Qubes OS - Moving /boot to an USB drive
298 views
Skip to first unread message
_Avyd
Aug 14, 2014, 4:14:36 PM8/14/14
to qubes...@googlegroups.com
Hello!
I have documented my steps on moving /boot to an USB drive as it's much
easier to keep your pendrive with you always then your laptop.
Hopefully this works for everyone, but try this only if you know what
you are doing coz it's a risky stuff (I mean loosing /boot is not good).
So, my steps are below. "X" is the device's letter.
# VM Part
##############
1. Create a new offline VM which manages your USB devices.
2. Erase everything from pendrive using: dd if=/dev/zero of=/dev/sdX
bs=512k && sync
3. Attach the pendrive to dom0
# Work in dom0
##############
# Set up your pendrive with an ext4 primary partition and boot flag
fdisk /dev/xvdX
mkfs.ext4 /dev/xvdX1
# Copy /boot contents
cp -Rf --copy-contents /boot /boot.orig
umount /boot
# Mount the pendrive as /boot
mount /dev/xvdX1 /boot
# Copy the files to the pendrive and move them
cp -Rf --copy-contents /boot.orig/* /boot/
sync
# Install grub2 on your pendrive and create the config file for it
grub2-install /dev/xvdX
cd /boot/grub2
grub2-mkconfig > grub.cfg
# Reboot and set up USB boot in your BIOS
init 6
# If everything is fine, remove /boot from your HDD/SSD
# Mounting /boot is not required, just for system update
I have documented my steps on moving /boot to an USB drive as it's much
easier to keep your pendrive with you always then your laptop.
Hopefully this works for everyone, but try this only if you know what
you are doing coz it's a risky stuff (I mean loosing /boot is not good).
So, my steps are below. "X" is the device's letter.
# VM Part
##############
1. Create a new offline VM which manages your USB devices.
2. Erase everything from pendrive using: dd if=/dev/zero of=/dev/sdX
bs=512k && sync
3. Attach the pendrive to dom0
# Work in dom0
##############
# Set up your pendrive with an ext4 primary partition and boot flag
fdisk /dev/xvdX
mkfs.ext4 /dev/xvdX1
# Copy /boot contents
cp -Rf --copy-contents /boot /boot.orig
umount /boot
# Mount the pendrive as /boot
mount /dev/xvdX1 /boot
# Copy the files to the pendrive and move them
cp -Rf --copy-contents /boot.orig/* /boot/
sync
# Install grub2 on your pendrive and create the config file for it
grub2-install /dev/xvdX
cd /boot/grub2
grub2-mkconfig > grub.cfg
# Reboot and set up USB boot in your BIOS
init 6
# If everything is fine, remove /boot from your HDD/SSD
# Mounting /boot is not required, just for system update
cprise
Aug 15, 2014, 5:33:37 AM8/15/14
to _Avyd, qubes...@googlegroups.com
On 08/14/14 16:14, _Avyd wrote:
> Hello!
>
> I have documented my steps on moving /boot to an USB drive as it's much
> easier to keep your pendrive with you always then your laptop.
>
> Hopefully this works for everyone, but try this only if you know what
> you are doing coz it's a risky stuff (I mean loosing /boot is not good).
Anti-Evil-Maid does this work for you, except in return it also verifies
that your BIOS and settings (or the PCR objects, to be more accurate)
were unmodified on each boot.
See Qubes user docs for the page about AEM.
/boot directory in the root volume instead". If you do an update but
forget to mount the USB drive beforehand, the boot directory will hold
the updated files until you copy them to the USB stick. Or, you may
prefer to have no /boot folder and let an update error occur when you
forget to mount the USB stick before an update.
_Avyd
Aug 16, 2014, 5:30:46 AM8/16/14
to cprise, qubes...@googlegroups.com
yes it's a good idea to remove the boot partition if everything is
working.
I haven't tried anti-evil maid with that usb combination, but probably
it will work the same way.
@Zrubi/Devs: if you find these steps ok, feel free to add to the wiki
pages!
--
_Avyd ~ pgp 966DA9A8
Reply all
Reply to author
Forward
0 new messages