# Simplified Gentoo Linux installation

Tags: linux gentoo

Reading time: 4 minutes

Description: Step-By-Step simplified Gentoo Linux installation with encrypted root

Reference: Gentoo Wiki

All commands are executed as root unless written otherwise.

# Partioning

The partition layout will look like this:

1
2
3
4
5
6


/dev/vda
|-+ boot (mount: /boot) (1024 mb)
|-+ luks
| |-+ lvm
| | |-+ root (mount: /) (100 gb)
| | |-+ home (moutn: /home) (100%FREE)

## Partitioning the disk

 1
 2
 3
 4
 5
 6
 7
 8
 9
10


parted -a optimal /dev/vda
unit mib
mklabel gpt
mkpart primary fat32 1 1024
name 1 boot
set 1 BOOT on
mkpart primary 1024 -1
name 2 lvm
set 2 LVM on
quit

## Filesystem stuff

Format the boot partition (which later contains grub and kernel files) as fat32.

1

mkfs.vfat -F32 /dev/vda1

Encrypt the root partition. Cipher methods or key size can be set with -c <cipher> and/or -s <keysize>, the default settings should be enough for most people ;)

1
2


modprobe dm-crypt
cryptsetup luksFormat /dev/vda2

Open the freshly encrypted partition.

1

cryptsetup luksOpen /dev/vda2 lvm

Create the LVM physical volume group.

1

lvm pvcreate /dev/mapper/lvm

Create a volume group (vg0).

1

vgcreate vg0 /dev/mapper/lvm

Create the home and root logical volume (notice the lowercase -l in the second command).

1
2


lvcreate -L 100G -n root vg0
lvcreate -l 100%FREE -n home vg0

Format each logical volume.

1
2


mkfs.ext4 /dev/mapper/vg0-root
mkfs.ext4 /dev/mapper/vg0-home

# Base system installation

## Preparing the environment

Create the mount points and mount the partitions.

1
2
3
4


mkdir /mnt/gentoo
mount /dev/mapper/vg0-root /mnt/gentoo
mkdir /mnt/gentoo/home
mount /dev/mapper/vg0-home /mnt/gentoo/home

Download a stage3 from gentoo.org tarball to /mnt/gentoo.

1
2
3


cd /mnt/gentoo
wget https://distfiles.gentoo.org/releases/amd64/autobuilds/20230917T164636Z/stage3-amd64-desktop-openrc-20230917T164636Z.tar.xz
tar xvJpf stage3-amd64-desktop-openrc-20230917T164636Z.tar.xz --xattrs --numeric-owner

## Preparing the filesystem(s)

Mount all necessary filesystems.

1
2
3
4
5
6
7
8


mount -t proc /proc /mnt/gentoo/proc
mount --rbind /sys /mnt/gentoo/sys
mount --make-rslave /mnt/gentoo/sys
mount --rbind /dev /mnt/gentoo/dev
mount --make-rslave /mnt/gentoo/dev
test -L /dev/shm && rm /dev/shm && mkdir /dev/shm
mount -t tmpfs -o nosuid,nodev,noexec shm /dev/shm
chmod 1777 /dev/shm

## Chrooting

Copy the network settings from the live system.

1

cp /etc/resolv.conf /mnt/gentoo/etc/resolv.conf

Chroot into Gentoo.

1
2
3


chroot /mnt/gentoo /bin/bash
source /etc/profile
export PS1="(chroot) $PS1"

Mount the boot partition.

1

mount /dev/vda1 /boot

# Base system configuration

## make.conf

Reference: Gentoo Wiki make.conf section

Edit /etc/portage/make.conf to your liking.

Important: Add lvm as a useflag

My custom make.conf entrys for my system are:

 1
 2
 3
 4
 5
 6
 7
 8
 9
10
11
12


KEYWORDS="amd64"
ACCEPT_KEYWORDS="amd64"

MAKEOPTS="-j32 -l32"
EMERGE_DEFAULT_OPTS="--jobs=16"
PORTAGE_NICENESS="19"

USE="-systemd -ppp"
USE="${USE} elogind dbus udev lvm"
USE="${USE} wayland alsa pulseaudio networkmanager dhcpcd samba bluetooth"

VIDEO_CARDS="amdgpu radeonsi"

## System profile setup

Synchronize the ebuild repo.

1

emerge-webrsync

Set the profile.

1
2


eselect profile list
eselect profile set <number_from_list>

## Timezone and locale setup

Set your local timezone.

1
2


echo Europe/Berlin > /etc/timezone
emerge --config sys-libs/timezone-data> Make sure /boot is mounted if you rebooted your syst

## Configure locales

For example, add de_DE.UTF-8 UTF-8 to set your system to german.

1
2


nano -w /etc/locale.gen
locale-gen

Set the default locale

1
2


eselect locale list
eselect locale set <number_from_list>

Update the environment.

1
2
3


env-update
source /etc/profile
export PS1="(chroot) $PS1"

## Configure fstab

Get the UUID’s for your partitions (replace vda behind grep with your drive name).

1

blkid | grep 'vda\|vg0'

Edit /etc/fstab with your blkid’s.

Dont use the tmpfs line if you want your tmp filesystem on disk and not in ram.

1
2
3
4


UUID=<uuid_from_/dev/vda1> /boot vfat noauto,noatime 1 2
UUID=<uuid_from_vg0-root> / ext4 defaults 0 1
UUID=<uuid_from_vg0-home> /home ext4 defaults 0 1
tmpfs /tmp tmpfs size=8G 0 0

# Kernel Configuration

Accept the redistributable license for the kernel firmware package.

1
2


mkdir /etc/portage/package.license
echo sys-kernel/linux-firmware linux-fw-redistributable > /etc/portage/package.license/sys-kernel

Emerge the necessary packages (kernel source, genkernel, cryptsetup)

1

emerge -av sys-kernel/gentoo-sources sys-kernel/genkernel sys-fs/cryptsetup

Select the kernel version.

1
2


eselect kernel list
eselect kernel set <number_from_list>

Build the kernel (i recommend a full build at first, a custom setup is easier once your system is up and running).

All necessary drivers should be enabled by default but you could double check by appending --menuconfig in front of the all keyword.

I also exclude zfs because compile times.

Double check /boot is mounted

1

genkernel --luks --lvm --no-zfs all

# Bootloader setup

Install the grub package.

1
2
3


echo "sys-boot/grub:2 device-mapper" >> /etc/portage/package.use/sys-boot
emerge -av sys-boot/grub
rc-update add lvm default 

Configure grub to ask for the encryption password at boot (/etc/default/grub).

1

GRUB_CMDLINE_LINUX="dolvm crypt_root=UUID=<UUID_from_/dev/vda2>"

Install grub with EFI.

1
2


grub-install --target=x86_64-efi --efi-directory=/boot
grub-mkconfig -o /boot/grub/grub.cfg 

# Finishing steps

Set the root user password

1

passwd

# If you use an SSD, enable trim

/etc/default/grub

1

GRUB_CMDLINE_LINUX="... root_trim=yes"

/etc/lvm/lvm.conf

1

issue_discards = 1

Reconfigure grub.

1

grub-mkconfig -o /boot/grub/grub.cfg

# Done

Exit the chroot environment, unmount the home, root and boot partition and reboot.

1
2
3
4
5


exit
umount /mnt/gentoo/home
umount /mnt/gentoo/boot
umount -l /mnt/gentoo/
reboot