Include:Parted
![]() Do not follow instructions here until this notice is removed. |
The parted
partition editor is needed for advanced partitioning and GPT disklabels. The default fdisk
from BusyBox is a very stripped-down version with minimal functionality.
To install parted Issue the command:
# apk add parted
Creating the Partition Layout
Depending on your motherboard, bios features and configuration we can either use partition table in MBR (legacy BIOS) or GUID Partition Table (GPT).
We'll describe both with example layouts.
BIOS/MBR with DOS disklabel
![]() Do not follow instructions here until this notice is removed. |
We'll be partitioning the storage device using parted
utility to have a /boot
partition for use with the Syslinux bootloader. Syslinux is meant for use with legacy BIOS and an MSDOS MBR partition table. The root
partition in this example takes up the entire remaining space. This can be changed suitably.
Syslinux does support GPT partition tables but GRUB2 is the better option for UEFI (UEFI is possible only with GPT).
+---------------------------+------------------------+-----------------------+ | Partition name | Partition purpose | Filesystem type | +---------------------------+------------------------+-----------------------+ | /dev/sda1 | Boot partition | ext4 | | /dev/sda2 | Root partition | ext4 | +---------------------------+------------------------+-----------------------+
![](/images/d/d8/Tango-dialog-warning.png)
To create a Boot partition of approximately 100MB to boot from,
# parted -a optimal (parted) mklabel msdos (parted) mkpart primary ext4 0% 100M (parted) set 1 boot on (parted) mkpart primary ext4 100M 100%
To view your partition table, type print
while still in parted
. Your results should look something like this:
(parted) print Model: ATA TOSHIBA ******** (scsi) Disk /dev/sda: 1000GB Sector size (logical/physical): 512B/4096B Partition Table: msdos Disk Flags: Number Start End Size Type File system Flags 1 1049kB 99.6MB 98.6MB primary ext4 boot 2 99.6MB 1000GB 1000GB primary ext4
UEFI with GPT disklabel
![]() Do not follow instructions here until this notice is removed. |
We'll be partitioning the storage device using parted utility. The EFI system partition mounted at /boot/efi
will remain unencrypted and the remaining disk can be encrypted. This means GRUB2 will decrypt the LUKS volume and load the kernel from there, preventing someone with physical access to your computer from maliciously installing a rootkit (or bootkit) in your boot partition while your computer is not unlocked. The partitioning scheme will look like this:
+---------------------------+------------------------+-----------------------+ | Partition name | Partition purpose | Filesystem type | +---------------------------+------------------------+-----------------------+ | /dev/sda1 | EFI system partition | fat32 | | /dev/sda2 | LUKS container | LUKS | | |-> /dev/mapper/lvmcrypt | LVM container | LVM | | |-> /dev/vg01/root | Root partition | ext4 | | |-> /dev/vg01/boot | Boot partition | ext4 | | |-> /dev/vg01/swap | Swap partition | swap | +---------------------------+------------------------+-----------------------+
![](/images/d/d8/Tango-dialog-warning.png)
Create an EFI system partition of approximately 200MB, then assign the rest of the space to your LUKS partition.
# parted -a optimal (parted) mklabel gpt (parted) mkpart primary fat32 0% 200M (parted) name 1 esp (parted) set 1 esp on (parted) mkpart primary ext4 200M 100% (parted) name 2 crypto-luks
(parted) print Model: ATA TOSHIBA ******** (scsi) Disk /dev/sda: 1000GB Sector size (logical/physical): 512B/4096B Partition Table: msdos Disk Flags:
Number Start End Size Type File system Flags
1 1049kB 99.6MB 98.6MB primary ext4 boot 2 99.6MB 1000GB 1000GB primary ext4