay
--- Physical volume --- PV Name /dev/mapper/gentoo VG Name vg0 PV Size 476.42 GiB / not usable <1.32 MiB ...
root #
vgdisplay
--- Volume group --- VG Name vg0 System ID Format lvm2 ...
root #
lvdisplay
--- Logical volume --- LV Path /dev/vg0/swap LV Name swap VG Name vg0 ... LV Size 16.00 GiB --- Logical volume --- LV Path /dev/vg0/root LV Name root VG Name vg0 ... LV Size 48.00 GiB --- Logical volume --- LV Path /dev/vg0/var LV Name var VG Name vg0 ... LV Size 12.00 GiB --- Logical volume --- LV Path /dev/vg0/varlog LV Name varlog VG Name vg0 ... LV Size 8.00 GiB --- Logical volume --- LV Path /dev/vg0/vartmp LV Name vartmp VG Name vg0 ... LV Size 12.00 GiB --- Logical volume --- LV Path /dev/vg0/home LV Name home VG Name vg0 ... LV Size 72.00 GiB --- Logical volume --- LV Path /dev/vg0/media LV Name media VG Name vg0 ... LV Size 308.42 GiB
Format all partitions, XFS will be used for all /var reads/writes whereas the other file systems can just use EXT4:
root #
mkswap -L "swap" /dev/mapper/vg0-swap
root #
mkfs.ext4 -L "root" /dev/mapper/vg0-root
root #
mkfs.ext4 -L "root" /dev/mapper/vg0-home
root #
mkfs.ext4 -L "root" /dev/mapper/vg0-media
root #
mkfs.xfs -l internal,size=128m -d agcount=2 /dev/mapper/vg0-var
root #
mkfs.xfs -l internal,size=128m -d agcount=2 /dev/mapper/vg0-varlog
root #
mkfs.xfs -l internal,size=128m -d agcount=2 /dev/mapper/vg0-vartmp
Installing Gentoo from Stage 3
Following the Handbook closely:
root #
swapon -v /dev/mapper/vg0-swap
root #
mount -v -t ext4 /dev/mapper/vg0-root /mnt/gentoo
root #
mkdir -p /mnt/gentoo/var/{log,tmp}
root #
mount -v -t xfs /dev/mapper/vg0-var /mnt/gentoo/var
root #
mount -v -t xfs /dev/mapper/vg0-varlog /mnt/gentoo/var/log
root #
mount -v -t xfs /dev/mapper/vg0-vartmp /mnt/gentoo/var/tmp
root #
mkdir /mnt/gentoo/{boot,home,media}
root #
mount /dev/nvme0n1p1 /mnt/gentoo/boot
root #
mount -v -t ext4 /dev/mapper/vg0-home /mnt/gentoo/home
root #
mount -v -t ext4 /dev/mapper/vg0-media /mnt/gentoo/media
Fetching the installation files and verifying their signature:
root #
ntpd -q -g
root #
cd /mnt/gentoo
Same process as with the ISOs, but on the new laptop:
root #
gpg --keyserver hkps.pool.sks-keyservers.net --recv-key 2D182910
root #
gpg --fingerprint 2D182910
pub rsa4096 2009-08-25 [SC] [expires: 2022-07-01] 13EB BDBE DE7A 1277 5DFD B1BA BB57 2E0E 2D18 2910 uid [ unknown] Gentoo Linux Release Engineering (Automated Weekly Release Key) <releng@gentoo.org> sub rsa2048 2019-02-23 [S] [expires: 2022-07-01]
root #
gpg --verify stage3-amd64-20210505T214503Z.tar.xz.DIGESTS.asc
gpg: Signature made Wed 05 May 2021 07:01:05 PM EDT gpg: using RSA key 534E4209AB49EEE1C19D96162C44695DB9F6043D gpg: Good signature from "Gentoo Linux Release Engineering (Automated Weekly Release Key) <releng@gentoo.org>" [unknown] gpg: WARNING: This key is not certified with a trusted signature! gpg: There is no indication that the signature belongs to the owner. Primary key fingerprint: 13EB BDBE DE7A 1277 5DFD B1BA BB57 2E0E 2D18 2910 Subkey fingerprint: 534E 4209 AB49 EEE1 C19D 9616 2C44 695D B9F6 043D
root #
awk '/SHA512 HASH/{getline;print}' stage3-amd64-20210505T214503Z.tar.xz.DIGESTS.asc | sha512sum --check
stage3-amd64-20210505T214503Z.tar.xz: OK stage3-amd64-20210505T214503Z.tar.xz.CONTENTS.gz: OK
root #
tar xpvf stage3-amd64-20210505T214503Z.tar.xz --xattrs-include='*.*' --numeric-owner
Configuring make.conf
This is a minimal make.conf file:
# These settings were set by the catalyst build script that automatically
# built this stage.
# Please consult /usr/share/portage/config/make.conf.example for a more
# detailed example.
COMMON_FLAGS="-march=skylake -O2 -pipe"
CFLAGS="${COMMON_FLAGS}"
CXXFLAGS="${COMMON_FLAGS}"
FCFLAGS="${COMMON_FLAGS}"
FFLAGS="${COMMON_FLAGS}"
CPU_FLAGS_X86="aes avx avx2 f16c fma3 mmx mmxext pclmul popcnt rdrand sse sse2 sse3 sse4_1 sse4_2 ssse3"
MKOPTS="-j5"
# NOTE: This stage was built with the bindist Use flag enabled
PORTDIR="/var/db/repos/gentoo"
DISTDIR="/var/cache/distfiles"
PKGDIR="/var/cache/binpkgs"
# This sets the language of build output to English.
# Please keep this setting intact when reporting bugs.
LC_MESSAGES=C
GENTOO_MIRRORS="https://mirror.csclub.uwaterloo.ca/gentoo-distfiles/"
ACCEPT_LICENSE="*"
I avoid setting USE flags globally. The only exception is X and this flag will be added later in the log. Notice I don't add VIDEO_CARDS or INPUT_DEVICES at this time either.
I accept all licenses, avoiding having to figure out license names individually or in groups.
Helper commands that I used:
root #
grep -m1 -A3 "vendor_id" /proc/cpuinfo
vendor_id : GenuineIntel cpu family : 6 model : 165 model name : Intel(R) Core(TM) i7-10750H CPU @ 2.60GHz
From Safe CFLAGS, that is -march=skylake
root #
emerge --ask cpuid2cpuflags
root #
cpuid2cpuflags
CPU_FLAGS_X86: aes avx avx2 f16c fma3 mmx mmxext pclmul popcnt rdrand sse sse2 sse3 sse4_1 sse4_2 ssse3
Chroot to /mnt/gentoo
Largely from the Installation Guide:
root #
mirrorselect -i -o >> /mnt/gentoo/etc/portage/make.conf
root #
mkdir -p /mnt/gentoo/etc/portage/repos.conf
root #
cp /mnt/gentoo/usr/share/portage/config/repos.conf /mnt/gentoo/etc/portage/repos.conf/gentoo.conf
root #
cp --dereference /etc/resolv.conf /mnt/gentoo/etc/
root #
mount --types proc /proc /mnt/gentoo/proc/
root #
mount --rbind /sys /mnt/gentoo/sys
root #
mount --rbind /sys /mnt/gentoo/sys
root #
mount --rbind /dev/ /mnt/gentoo/dev
root #
chroot /mnt/gentoo /bin/bash
root #
source /etc/profile
First I picked an rsync mirror from the list, but below when doing the first sync, this would fail. So I had to redo the selection for an https address
root #
export PS1="(chroot) ${PS1}"
(chroot) root #
emerge-webrsync
(chroot) root #
eselect profile list
Available profile symlink targets: [1] default/linux/amd64/17.1 (stable) [2] default/linux/amd64/17.1/selinux (stable) [3] default/linux/amd64/17.1/hardened (stable) [4] default/linux/amd64/17.1/hardened/selinux (stable) [5] default/linux/amd64/17.1/desktop (stable) [6] default/linux/amd64/17.1/desktop/gnome (stable) [7] default/linux/amd64/17.1/desktop/gnome/systemd (stable) [8] default/linux/amd64/17.1/desktop/plasma (stable) [9] default/linux/amd64/17.1/desktop/plasma/systemd (stable) ...
Requirements on this build are made to avoid fat environments like Gnome, KDE and SystemD. Starting leaner with default/linux/amd64/17.1/desktop (stable).
(chroot) root #
eselect profile set 5
(chroot) root #
emerge --ask --verbose --update --deep --newuse @world
(chroot) root #
echo "Canada/Eastern" > /etc/timezone
(chroot) root #
emerge --config sys-libs/timezone-data
(chroot) root #
nano -w /etc/locale.gen
(chroot) root #
locale-gen
(chroot) root #
eselect locale list
[1] C [2] cs_CZ [3] cs_CZ.iso88592 [4] cs_CZ.utf8 [5] C.utf8 [6] da_DK [7] da_DK.iso88591 [8] da_DK.utf8 [9] de_DE [10] de_DE.iso88591 [11] de_DE.utf8 [12] en_CA [13] en_CA.iso88591 [14] en_CA.utf8 [15] en_US [16] en_US.iso88591 [17] en_US.utf8 * ...
Configuring the kernel
(chroot) root #
emerge --ask sys-apps/pciutils
(chroot) root #
emerge --ask sys-kernel/gentoo-sources
(chroot) root #
eselect kernel list
Available kernel symlink targets: [1] linux-5.10.27-gentoo *
(chroot) root #
cd /usr/src/linux
(chroot) root #
make menuconfig
(chroot) root #
lspci -v|less
(chroot) root #
lsmod
There's no best way to configure a kernel, you have to immerse yourself with Linux and do some research. This is by no mean authoritative. I went on pure instinct, coming up with some search hits, and deciding whether it might be needed or useful. I start by what I know I'll need and remove what i know I won't.
EFI partition scheme, from EFI System Partition and NVMe:
-*- Enable the block layer --->
Partition Types --->
[*] Advanced partition selection
[*] PC BIOS (MSDOS partition tables) support
[*] EFI GUID Partition support
Device drivers --->
<*> NVM Express block device
Cryptsetup and LVM options, largely from Dm-crypt and LVM:
Device Drivers --->
[*] Multiple devices driver support (RAID and LVM) --->
< > RAID support
<*> Device mapper support
<*> Crypt target support
<*> Snapshot target
< > Zero target
<*> Multipath target
<*> I/O Path Selector based on the number of in-flight I/Os
<*> I/O Path Selector based on the service time
Adding iwd options with cryptsetup options:
[*] Cryptographic API --->
{*} ECDH algorithm
*** Block modes ***
-*- ECB support
<*> LRW support
{*} XTS support
-*- ESSIV support for block encryption
*** Digest ***
<M> CRC32c INTEL hardware acceleration
{M} CRC32 CRC algorithm
<M> CRC32 PCLMULQDQ hardware acceleration
<M> xxHash hash algorithm
<M> CRCT10DIF algorithm
{M} MD4 digest algorithm
<*> RIPEMD-160 digest algorithm
<*> SHA1 digest algorithm
<*> SHA256 digest algorithm (SSSE3/AVX/AVX2/SHA-NI)
<*> SHA512 digest algorithm (SSSE3/AVX/AVX2)
-*- SHA384 and SHA512 digest algorithms
<*> Whirlpool digest algorithms
<M> GHASH hash function (CLMUL-NI accelerated)
<M> AES cipher algorithms (AES-NI)
<M> ARC4 cipher algorithm
<M> DES and Triple DES EDE cipher algorithms
<M> Triple DES EDE cipher algorithm (x86-64)
{*} Serpent cipher algorithm
<M> Serpent cipher algorithm (x86_64/SSE2)
{M} Serpent cipher algorithm (x86_64/AVX)
<M> Serpent cipher algorithm (x86_64/AVX2)
<*> Twofish cipher algorithm
{M} Twofish cipher algorithm (x86_64)
{M} Twofish cipher algorithm (x86_64, 3-way parallel)
<M> Twofish cipher algorithm (x86_64/AVX)
*** Compression ***
{M} Deflate compression algorithm
<M> LZO compression algorithm
<M> LZ4 compression algorithm
<M> LZ4HC compression algorithm
*** Random Number Generation ***
-*- NIST SP800-90A DRBG --->
-*- Jitterentropy Non-Deterministic Random Number Generator
<*> User-space interface for hash algorithms
<*> User-space interface for symmetric key cipher algorithms
[*] Enable obsolete cryptographic algorithms for userspace
-*- Asymmetric (public-key cryptographic) key type
<M> PKCS#8 private key parser
Several modules above have been added because they were loaded by the Gentoo Live iso, using lsmod.
From our LVM partitions and other uses: Docker, F2FS, MTP & Samba:
File systems --->
<M> Second extended fs support
[*] Ext2 extended attributes
[*] Ext2 POSIX Access Control Lists
<*> The Extended 4 (ext4) filesystem
[*] Ext4 POSIX Access Control Lists
[*] Ext4 Security Labels
<*> XFS filesystem support
[*] XFS POSIX ACL support
<M> F2FS filesystem support
[*] F2FS Status Information
[*] F2FS extended attributes
[*] F2FS Access Control Lists
-*- Enable POSIX file locking API
[ ] Enable Mandatory file locking
[ ] Quota support
<*> FUSE (Filesystem in Userspace) support
<M> Overlay filesystem support
[*] Overlayfs: follow redirects even if redirects are turned off
Caches --->
<M> General filesystem local caching manager
CD-ROM/DVD Filesystems --->
<M> UDF file system support
DOS/FAT/EXFAT/NT Filesystems --->
<M> NTFS file system support
Pseudo filesystems --->
[*] Sysctl support (/proc/sys)
[*] Enable /proc page monitoring
[*] sysfs file system support
-*- Miscellaneous filesystems --->
-*- Persistent store support
<M> DEFLATE (ZLIB) compression
[*] Network File Systems --->
<M> NFS client support
<M> NFS client support for NFS version 2
<M> NFS client support for NFS version 3
<M> NFS client support for NFS version 4
[*] NFS client support for NFSv4.1
[*] NFS client support for NFSv4.2
<M> SMB3 and CIFS support (advanced network filesystem)
[*] Extended statistics
[*] Support legacy servers which use less secure dialects
[*] Support legacy servers which use weaker LANMAN security
[*] CIFS extended attributes
[*] CIFS POSIX Extensions
Networking support --->
Networking options --->
{M} DNS Resolver support
Network drivers, OpenVPN and Android USB tethering support:
Device Drivers --->
[*] Network device support --->
< > Network console logging support
<*> Universal TUN/TAP device driver support
[*] Ethernet driver support --->
''... Remove everything safe for ...''
[*] Realtek devices
<M> Realtek 8169/8168/8101/8125 ethernet support
<M> USB Network Adapters --->
<M> Multi-purpose USB Networking Framework
-M- CDC Ethernet support (smart devices such as cable modems)
<M> CDC EEM support
<M> Host for RNDIS and ActiveSync devices
<M> Simple USB Network Links (CDC Ethernet subset)
[*] Embedded ARM Linux links (iPaq, ...)
[*] Wireless LAN --->
''... Remove everything safe for ...''
[*] Intel devices
<M> Intel Wireless WiFi Next Gen AGN - Wireless-N/Advanced-N/Ultimate-N (iwlwifi)
<M> Intel Wireless WiFi MVM Firmware support
Adding Bluetooth support:
[*] Networking support --->
<M> Bluetooth subsystem support --->
[*] Bluetooth Classic (BR/EDR) features
<*> RFCOMM protocol support
[*] RFCOMM TTY support
<M> BNEP protocol support
[*] Multicast filter support
[*] Protocol filter support
<*> HIDP protocol support
[*] Bluetooth High Speed (HS) features
[*] Bluetooth Low Energy (LE) features
[*] Enable LED triggers
[*] Enable Microsoft extensions
Cryptographic API --->
<M> Userspace cryptographic algorithm configuration
<M> User-space interface for AEAD cipher algorithms
For Power Management and other Intel features:
Power management and ACPI options --->
[*] Energy Model for CPUs
[*] ACPI (Advanced Configuration and Power Interface) Support --->
[ ] Dock
[*] ACPI Platform Error Interface (APEI)
[*] Power Management Timer Support
CPU Frequency scaling --->
Default CPUFreq governor (performance) --->
< > 'userspace' governor for userspace frequency scaling
< > 'ondemand' cpufreq policy governor
-*- Intel P state control
[ ] Legacy cpb sysfs knob support for AMD CPUs
Device Drivers --->
Misc devices --->
{M} Intel Management Engine Interface
<M> ME Enabled Intel Chipsets
-*- Pin controllers --->
<M> Intel Cannon Lake PCH pinctrl and GPIO driver
-*- GPIO Support --->
[*] Character device (/dev/gpiochipN) support
[*] Support GPIO ABI Version 1
<*> Hardware Monitoring support --->
<M> Intel Core/Core2/Atom temperature sensor
-*- Thermal drivers --->
[*] Fair-share thermal governor
[*] Bang Bang thermal governor
[*] Power allocator thermal governor
Intel thermal drivers --->
<M> Intel PowerClamp idle injection driver
<M> Intel PCH Thermal Reporting Driver
ACPI INT340X thermal drivers --->
<M> ACPI INT340X thermal drivers
<M> ACPI INT3406 display thermal driver
[*] Generic powercap sysfs driver --->
<M> Intel RAPL Support via MSR Interface
For using the proprietary nvidia driver and other platform adjustments:
Processor type and features --->
[ ] Enable MPS table
[ ] Support for extended (non-PC) x86 platforms
[*] Intel Low Power Subsystem Support
[*] Supported processor vendors --->
[*] Support Intel processors
[*] Enable DMI scanning
[*] Machine Check / overheating reporting
[ ] AMD MCE features
[*] CPU microcode loading support
[ ] AMD microcode loading support
[ ] Enable 5-level page tables support
[*] NUMA Memory Allocation and Scheduler Support
[ ] Old style AMD Opteron NUMA detection
Bus options (PCI etc.) --->
[*] Mark VGA/VBE/EFI FB as generic system framebuffer
Character devices --->
[*] Enable TTY
[ ] Non-standard serial port support
<*> IPMI top-level message handler ----
<*> Hardware Random Number Generator Core support --->
< > VIA HW Random Number Generator support
Device Drivers --->
Multifunction device drivers --->
<M> Intel Low Power Subsystem support in ACPI mode
<M> Intel Low Power Subsystem support in PCI mode
Graphics support --->
<*> /dev/agpgart (AGP Support) --->
< > AMD Opteron/Athlon64 on-CPU GART support
-*- Support or frame buffer devices --->
[*] Simple framebuffer support
For ALSA, PulseAudio and The USB Guide:
Device Drivers --->
<*> Sound card support --->
<*> Advanced Linux Sound Architecture --->
-*- Dynamic device file minor numbers
HD-Audio --->
<*> Build Realtek HD-audio codec support
<*> Build HDMI/DisplayPort HD-audio codec support
-*- Enable generic HD-audio codec parser
[*] USB sound devices --->
<*> USB Audio/MIDI driver
For the IMC Networks USB Camera:
(chroot) root #
emerge --ask sys-apps/usbutils
(chroot) root #
lsusb
Bus 006 Device 001: ID 1d6b:0003 Linux Foundation 3.0 root hub Bus 005 Device 001: ID 1d6b:0002 Linux Foundation 2.0 root hub Bus 002 Device 001: ID 1d6b:0003 Linux Foundation 3.0 root hub Bus 001 Device 005: ID 1532:0255 Razer USA, Ltd RZ09-0328, Gaming Laptop [Blade 15 Base Model (2020)] Bus 001 Device 004: ID 13d3:56bd IMC Networks USB Camera
Device Drivers --->
<*> Multimedia support --->
[ ] Filter media drivers
Media drivers --->
[*] Media USB Adapters --->
<M> USB Video Class (UVC)
[ ] UVC input events device support
[ ] Radio Adapters ----
For a DualShock, Logitech devices and the touchpad:
Device Drivers --->
Input device support --->
<*> Mouse interface
<*> Joystick interface
[*] Miscellaneous devices --->
<M> User level driver support
HID support --->
-*- HID bus support
[*] Battery level reporting for HID devices
<*> User-space I/O driver support for HID subsystem
Special HID drivers --->
<*> Logitech devices
<*> Logitech receivers full support
-*- Logitech HID++ devices support
<M> HID Multitouch panels
<*> Sony PS2/3/4 accessories
[*] Sony PS2/3/4 accessories force feedback support
I2C HID support --->
<M> HID over I2C transport layer
Intel ISH HID support --->
<M> Intel Integrated Sensor Hub
For I2C and Thunderbolt on Intel:
Device drivers --->
[*] PCI support --->
[*] PCI Express Port Bus support
[*] PCI Express Hotplug driver
[*] Support for PCI Hotplug --->
[*] ACPI PCI Hotplug driver
I2C support --->
<*> I2C device interface
I2C Hardware Bus support --->
<M> Intel 82801 (ICH/PCH)
<M> NVIDIA GPU I2C controller
<M> Synopsys DesignWare Platform
[*] USB support --->
<M> USB Type-C Support --->
All options needed for Docker, Android studio and QEMU:
General setup --->
-*- Control Group support --->
[*] Memory controller
[*] IO controller
[*] CPU controller
[*] Group scheduling for SCHED_OTHER
[*] CPU bandwidth provisioning for FAIR_GROUP_SCHED
[*] Group scheduling for SCHED_RR/FIFO
[*] PIDs controller
[*] RDMA controller
[*] HugeTLB controller
[*] Device controller
[*] Perf controller
-*- Namespaces support --->
[*] User namespace
[*] Virtualization --->
<*> Kernel-based Virtual Machine (KVM) support
<*> KVM for Intel (and compatible) processors support
[*] Enable the block layer --->
[*] Block layer bio throttling support
[*] Networking support --->
[*] Network packet filtering framework (Netfilter) --->
[*] Advanced netfilter configuration
<*> Bridged IP/ARP packets filtering
Core Netfilter Configuration --->
-*- Netfilter Xtables support (required for ip_tables)
<*> "addrtype" address type match support
<M> "ipvs" match support
<M> IP virtual server support --->
*** IPVS transport protocol load balancing support ***
[*] TCP load balancing support
[*] UDP load balancing support
*** IPVS scheduler ***
<M> round-robin scheduling
[*] Netfilter connection tracking
IP: Netfilter Configuration --->
<*> Netfilter IPv4 packet duplication to alternate destination
<*> IP tables support (required for filtering/masq/NAT)
<*> iptables NAT support
<*> MASQUERADE target support
<*> NETMAP target support
<*> REDIRECT target support
<*> Packet mangling
<*> 802.1d Ethernet Bridging
<M> 802.1Q/802.1ad VLAN Support
[*] QoS and/or fair queueing --->
<*> Control Group Classifier
-*- L3 Master device support
[*] Network priority cgroup
-*- Network classid cgroup
Character devices --->
[*] Enable TTY
[*] Unix98 PTY support
Device Drivers --->
[*] Block devices --->
<M> Network block device support
[*] Network device support --->
[*] Network core driver support
<M> Dummy net driver support
<M> MAC-VLAN support
<M> IP-VLAN support
<M> Virtual eXtensible Local Area Network (VXLAN)
<*> Virtual ethernet pair device
[*] Cryptographic API --->
-*- Diffie-Hellman algorithm
Security options --->
-*- Enable access key retention support
[*] Enable register of persistent per-UID keyrings
<*> ENCRYPTED KEYS
[*] Diffie-Hellman operations on retained keys
By far the worst section of the kernel configuration. It's very difficult to keep up to date with Docker options, cgroups and most of the kernel work done here. You'll find that the article on Docker is mostly out of date as well. The best way of reaching this configuration is to emerge Docker and read the warnings on missing kernel options, once you've booted onto your new system.
Initramfs tweaks:
General setup --->
[*] Initial RAM filesystem and RAM disk (initramfs/initrd) support
[ ] Support initial ramdisk/ramfs compressed using bzip2
[ ] Support initial ramdisk/ramfs compressed using LZMA
[ ] Support initial ramdisk/ramfs compressed using XZ
[ ] Support initial ramdisk/ramfs compressed using LZO
[ ] Support initial ramdisk/ramfs compressed using LZ4
[ ] Support initial ramdisk/ramfs compressed using ZSTD
Trimming the security model and other useless devices:
Device drivers --->
< > PCCard (PCMCIA/CardBus) support ----
<*> Serial ATA and Parallel ATA drivers (libata) --->
[ ] ATA SFF support (for legacy IDE and PATA)
[ ] Macintosh device drivers ----
[ ] Watchdog Timer Support ----
Security options --->
[ ] Enable different security models
Installing kernal, modules/firmware
Initially I had the intel-ishtp module under /etc/modules-load.d/ but that never went anywhere. Still unsure if the hardware I have supports this
(chroot) root #
make && make modules_install
(chroot) root #
make install
(chroot) root #
emerge --ask sys-kernel/linux-firmware
Installing an initramfs
Requirement is still to have the LVM partition decrypted through a key file that is itself password protected but at this point, it was getting complicated, and hardly working. I backtracked and used an initramfs made with genkernel.
I also ran into an issue where a module was missing from initramfs at some point. The issue is that if you change the kernel repeatedly adding/removing options, then the initramfs should normally be recreated if there are any modules that it'll require to boot.
(chroot) root #
emerge --ask sys-fs/lvm2
(chroot) root #
rc-update add lvm boot
(chroot) root #
emerge --ask sys-fs/cryptsetup
(chroot) root #
genkernel --lvm --luks --install --kernel-config=/usr/src/linux/.config initramfs
Configuring /etc/fstab
(chroot) root #
vi /etc/fstab
# documentation for details on setting a label. To obtain the UUID, use
# the blkid(8) command.
#LABEL=boot /boot ext4 noauto,noatime 1 2
#UUID=58e72203-57d1-4497-81ad-97655bd56494 / ext4 noatime 0 1
#LABEL=swap none swap sw 0 0
#/dev/cdrom /mnt/cdrom auto noauto,ro 0 0
/dev/nvme0n1p1 /boot vfat noauto,noatime 1 2
/dev/mapper/vg0-root / ext4 noatime 0 1
/dev/mapper/vg0-swap none swap sw 0 0
/dev/mapper/vg0-var /var xfs noatime,nodev,logbufs=8 0 0
/dev/mapper/vg0-varlog /var/log xfs noatime,nodev,logbufs=8 0 0
/dev/mapper/vg0-vartmp /var/tmp xfs noatime,nodev,logbufs=8 0 0
/dev/mapper/vg0-home /home ext4 noatime,nodev,nosuid,errors=remount-ro 0 2
/dev/mapper/vg0-media /media ext4 noatime,nodev,nosuid,errors=remount-ro 0 0
tmpfs /tmp tmpfs defaults,nodev,noexec,nosuid,size=512m,mode=1777 0 0
Resizing /var
While using the system, it became obvious that I underestimated size requirements of /var. That's mainly because the legacy /usr/portage moved to /var/... I resized /media and re-allocated some space.
root #
e2fsck -f /dev/mapper/vg0-media
root #
resize2fs /dev/mapper/vg0-media 290G
root #
lvreduce -L 290G /dev/mapper/vg0-media
root #
lvextend -L +8G /dev/mapper/vg0-var
root #
xfs_growfs /dev/mapper/vg0-var