# Installation To install the Alpine Linux distribution on the system, the alpine root partition and the EFI partition have to be mounted to the main system. ``` # mount /dev/vg/alpine_root /mnt -t ext4 # mkdir /mnt/esp # mount /dev/disk/by-label/esp /mnt/esp -t vfat ``` Then install Alpine Linux using `setup disk` ``` # setup-disk -m sys /mnt ``` > This will also add `grub` as bootloader which will be replaced but for now it will reside on the ESP. To have a functional chroot into the system, bind the system process directories ``` # for i in dev proc sys run; do > mount --rbind --make-rslave /$i /mnt/$i > done # chroot /mnt ``` The other setup scripts can be used to configure key aspects of the system. Besides that a few necessary services have to be activated. ``` # setup-hostname # setup-keymap us us-euro # setup-timezone -i / # setup-ntp openntpd # rc-update add acpid default # rc-update add lvm boot # rc-update add seedrng boot # rm -rf /var/tmp # ln -s /tmp /var/tmp # passwd root ``` > The root password does not really matter because it is going to be locked after a user has been created. Set the `hwclock` to use `UTC` in `/etc/conf.d/hwclock` and disable writing the time to hardware. Running a NTP negates its usability. ``` clock="UTC" clock_hctosys="NO" clock_systohc="NO" ``` Edit `/etc/fstab` for correct mounts ``` /dev/disk/by-label/esp /esp vfat defaults,nodev,nosuid,noexec 0 2 /dev/vg/alpine_root / ext4 defaults,noatime 0 1 /dev/vg/home /home ext4 defaults,noatime,nodev,nosuid 0 2 /dev/vg/var /var ext4 defaults,nodev,nosuid,noexec 0 2 /dev/vg/nix /nix ext4 defaults,noatime,nodev,nosuid 0 2 tmpfs /tmp tmpfs rw,size=4G,nr_inodes=5k,nodev,nosuid,noexec,mode=1777 0 0 proc /proc proc nodev,nosuid,noexec,hidepid=2 0 0 ``` By default, Alpine Linux uses `mkinitfs` to create an initial ram filesystem, although it is minimal that also means that it lacks some functionality which is needed for a proper setup. Because of this `mkinitfs` and `grub-efi `will be replaced with `booster` and `secureboot-hook`. ``` # apk add booster secureboot-hook sbctl # apk del mkinitfs grub-efi ``` To configure booster edit `/etc/booster.yaml`: ``` enable_lvm: true busybox: false modules: vfat,nls_cp437,nls_iso8859_1 ``` The most important step is the creation of a UKI using `secureboot-hook` which also automatically signs them. First the hook itself will have to be tweaked to use `booster` instead of `mkinitfs`, edit `/etc/kernel-hooks.d/50-secureboot.hook` and change the line: ``` /sbin/mkinitfs -o "$tmpdir"/initramfs "$NEW_VERSION-$FLAVOR" ``` to: ``` /usr/bin/booster build "$tmpdir"/initramfs --kernel-version "$NEW_VERSION-$FLAVOR" ``` and configure `/etc/kernel-hooks.d/secureboot.conf` for cmdline and secureboot. ``` cmdline="rw rd.luks.name==luks rd.lvm.vg=vg root=/dev/vg/alpine_root modules=ext4 quiet splash" signing_cert="/usr/share/secureboot/keys/db/db.pem" signing_key="/usr/share/secureboot/keys/db/db.key" output_dir="/esp/efi/linux" output_name="alpine-linux-{flavor}.efi" ``` Here `` has to be replaced with the UUID of the partition which contains the volume group: ``` # blkid /dev/2 >> /etc/kernel-hooks.d/secureboot.conf ``` Use `sbctl` to create secureboot keys and sign them. ``` # sbctl create-keys # sbctl enroll-keys ``` > Whilst enrolling the keys it might be necessary to add the `--microsoft` flag if you are unable to use custom keys. Now to see if everything went succesfully run: ``` # apk fix kernel-hooks ``` and it should give no warnings if done properly. As discussed earlier `grub` will be replaced, install `gummiboot` as a bootloader. ``` # apk add gummiboot # mkdir /esp/loader # mkdir /esp/efi/boot # cp /usr/lib/gummiboot/gummibootx64.efi /esp/efi/boot/bootx64.efi ``` Sign the bootloader with `sbctl` ``` # sbctl sign -s /esp/efi/boot/bootx64.efi ``` and also remove some remnants of `grub`. ``` # rm -rf /boot/grub # rm -rf /etc/default # cd /boot && unlink boot && cd .. ``` `gummiboot` can be configured with the file `/esp/loader/loader.conf` with which the timeout and the default OS can be specified. ``` default alpine-linux-.efi timeout 2 editor no ``` Before finishing the installation `networkmanager` will be installed for networking. Also install `networkmanager-wifi` and `wpa_supplicant` for Wi-Fi functionality. ``` # apk add networkmanager networkmanager-wifi wpa_supplicant # setup-devd udev # rc-update add networkmanager default ``` Wi-Fi will not yet work. For Wi-Fi configuration see the [network section](post-install/network). > If internet does not work after reboot create the config file as described in the [network section](post-install/network) and restart the service. Now exit the chroot and you should be able to reboot into a working Alpine system. ``` # exit # umount -lf /mnt # reboot ``` When booting up your screen might appear blank, this is the encryption prompt. Enter the encryption key and press enter to boot.