We're going to use Arch Linux ARM not because we like to move fast and break things, but because it is a minimal base that will let us make the most of the diminuitive hardware and learn more about Linux, the operating system, and commonly used programs.
Raspberry Pi versions 1 - 3B+ (all of them, circa 2018) does not support hardware encryption, meaning full disk encryption will use significant CPU % and decrease disk performance.
- [ ] Test.
The initial installation is carried out on our computer following the correct variant of instructions:
- Raspberry Pi
- Raspberry Pi 2
- Raspberry Pi 3 (or, the ARMv7 instructions for the Raspberry Pi 2 may also be followed)
See File System Variations. It's easier to vary this now rather than later.
bla bla bla.
This is your opportunity to encrypt the root partition (excluding the boot drive) or use f2fs with the root partition. I did neither at this point.
Encryption is tricky because you'll need to physically enter the password if you reboot.
Encryption after SSH? Worth looking into:
Create an image for easy future use... (after initial setup... hmm)
badblocks -wsv /dev/...can be used to check each storage device you are using is okay.
WARNING -w = destructive read-write test.
List bad blocks:
dumpe2fs -b /dev/sdX1
Find new bad blocks:
fsck -vcck /dev/sdX1
- Follow the instructions on the wiki page, using 250 MB for boot, 16 GB for root, and keeping the rest as spare.
Raspberry Pi 3
# Reduce memory allocation to unused GPU, increasing RAM available to OS gpu_mem=16 # Disable unused WiFi and Bluetooth hardware to save power dtoverlay=pi3-disable-wifi dtoverlay=pi3-disable-bt # Disable unused HDMI port to save power (undocumented - need source link) hdmi_blanking=2 # Reduce minimum frequency of processor (to save power?) arm_freq_min=300
Note that the status of the HDMI port can be checked at /opt/vc/bin/tvservice.
File System Variations
There is a lot of flexibility in how we configure the partitions.
/boot partition is fairly inflexible (confirm encryption?), it must be FAT32. It is possible to boot over the network, or from a USB flash drive.
/ partition is more flexible, and you can install with other file systems from the get-go, e.g. f2fs or btrfs. Edit cmdline.txt.
It is easy to use RAID, LUKS, LVM and whatever file system you want on pure data devices.
It is much more tricky to install if you want to do those things on your main root
We will probably use 3-4 GB on
/ for programs and config files, and all data will be on a separate partition. I would recommend 4x this for
/ , i.e. 16GB, to leave room for future growth, and significant spare space to extend the longevity of this part of the SD card.
RAID + LUKS + LVM
Could be useful if you have externally-powered USB storage devices.
Note LVM can actually raid, but the tooling is more opaque and there is less community support -
Well we're using Arch, so why not a slightly dodgy filesystem? It has cool features like copy-on-write, snapshots, fast backups, and... RAID5 corrupting your data.
f2fs encryption info: https://www.kernel.org/doc/html/v4.15/filesystems/fscrypt.html
Per-Directory. Encrypt file + filename. Not file size, timestamps, permissions, extended attributes. Uses fscrypt, kernel-tool.