Setup of the Pinebook Pro

The Pinebook Pro from Pine64 arrived, and the preinstalled Manjaro was not to my liking, with using strange defaults and programs not working on update (some program named silver)? I prefer the Arch way, although this requires quite the journey to set up on the pbpro…

The wanted setup

A full disk encryption using LUKS and btrfs, with an external SD card used as home (as 64GB is a bit anemic for all users). The SD should be encrypted. This ensures data is lost rather than stolen by bad guys.

Booting and setting up disks

The installation ISO was dowloaded from Sven Kiljans repository and installed to an SD card. The pbpro booted, and wifi was set up using wifi-menu. The clock was set using timedatectl set-ntp true, and the pacman keyring populated.

The disk was partioned according to the install instructions here.

The first partition can be formatted using mkfs.vfat -n BOOT_ALARM /dev/mmcblk2p1. A LUKS device is created using cryptsetup luksFormat /dev/mmcblk2p2. This device can be opened using cryptsetup open /dev/mmcblk2p2 crypto. The btrfs partition can be created using mkfs.btrfs /dev/mapper/crypto.

Installing Arch

The btrfs partition must be mounted:

mount /dev/mapper/crypto -o compress-force=zstd,discard=async,noatime,lazytime /mnt

using noatime to prevent excessive writes to the SD card. The boot partition is mounted using mount /dev/mmcblk2p1 /mnt/boot (create the directory with mkdir /mnt/boot).

The system is copied over as decribed in the install instructions, i.e.

rsync -aAXq --exclude={"/dev/*","/proc/*","/sys/*","/tmp/*","/run/*","/mnt/*","/lost+found"} / /mnt

Generate an fstab entry on the fresh install to recognize the setup:

genfstab -U /mnt > /mnt/etc/fstab

It is now advisable to chroot into the install by arch-chroot /mnt.

Set up the crypto by modifying /etc/mkinitcpio.conf and include encrypt under HOOKS (just before filesystems). Then edit /boot/extlinux/extlinux.conf with the following config:

LABEL Arch Linux ARM
KERNEL /Image
FDT /dtbs/rockchip/rk3399-pinebook-pro.dtb
APPEND initrd=/initramfs-linux.img console=ttyS2,1500000 console=tty0 rw rootwait cryptdevice=UUID=YOUR-UUID:crypto root=/dev/mapper/crypto plymouth.ignore.serial-consoles

Tip: Pipe the output from blkid to this config to get the UUID right. This should be the UUID of the second partition which contains the LUKS container.

Run mkinitcpio -P to generate the initramfs and reboot. Remember to take the SD card so the right linux installation is booted.

A later article details some useful tricks and tips in setting up the pinebook.

References

• https://github.com/SvenKiljan/archlinuxarm-pbp-packages
• https://ryankozak.com/luks-encrypted-arch-linux-on-pinebook-pro/
• https://github.com/nadiaholmquist/archiso-pbp
• Arch linux installation guide
• Arch wiki on btrfs