1,328
edits
Bootable Linux USB stick: Difference between revisions
Jump to navigation
Jump to search
no edit summary
No edit summary |
|||
| Line 38: | Line 38: | ||
=== install Fedora23 on an UEFI machine (UEFI enabled ; LegacyBoot / CSM disabled) === | === install Fedora23 on an UEFI machine (UEFI enabled ; LegacyBoot / CSM disabled) === | ||
Note: in the following, whenever you see the X in sdX, you must fill in the appropriate drive letter (e.g. a or b or c or d or ...). | |||
sdX3: efi /boot/efi | |||
sdX4: ext4 / | |||
sdX5: ext4 /mnt/data | |||
=== adjust the USB-stick for UEFI/EFI boot (before reboot from chroot environment) === | === adjust the USB-stick for UEFI/EFI boot (before reboot from chroot environment) === | ||
| Line 63: | Line 63: | ||
Performance tuning (not strictly required): | Performance tuning (not strictly required): | ||
We use ext4 filesystems and <code>data=writeback,nobarrier </code> in /etc/fstab. To be able to set these options also on the / filesystem, we use tune2fs to set both as default mount options on a Linux machine where the stick (dev/ | We use ext4 filesystems and <code>data=writeback,nobarrier </code> in /etc/fstab. To be able to set these options also on the / filesystem, we use tune2fs to set both as default mount options on a Linux machine where the stick (dev/sdX) is just plugged in (i.e. not booted from): | ||
tune2fs -o journal_data_writeback,nobarrier /dev/ | tune2fs -o journal_data_writeback,nobarrier /dev/sdX4 | ||
tune2fs -o journal_data_writeback,nobarrier /dev/ | tune2fs -o journal_data_writeback,nobarrier /dev/sdX5 | ||
create & label vfat filesystem: | create & label vfat filesystem: | ||
mkfs.vfat /dev/ | mkfs.vfat /dev/sdX1 | ||
dosfslabel /dev/ | dosfslabel /dev/sdX1 VFAT | ||
shutdown or reboot: | shutdown or reboot: | ||
| Line 78: | Line 78: | ||
boot Fedora Live DVD on a BIOS machine and chroot to the stick: | boot Fedora Live DVD on a BIOS machine and chroot to the stick: | ||
mount /dev/ | mount /dev/sdX4 /mnt | ||
mount -o bind /dev /mnt/dev | mount -o bind /dev /mnt/dev | ||
mount -t proc /proc /mnt/proc | mount -t proc /proc /mnt/proc | ||
| Line 86: | Line 86: | ||
install grub2 for BIOS boot and configure it: | install grub2 for BIOS boot and configure it: | ||
rm /boot/grub2/grubenv | rm /boot/grub2/grubenv | ||
grub2-install /dev/ | grub2-install /dev/sdX | ||
grub2-mkconfig -o /etc/grub2.cfg | grub2-mkconfig -o /etc/grub2.cfg | ||
(on UEFI systems /boot/grub2/grubenv is a symlink to /boot/efi/EFI/fedora/grubenv (from package grub2-efi.rpm). The symlink has to be removed before grub2-install can finish successfully, it automatically creates a new file /boot/grub2/grubenv (as in package grub2.rpm) | (on UEFI systems /boot/grub2/grubenv is a symlink to /boot/efi/EFI/fedora/grubenv (from package grub2-efi.rpm). The symlink has to be removed before grub2-install can finish successfully, it automatically creates a new file /boot/grub2/grubenv (as in package grub2.rpm) | ||
| Line 100: | Line 100: | ||
*set the boot flag (active) on the single 0xEE partition in the protective MBR by using fdisk version <= 2.22 (versions 1.23 and newer have GPT support and thus don't make changes to the protective MBR but to the GPT) (I used fdisk (util-linux-ng 2.17.2) on a ScientificLinux 6.7 machine) | *set the boot flag (active) on the single 0xEE partition in the protective MBR by using fdisk version <= 2.22 (versions 1.23 and newer have GPT support and thus don't make changes to the protective MBR but to the GPT) (I used fdisk (util-linux-ng 2.17.2) on a ScientificLinux 6.7 machine) | ||
fdisk /dev/ | fdisk /dev/sdX | ||
a | a | ||
part 1 | part 1 | ||
| Line 106: | Line 106: | ||
*recompute CHS values using option “h” in gdisk's expert menu: | *recompute CHS values using option “h” in gdisk's expert menu: | ||
gdisk /dev/ | gdisk /dev/sdX | ||
x | x | ||
h | h | ||
| Line 127: | Line 127: | ||
Save a compressed disk image - we use the parallel gzip program called pigz: | Save a compressed disk image - we use the parallel gzip program called pigz: | ||
dd if=/dev/ | dd if=/dev/sdX bs=4096 | pigz -c usbstick.img.gz | ||
(time: ~180 secs speed: ~175MB/s, size of image: 1.8 GB) | (time: ~180 secs speed: ~175MB/s, size of image: 1.8 GB) | ||
write compressed image back to a stick: | write compressed image back to a stick: | ||
unpigz -c usbstick.img.gz | dd of=/dev/ | unpigz -c usbstick.img.gz | dd of=/dev/sdX bs=4096 | ||
(speed should be >100MB/s) | (speed should be >100MB/s) | ||
| Line 141: | Line 141: | ||
rm /mountpoint_of_partition/delete.me | rm /mountpoint_of_partition/delete.me | ||
This is sensible to do after deleting large amounts of data from the USB stick, and before saving and compressing an image of it. It also | This is sensible to do after deleting large amounts of data from the USB stick, and before saving and compressing an image of it. It also usually results in faster writes afterwards i.e. it may be a way to restore the write speed of the stick (of course this depends on the specific hardware). | ||
<code>hdparm</code>'s (ENHANCED) SECURITY ERASE initializes the whole stick in | <code>hdparm</code>'s (ENHANCED) SECURITY ERASE initializes the whole stick in a few seconds, and restores it to an almost factory-fresh condition, including zeroing the device. This works on all sticks where hdparm -I /dev/sdX reports "supported: enhanced erase" but if used wrongly (e.g. on the wrong device, or with the wrong options, or ...) it may brick your device, or delete valuable data! So use at your own risk: | ||
* check if <code>hdparm -I /dev/sdX</code> reports "supported: enhanced erase" and "not frozen" (to unfreeze a frozen diks, suspend your system with <code>pm-suspend</code> and wake it up again) | |||
* set disk password, and erase it (which unsets the password): | |||
hdparm --user-master u --security-set-pass Eins /dev/sdX | |||
hdparm --user-master u --security-erase-enhanced Eins /dev/sdX | |||
If you tried with --security-erase-enhanced, but the disk does not support it, then an error will occur and the disk will still be locked after the failed command, and you will not be able to write anything to it! If this happens, you can unlock it with <code> hdparm --user-master u --security-unlock Eins /dev/sdX</code> | |||
The <code>wiper.sh</code> script (which is part of <code>hdparm</code>) gives no error message, but does not reproducibly fill the empty space of the filesystem with zeroes (it sometimes does). | The <code>wiper.sh</code> script (which is part of the <code>hdparm</code> source distribution) gives no error message, but does not reproducibly fill the empty space of the filesystem with zeroes (it sometimes does). | ||
All other methods, like the <code>fstrim</code> command and the <code>discard</code> mount option '''do not work for USB sticks''', presumably because the usb-storage kernel module does not pass the ATA trim command through the USB bridge and controller to the device. The same goes for [http://unix.stackexchange.com/questions/97143/utility-to-trim-unallocated-space-on-drive <code>blkdiscard</code>]. | All other methods, like the <code>fstrim</code> command and the <code>discard</code> mount option '''do not work for USB sticks''', presumably because the usb-storage kernel module does not pass the ATA trim command through the USB bridge and controller to the device. The same goes for [http://unix.stackexchange.com/questions/97143/utility-to-trim-unallocated-space-on-drive <code>blkdiscard</code>]. | ||