Reference Dec 08, 2017

Fully Encrypted ArchLinux with Secure Boot on Yoga 920

The first laptops with the latest 8th generation Intel processors began to ship a few weeks ago. One of the strongest contenders is the Lenovo Yoga 920. The top end model features a 4K screen, 16GB of RAM, a 1TB NVMe drive, two Thunderbolt and one USB 3.0 ports, and is yet about the same thickness as the current MacBooks. It ships with Windows 10 out of the box, but that doesn’t mean you’re stuck with it.

Tags: archlinux yoga920

Overview

This article explains how to install a fully encrypted ArchLinux on NVMe with Btrfs and detached LUKS headers and LUKS encrypted UEFI boot partition on a USB dongle. For the benefit of inexperienced users, I explain in detail what I did and why. If reading is not your thing, there are also condensed instructions available.

ArchLinux will be the only installation on my Yoga, and I want it to be fully encrypted in case it gets lost or stolen. There are several ways to encrypt a Linux system. I will describe a more complex, but more secure one using a variation of LVM on LUKS with detached LUKS headers and Encypted boot partition with GRUB.

These are the high level goals for the setup:

Fully encrypted system drive with Btrfs file system
Encrypted kernel, ramdisk images and bootloader configuration
Two-factor authentication via detached LUKS header on USB dongle
Volume snapshots via Snapper
8GB of encrypted swap space
Secure boot enabled

My laptop’s NVMe drive will be partition-less and only contain the encrypted system installation. Contrary to common setups, the bootloader will not be on the system drive, but reside on a USB stick that serves as a dongle and is required to boot the system. The bootloader is the only component that remains unencrypted, but we’ll digitally sign it and use Secure Boot to prevent tampering and evil maid attacks.

In the past, most users encrypted only the primary file system, because bootloaders did not support encrypted containers. While that protected system and user files, it left the bootloader configuration, kernel and ramdisk image exposed. More recent versions of the GRUB bootloader have encryption support, which allows us to store the /boot directory in an encrypted partition as well.

LUKS is the hard disk encryption standard on Linux. It integrates cryptographic key management with support for multiple keys and passphrase revocation. By adding a second factor for authentication, the system remains secure even if one or more of the passphrases are compromised. One way to accomplish this is to put a key file on a USB stick that must be present on boot. A simpler and even more secure option is to store the entire LUKS header on the stick instead.

The Btrfs file system is particularly well suited for SSD storage devices, because it implements copy on write (COW), compression and SSD TRIM. It also has support for subvolumes, which allow us to create a number of simulated partitions for the root file system, home directory, and file system snapshots via Snapper.

Booting from flash memory is very fast, so I will only be using suspend to RAM and never suspend to disk (aka. hybernation). This means that my swap partition can be kept small. Ideally, we won’t be using the swap space at all, because it will just wear out the SSD, but it is good to be prepared for memory hungry software.

Prerequisites

Before you can start, you need to download ArchLinux. You will need two USB sticks, one for the installer and one that will become the boot dongle. I created my installer from the latest ArchLinux ISO with Rufus on Windows. If you only have a single USB stick, you may consider creating an Archboot installer, which loads the entire OS into RAM and frees up the stick and port once it’s loaded up.

Firmware Update

Before you do anything else, you should update the laptop’s UEFI firmware. Boot into the pre-installed Windows 10 and run the Lenovo firmware update tool. It will reboot your laptop once to flash the NVRAM. Power off your laptop when it is done!

Boot USB Installer

The Yoga 920 has Secure Boot enabled by default, which prevents booting from USB media. We will temporarily disable it in the BIOS, so that we can boot the installer. While most computers have a keyboard shortcut to get into the BIOS, the Yoga 900 series requires you to push a pin into a tiny hole to the left of the power button. This will power up the laptop and present the boot menu:

Select the BIOS Setup menu option and press Enter
Navigate to the Security page using the right arrow key
Go to Secure Boot and press Enter to toggle the option to Disabled
Save the changes and exit BIOS Setup

Yoga Novo Button

Boot Menu

BIOS Setup

There doesn’t appear to be a way to boot from within the BIOS Setup, and after exiting it, the laptop will automatically boot into Windows instead. You have to:

Hold the power button for five seconds to turn off the laptop
Plug in only the USB stick containing the ArchLinux installer
Repeat the pin hole procedure to bring up the boot menu
Select the Boot Menu option to bring up the Boot Manager
Select your USB device to boot from

The ArchLinux installer should now boot up. If you’re lucky to have a 4K screen on your Yoga, the first thing you’ll notice is the tiny font. The largest font available, sun12x22, is still fairly small, but readable enough to get us started:

# setfont sun12x22

You can now plug-in the second USB stick that will become the boot dongle. In the following sections we assume that the installer USB stick is mounted as /dev/sda and the dongle USB stick as /dev/sdb. You can verify this with:

# lsblk
 loop0     7:0    0  408.5M  1 loop  /run/archiso/sfs/airootfs
 sda       8:0    1  14.9G   0 disk
 |_ sda1   8:1    1  14.9G   0 part  /run/archiso/bootmnt
 sdb       8:16   1  57.7G   0 disk
 nvme0n1 259:3    0 953.9G   0 disk

My installer stick's sda is 16 GB, my boot dongle's sdb is 64 GB in size. Your specific sizes may differ.

Wireless Network Setup

The ArchLinux installer will download packages from the internet. Before going any further, let’s make sure that we have network connectivity. If you’re using a wired network adapter you can skip this section, otherwise read on.

The Yoga’s WiFi interface works out of the box. First, make sure that it is detected:

# iw dev

Remember its name as we will need it for the remainder of this section. Mine is called wlp107s0. Next, unblock the interface and bring it up:

# rfkill unblock all
# ip link set wlp107s0 up

I haven’t been able to set up WiFi using built-in wifi-menu user interface, so I ended up configuring it manually. If you are not sure which WiFi network to connect to, you can scan for available hotspots with:

# iw dev wlp107s0 scan | less

Then find your network’s SSID and connect to it. Take a look at ArchWiki for information on wireless network configurations. Mine is secured with a WPA2 passphrase key, so I’m using wpa_supplicant:

# wpa_supplicant -i wlp107s0 -c <(wpa_passphrase "YourSSID" "YourKey")

You can ignore the failure messages for creating an interface and P2P device. The final output lines should indicate a successful connection. Press Ctrl+C to exit wpa_supplicant and run the command again with the -B parameter to fork the process into the background:

# wpa_supplicant -i wlp107s0 -c <(wpa_passphrase "YourSSID" "YourKey") -B

Verify that the connection is up:

# iw dev wlp107s0 link

The output should say that it is connected to your WiFi network. You can now start the DHCP client daemon to receive an IP address from your router and use the internet:

# dhcpcd wlp107s0

If you are unable to complete the entire system installation in a single sitting, repeat these steps every time you reboot the installer USB stick.

Verify Network Connectivity

Verify that the installer is able to connect to the internet:

# ping archlinux.org

Once your laptop is connected, you should also synchronize its clock:

# timedatectl set-ntp true

Prepare USB Dongle

We will set up the second USB stick as a dongle that is required to boot the system. An unencrypted EFI system partition contains the bootloader. The remaining space is used for an encrypted partition that holds the /boot directory, the detached LUKS header of the encypted system drive, as well as general purpose storage space for personal files and other live boot operating systems, such as Kali and Tails.

There are a number of tools, such as fdisk and parted to partition storage devices, but the quickest way is to use the built-in user interface:

# cgdisk /dev/sdb

Create the following partitions on the USB stick:

Size: 100M, Hex Code: ef00, Name: ESP
Size: 512M, Hex Code: default (8300), Name: Boot
Size: default (remaining space), Hex Code: default (8300), Name: Storage

Use the suggested default values for First sector (press Enter). You can ignore the small unusable free space at the beginning of the drive. The partition table in cgdisk should look similar to this:

Part. #     Size        Partition Type            Partition Name
----------------------------------------------------------------
            1007.0 KiB  free space
   1         100.0 MiB  EFI System                ESP
   2         512.0 MiB  Linux filesystem          Boot
   3          57.1 GiB  Linux filesystem          Storage

Don’t forget to Write out the new partition table to apply all changes, then Quit the disk partitioning utility to return to the root shell.

We can now format the EFI System partition:

# mkfs.fat -F32 /dev/sdb1

Then create and open an encrypted container on the boot partition:

# cryptsetup luksFormat /dev/sdb2
# cryptsetup open /dev/sdb2 cryptboot

Lastly, create a file system in the encrypted container and mount it:

# mkfs.ext2 /dev/mapper/cryptboot
# mount /dev/mapper/cryptboot /mnt

If you set up a storage partition, you can now format it as well. I formatted mine with FAT32 for easy use in other operating system:

# mkfs.fat -F32 /dev/sdb3

Prepare System Drive

The Yoga 920 has Windows 10 pre-installed. This is the partition layout:

# fdisk -l
 ...
 /dev/nvme0n1p1  256M   EFI System
 /dev/nvme0n1p2  16M    Microsoft Reserved
 /dev/nvme0n1p3         Microsoft Basic Data
 /dev/nvme0n1p4         Microsoft Basic Data
 /dev/nvme0n1p5  1000M  Windows recovery environment
 ...

Remember the name of the drive as we will need it below. Mine is called nvme0n1. It should contain an EFI system partition, a reserved 16MB Microsoft partition, two Microsoft basic data partitions whose size may vary depending on the size of your SSD, and a Windows recovery environment.

My laptop came with a Samsung PM961 M.2 NVMe SSD. It supports TRIM, which helps with long-term performance and wear-leveling. I wasn’t able to reproduce the advertised transfer rates, but it still is very fast:

# hdparm -Tt --direct /dev/nvme0n1
 cached reads: 1128.81 MB/sec
 disk reads:   1542.41 MB/sec

We are going to wipe the entire drive, but before making any changes, you may want to clone it, so it can be restored later if you change your mind. I decided to only keep the Windows recovery environment as it may come in handy in case I want to factory reset the laptop. Lenovo offers recovery DVD and USB media, but it is not free, and saving one gigabyte of storage is not worth the hassle.

I cloned the recovery partition into a file on my USB storage:

# mkdir /backup
# mount /dev/sdb3 /backup
# dd if=/dev/nvme0n1p5 of=/backup/yoga920recov.bin bs=64K conv=noerror,sync

For SSDs that have been in use for a while, it is recommended to perform a memory cell clearing prior to erasure in order to restore the factory default write performance. You can skip this step on a brand new Yoga 920. We will simply mark all blocks on the drive as unused:

# blkdiscard /dev/nvme0n1

To decrease the attack surface of encrypted drives, it is often recommended to fill them with random data that cannot be distinguished from encrypted data that is written later. This makes sense for magnetic storage devices where data is overwritten in place for free. For SSD drives the situation is much less clear, because they are based on different physical principles.

NAND flash memory cells can only be written to when they are empty (i.e. zero). Overwrites to used blocks are considerably more expensive, because they have to be cleared first. Writing random data to the entire drive will mark every block as used. On older SSDs this has been shown to reduce write performance. On newer drives this is somewhat mitigated by a certain amount of hidden storage used for recycling blocks in the background.

The operating system can issue TRIM commands to mark memory areas that are no longer used. These can then be cleared in the background by the SSD’s garbage collector, so that they become available for fast write operations in the future. While TRIM greatly improves the performance and wear of SSDs, it reveals which blocks are in use. This decreases the amount of encrypted data that an attacker needs to consider and possibly leaks information.

SSD drives are a can of worms when it comes to encryption. Since much of their internal workings are undisclosed and the security implications are not clear, the best recommendation is to not store any highly sensitive data on SSD storage in the first place. The rest of this article will therefore focus on making the Yoga 920 more tamper resistant while also retaining its performance and life span.

Encrypt System Drive

We are going to use cryptsetup to create an encrypted container on the system drive. Note that there are many possible combinations of cypher, hash and key length to choose from, but the default settings are sufficient to protect from most adversaries in the foreseeable future. To learn more about these options, check out the Gentoo Wiki and the official cryptsetup FAQ.

The default cypher for LUKS is AES-128 in XTS mode. It represents a good compromise between security and performance. The i7-8550U in the Yoga 920 can encrypt and decrypt at nearly four gigabytes per second:

# cryptsetup benchmark
Algorithm | Key |  Encryption |  Decryption
 ...
 aes-xts     256b   3918.9 MiB/s  3928.2 MiB/s
 aes-xts     512b   3130.6 MiB/s  3135.4 MiB/s

Note that XTS splits the key size in half, so that a 256b key corresponds to a 128 bit AES key. Increasing the AES key length from 128 to 256 comes with a 20% performance drop and does not necessarily increase security.

The LUKS header contains all password derivation and key slot information of an encrypted container. Since the data on SSD drives cannot be erased reliably due to wear-leveling and defect management algorithms, older versions of the header containing revoked keys can remain on the drive for a potentially very long time. It is therefore advisable not to store the LUKS header on the SSD itself, but to detach it to an external device. We will store it in the encrypted USB /boot partition.

Storing the header on a USB stick has the extra benefit that it adds a second factor of authentication: without access to the USB stick, the system cannot be booted. It also makes a brute force attack even more difficult. However, keep in mind that a detached LUKS headers does not support re-encryption with a different key in case both the header and one of the passphrases get compromised.

Create the encrypted container with a detached LUKS header and open it:

# truncate -s 2M /mnt/luksheader
# cryptsetup luksFormat /dev/nvme0n1 --align-payload 4096 --header /mnt/luksheader
# cryptsetup open --type luks --header /mnt/luksheader /dev/nvme0n1 cryptroot

Verify that the containers were opened and mapped (your sizes may vary):

# fdisk -l
 ...
 Disk /dev/mapper/cryptboot: 57.6 GiB
 ...
 Disk /dev/mapper/cryptroot: 953.9 GiB

You can now unmount the boot partition as we no longer need it:

# umount /mnt

Unfortunately, Btrfs does not support swap files yet, so the swap space needs to be a separate partition for now. We’ll use LVM on LUKS to configure two logical volumes inside the container, one for the root file system, and one for swap.

First create the physical volume and an associated volume group on top of the LUKS container:

# pvcreate /dev/mapper/cryptroot
# vgcreate System /dev/mapper/cryptroot

Then create the logical volumes on the volume group:

# lvcreate -L 8G System -n swap
# lvcreate -l 100%FREE System -n root

And then format and mount the logical volumes:

# mkswap /dev/mapper/System-swap
# swapon -d /dev/mapper/System-swap
# mkfs.btrfs /dev/mapper/System-root
# mount /dev/mapper/System-root /mnt

Root File System Setup

The root volume is formatted using the Btrfs file system, which will host the subvolumes for the system. Subvolumes allow us to simulate partitions within the encrypted container. We will use the suggested layout for use with Snapper:

# btrfs subvolume create /mnt/@
# btrfs subvolume create /mnt/@home
# btrfs subvolume create /mnt/@snapshots

Now unmount the system partition and mount the created subvolumes instead:

# umount /mnt
# mount -o compress=lzo,discard,noatime,nodiratime,subvol=@ /dev/mapper/System-root /mnt
# mkdir /mnt/home
# mkdir /mnt/.snapshots
# mount -o compress=lzo,discard,noatime,nodiratime,subvol=@home /dev/mapper/System-root /mnt/home
# mount -o compress=lzo,discard,noatime,nodiratime,subvol=@snapshots /dev/mapper/System-root /mnt/.snapshots

The @ subvolume will serve as root, @home will contain the home directory, and @snapshots will store volume snapshots created by Snapper. The compress and discard options enable data compression and TRIM support respectively. The noatime and nodiratime disable the writing of last access times on files and directories to improve the life time of the SSD drive.

There are certain directories that we do not wish to include in snapshots, such as log files and the package repository. For these we will create nested subvolumes, which are automatically excluded from snapshots by default, and mount them:

# mkdir -p /mnt/var/cache/pacman
# btrfs subvolume create /mnt/var/cache/pacman/pkg
# btrfs subvolume create /mnt/var/log
# btrfs subvolume create /mnt/var/tmp

Lastly, mount the /boot partition and the ESP into the system root:

# mkdir /mnt/boot
# mount /dev/mapper/cryptboot /mnt/boot
# mkdir /mnt/boot/efi
# mount /dev/sdb1 /mnt/boot/efi

Everything is ready now for the system installation.

ArchLinux Installation

In order to speed up the installation process, you should edit the list of package mirror servers. Move entries that are geographically closest to your location to the top of the file and comment out servers that you are not using. The list will be copied automatically to the installed system:

# nano /etc/pacman.d/mirrorlist

The bootstrapper will update the package repository and proceed with installing the initial packages:

# pacstrap /mnt base btrfs-progs efibootmgr grub-efi-x86_64 intel-ucode

Depending on your internet connection speed this should be finished in about five minutes. After that, generate an fstab file, so that the system knows how to mount the various volumes at boot time:

# genfstab -Up /mnt >> /mnt/etc/fstab

We can edit the generated file and make the /tmp directory a ramdisk. This will help preserve the SSD and speed up operations that use temporary files:

# nano /mnt/etc/fstab
 tmpfs     /tmp         tmpfs  defaults,noatime,mode=1777  0 0

Let’s also disable auto mount for the boot partition and ESP, so we can remove the USB dongle right after booting. This can be accomplished by adding noauto to the /boot and /boot/efi entries in fstab.

Your fstab file should have the following entries (comments/UUIDs omitted):

# cat /mnt/etc/fstab
 UUID=...  /            btrfs  rw,noatime,nodiratime,compress=lzo,ssd,discard,space_cache,subvolid=257,subvol=/@,subvol=@  0 0
 UUID=...  /home        btrfs  rw,noatime,nodiratime,compress=lzo,ssd,discard,space_cache,subvolid=258,subvol=/@home,subvol=@home  0 0
 UUID=...  /.snapshots  btrfs  rw,noatime,nodiratime,compress=lzo,ssd,discard,space_cache,subvolid=259,subvo=/@snapshots,subvol=@snapshots 0 0
 UUID=...  /none        swap   defaults  0 0
 UUID=...  /boot        ext2   noauto,rw,relatime,block_validity,barrier,user_xattr,acl 0 2
 UUID=...  /boot/efi    vfat   noauto,rw,relatime,fmask=0022,dmask=0022,codepage=437,iocharset=iso8859-1,shortname=mixed,errors=remount-ro  0 2
 tmpfs     /tmp         tmpfs  defaults,noatime,mode=1777  0 0

Add the boot partition to the crypttab file as well. The entry is needed for setting up Secure Boot later. Get the boot partition’s identifier via:

# blkid /dev/sda2

Then replace <identifier> with the boot partition's UUID in the file:

# nano /mnt/etc/crypttab
 cryptboot    UUID=<identifier>    none    noauto,luks

Lastly, change into the root directory of the installation to configure it:

# arch-chroot /mnt

The base system is now installed on the drive, but not able to boot yet.

Initial Ramdisk Configuration

The purpose of initramfs is to bootstrap the system to the point where the root filesystem is accessible. It is able to unlock encrypted root partitions via the encrypt hook, but it currently does not support detached LUKS headers. We have to modify the hook slightly for that to work.

First, create copies of the existing build and run-time hook files, so that they are not overwritten on future mkinitcpio updates:

# cp /lib/initcpio/hooks/encrypt{,2}
# cp /usr/lib/initcpio/install/encrypt{,2}

Then make the following changes to encrypt2 at around line 53:

# nano /lib/initcpio/hooks/encrypt2
 ...
 warn_deprecated() {
     echo "The syntax 'root=${root}' where '${root}' is an encrypted volume is deprecated"
     echo "Use 'cryptdevice=${root}:root root=/dev/mapper/root' instead."
 }

 local headerFlag=false
 for cryptopt in ${cryptoptions//,/ }; do
     case ${cryptopt} in
         allow-discards)
             cryptargs="${cryptargs} --allow-discards"
             ;;
         header)
             cryptargs="${cryptargs} --header /boot/luksheader"
             headerFlag=true
             ;;
         *)  
             echo "Encryption option '${cryptopt}' not known, ignoring." >&2 
             ;;  
     esac
 done

 if resolved=$(resolve_device "${cryptdev}" ${rootdelay}); then
     if $headerFlag || cryptsetup isLuks ${resolved} >/dev/null 2>&1; then
         [ ${DEPRECATED_CRYPT} -eq 1 ] && warn_deprecated
         dopassphrase=1

Now add the new encrypt2 hook and the path to the LUKS header to the mkinitcpio configuration file. We are also adding the keyboard, keymap and lvm2 hooks. Their ordering relative to block and filesystems is important:

# nano /etc/mkinitcpio.conf
 ...
 MODULES=(i915 loop)
 ...
 BINARIES=(/usr/bin/btrfs)
 ...
 FILES=(/boot/luksheader)
 ...
 HOOKS=(base ... keyboard keymap ... block ... encrypt2 lvm2 ... filesystems ...)

Now regenerate the initial ramdisk image:

# mkinitcpio -p linux

If you prefer to run a different kernel, such as the potentially more stable linux-lts (long-term support version), you can install it via:

# pacman -S linux-lts
# mkinitcpio -p linux-lts

Bootloader Installation

We will now install the GRUB bootloader to the USB dongle. Grub needs to pass special parameters to the kernel that allow the latter to unlock the encrypted root partition. Since we set up the LUKS container on the entire disk, we cannot use a partition UUID, but will pass a persistent name based on the device serial number:

# ls -l /dev/disk/by-id | grep nvme0n1

Take note of the disk name. Mine begins with nvme-SAMSUNG_MZVLW1T0HLMH, because that is the serial number of my disk.

The following changes in /etc/default/grub will allow it to recognize the encrypted boot partition and pass the correct parameters to the kernel:

# nano /etc/default/grub
 ...
 GRUB_CMDLINE_LINUX="cryptdevice=/dev/disk/by-id/YourDiskId:cryptroot:allow-discards,header"
 GRUB_PRELOAD_MODULES="part_gpt part_msdos lvm"
 GRUB_ENABLE_CRYPTODISK=y
 GRUB_GFXMODE=1024x768x32

Generate the GRUB configuration file and install GRUB to the mounted ESP:

# grub-mkconfig -o /boot/grub/grub.cfg
# grub-install --target=x86_64-efi --efi-directory=/boot/efi --bootloader-id="grub"

GRUB will now ask for the passphrase to unlock the boot partition from where it will read its configuration files, load the kernel and unpack initramfs.

System Configuration

Set your time zone and configure the hardware clock:

# ln -sf /usr/share/zoneinfo/America/New_York /etc/localtime
# hwclock --systohc --utc

The list of available time zones can be enumerated with:

# ls -R /usr/share/zoneinfo | less

Uncomment all desired localizations, i.e. en_US.UTF-8 UTF-8 in locale.gen, generate them, and set the LANG environment variable:

# nano /etc/locale.gen
# locale-gen
# echo LANGUAGE=en_US >> /etc/locale.conf
# echo LANG=en_US.UTF-8 >> /etc/locale.conf

Set the host name for your machine. Add a matching entry to the hosts file:

# echo myyoga920 > /etc/hostname
# nano /etc/hosts
 ...
 127.0.0.1 myyoga920.localdomain myyoga920
 # End of file

Update all installed packages, install the packages required for WiFi, as well as auto completion for bash, so it is easier to find packages:

# pacman -Suy iw wpa_supplicant bash-completion

Create a new user account that you will use to log in from now on:

# useradd -m -g users -G wheel,storage,power -s /bin/bash your_new_user_name
# passwd your_new_user_name

Install sudo, which will allow you to perform administrative tasks using the previously created new user account:

# pacman -S sudo
# EDITOR=nano visudo
  uncomment the following line
  %wheel ALL=(ALL) ALL

To further reduce the attack surface of your device, it is recommended to lock the root account. Note that you can always re-enable it later by setting a password for it:

# passwd -l root

Exit the chroot environment, unmount all partitions, disable swap and reboot the machine. After the screen goes black, remove the installer USB stick:

# exit
# umount -R /mnt
# swapoff -a
# reboot

If you did everything correctly, the laptop will restart, EFI will detect the USB dongle and start Grub, which will then ask you for the password to unlock the boot partition and show the bootloader menu. When selecting the ArchLinux operating system, the kernel and initial ramdisk are loaded, execution is transferred to the kernel, and a second password prompt is shown to unlock the root file system. After that, you should be presented with a login prompt into your brand new system.

Secure Boot

Encrypting the boot partition does not necessarily increase security and simply shifts the problem to the bootloader, which must remain unencrypted on today’s hardware. However, with UEFI Secure Boot we can cryptographically sign the bootloader and whitelist it, which adds an additional layer of protection, because the system can:

Detect tampering with the bootloader
Refuse to boot any but the correct boot partition

Why is this important? Because an encrypted root disk does not prevent attackers with access to your laptop (i.e. in a hotel room) from booting their own operating system from USB and manipulating the firmware in various hardware components. Should attackers gain access to your USB boot dongle, they can also install a hacked bootloader on it (see Evil Maid attacks).

Setting up Secure Boot is not exactly straightforward, but there are tools to simplify the process. I used cryptboot to take care of everything. First you need to put Secure Boot into setup mode. Power down the laptop, activate the BIOS menu, and then:

Select the BIOS Setup menu option and press Enter
Navigate to the Security page using the right arrow key
Go to Set Administrator Password and enter a strong password
Go to Reset to Setup Mode, press Enter and select Yes
Save the changes and exit BIOS Setup

At this point, the preloaded Secure Boot keys for Microsoft/OEM have been deleted. You can always restore the factory keys in BIOS Setup, if needed. The next step is to install the cryptboot package, which is not part of the core repository yet, so we have to build it manually from GitHub.

Install the development base package and the Git client:

# sudo pacman -S base-devel git

Clone the GitHub repository, build and install the package:

# git clone https://github.com/xmikos/cryptboot
# cd cryptboot
# makepkg -si --skipchecksums

cryptboot currently does not provide source checksums and PGP signatures, so we have to skip the checksum verification altogether. You should take a look at the cloned script files and make sure that they match the ones shown on GitHub and do not contain any malicious code.

Mount the boot partition and the ESP:

# sudo cryptboot mount

Generate and enroll new UEFI Secure Boot keys (common name is the name under which the key will be stored, i.e. "ArchLinux"):

# sudo cryptboot-efikeys create
# sudo cryptboot-efikeys enroll

Update and sign the Grub bootloader, unmount the boot partitions, and shut down the system:

# sudo cryptboot update-grub
# sudo cryptboot umount
# sudo shutdown -P now

To upgrade the system, Grub bootloader and the boot partition in the future, simply plug in the USB dongle and run:

# sudo cryptboot upgrade

It will automatically mount the boot partition and ESP, upgrade the system packages, update and sign the bootloader, and unmount the partitions.

The final step is to re-enable Secure Boot. Activate the BIOS menu and:

Select the BIOS Setup menu option and press Enter
Navigate to the Security page using the right arrow key
Go to Secure Boot and press Enter to toggle the option to Enabled
Save the changes and exit BIOS Setup

The USB dongle is now the only media able to boot on the laptop, and it is also protected against tampering.

Post-install Steps

The laptop is now ready for every day use. If this is your first time installing ArchLinux, read the general recommendations and perform any steps that you deem necessary.

My laptop is going to be used as a development machine. Over time I’ll be installing and uninstalling a lot of packages and drivers. I set up Snapper for regular snapshots of the file system, so that I can easily revert it to an earlier state in case it breaks:

# sudo pacman -S snapper
# sudo umount /.snapshots
# sudo rm -r /.snapshots
# sudo snapper -c root create-config /
# sudo mount -o compression=lzo,discard,noatime,nodiratime,subvol=@snapshots /dev/mapper/System-root /.snapshots
# sudo systemctl start snapper-timeline.timer

This will initialize the snapshots volume and use the default settings to create and keep ten hourly, ten daily, ten monthly and ten annual snapshots of the disk. Check out the Snapper documentation for these and other configuration options.

Setting up a desktop environment is most likely your next big task. There are quite a few to chose from. Due to the popularity of Ubuntu, the Gnome desktop manager has excellent out of the box support for modern hardware, and it is probably your best choice if you’d like to get up and running quickly.

The installation of Gnome amounts to:

# sudo pacman -S gnome

A couple tweaks are needed to make gnome-terminal work properly:

# sudo localectl set-locale LANG=en_US.UTF-8
# sudo echo LC_ALL= >> /etc/locale.conf

During the installation we used wpa_supplicant to establish connections to wireless networks, but this is rather cumbersome. The NetworkManager service can perform these things automatically and will also be exposed in the user interface:

# sudo pacman -S networkmanager
# sudo systemctl enable --now NetworkManager.service

Edit its configuration file to let it manage network interfaces on demand:

# sudo nano /etc/NetworkManager/NetworkManager.conf
 [ifupdown]
 managed=true

To increase battery life, install and enable TLP power management:

# sudo pacman -S tlp x86_energy_perf_policy
# sudo systemctl enable tlp.service
# sudo systemctl enable tlp-sleep.service

There is also an optional package for optimizing the power consumption of the WiFi and Bluetooth devices that requires the NetworkManager dispatcher service to be enabled, and the rfkill services to be masked:

# sudo pacman -S tlp-rdw
# sudo systemctl enable NetworkManager-dispatcher.service
# sudo systemctl mask systemd-rfkill.service
# sudo systemctl mask systemd-rfkill.socket

No further configuration is required, but you can visit the TLP project page for a description of all features and options.

Finally, enable and start the Gnome desktop manager service:

# sudo systemctl enable --now gdm.service

The login screen should appear and take you to your shiny new desktop.

Yoga 920 Gnome Desktop

Yoga Specifics

The ideapad_laptop kernel module has caused problems with Lenovo laptops and tablets in the past and still does with the Yoga 920. In particular, it prevents the WiFi from being turned on. It is best to blacklist it:

# sudo nano /etc/modprobe.d/blacklist.conf
# install ideapad_laptop /bin/false

Once connected to a wireless network, it appears to have poor performance, showing only 6 Mb/s on 5GHz and 1 Mb/s on 2.4GHz networks. The actual throughput is much higher though. This might be a bug in the Atheros QCA6174 firmware or the kernel. Note that the current version of ArchLinux (currently 4.14.3-1) already contains the latest firmware from kvalo, so an update won’t fix it yet.

The Bluetooth service is installed with Gnome, but you need to enable and start it:

# sudo systemctl enable --now bluetooth.service

The specific fingerprint reader built into the Yoga 920 is currently not supported. However, there is some ongoing work in the community to reverse engineer its protocol.

Whenever you power the laptop on or off with the boot dongle unplugged, the Yoga’s EFI boot manager removes the dongle from its list of bootable partitions. When plugging the stick in again, the firmware is unable to detect the bootloader and shows a message that no bootable device was found. This particularly annoying issue might be specific to Grub or cryptboot as I have not seen it happen with other bootloaders.

In the meantime, it is best to leave the dongle plugged in during power transitions. To make a forgotten dongle bootable again, launch into the shell of an ArchLinux live USB and manually add its boot partition to the firmware. Assuming that the dongle is mounted as /dev/sdb:

# efibootmgr -c -d /dev/sdb1 -p 1 -l "\EFI\grub\grubx64.efi" -L "ArchLinux"

Conclusions

In this article we have gone to great lengths to encrypt the root filesystem and boot partition, to detach cryptographically relevant data to a USB dongle, and to protect the dongle via Secure Boot. However, no level of encryption can fully protect your computer system. With the presence of features like Intel Management Engine and AMD Platform Security Processor on most modern processors, as well as many other possible backdoors, it is likely compromised straight out of the factory.

The mechanisms discussed here also don’t protect from vulnerabilities in the OS and the software that will be running on your system. Our goal is to not leave the door wide open for opportunistic attacks by ordinary people. If you are concerned about sophisticated criminal, corporate or governmental organizations, you are best advised to not store highly sensitive data on your laptop in the first place.

When running ArchLinux on the Yoga 920, most features work out of the box. The only exceptions are the fingerprint reader, which is currently not supported, and the wireless adapter, which has performance issues that will hopefully be resolved soon.

Appendix A: Resume Installation

If you need to proceed with the installation at a later time, you can resume it by first booting the ArchLinux live USB and then inserting the USB dongle. If you already created the encrypted boot partition, unlock and mount it:

# cryptsetup open /dev/sdb2 cryptboot
# mount /dev/mapper/cryptboot /mnt

If you already encrypted the system drive, unlock it:

# cryptsetup open --type luks --header /mnt/luksheader /dev/nvme0n1 cryptroot

If you already created the root file system, mount the root BTRFS subvolume:

# swapon -d /dev/mapper/System-swap
# mount -o compress=lzo,discard,noatime,nodiratime,subvol=@ /dev/mapper/System-root /mnt

If you have not completed the ArchLinux installation, mount the other subvolumes:

# mount -o compress=lzo,discard,noatime,nodiratime,subvol=@home /dev/mapper/System-root /mnt/home
# mount -o compress=lzo,discard,noatime,nodiratime,subvol=@snapshots /dev/mapper/System-root /mnt/.snapshots

If you have not completed the bootloader installation, remount the USB dongle into the installed root:

# mount /dev/mapper/cryptboot /mnt/boot
# mount /dev/sdb1 /mnt/boot/efi

If you completed the ArchLinux installation, change into the installed root via:

# arch-chroot /mnt

Appendix B: Keep TRIM Disabled

Should you decide to keep TRIM disabled for improved data security, you can fill an entire drive or partition with random data by performing the following steps. First create a temporary container and make sure it exists:

# cryptsetup open --type plain /dev/nvme0n1 container --key-file /dev/random
# fdisk -l
 ...
 Disk /dev/mapper/container: 953.9GiB
 ...

Then write zeros to the container until it is full and close it:

# dd if=/dev/zero of=/dev/mapper/container bs=1M status=progress
# cryptsetup close container

This will take about 18 minutes for the 1TB drive.

TRIM is disabled for LUKS volumes by default. Make sure that you do not pass the allow-discards parameter to the kernel in /etc/default/grub (run grub-mkconfig again if needed), and do not specify the discard flag for the Btrfs subvolumes in /etc/fstab.

Appendix C: Auto-mount Boot Partition

Before performing a full system upgrade, you must mount the boot partition, so that the package manager can access the kernel and initial RAM filesystem, if needed. You can always mount it manually via:

# cryptsetup open /dev/sda2 cryptboot
# mount /dev/mapper/cryptboot /boot
# mount /dev/sda1 /boot/efi

You can also mount the boot partition automatically on system startup and during reboot by adding the encrypted container to crypttab, which is read after bootup, but before fstab. To prevent another password prompt, you can set up a keyfile in the root file system that auto-unlocks the boot partition for you.

First, create the keyfile and set the correct file permissions:

# dd bs=512 count=4 if=/dev/urandom of=/etc/cryptboot.key
# chmod 000 /etc/cryptboot.key
# chmod 600 /boot/initramfs-linux*

Then add the keyfile to the LUKS header of the boot partition:

# cryptsetup luksAddKey /dev/sda2 /cryptboot.key

The LUKS header now contains two key slots, one for the initial passphrase, and one for the key file we added. You can verify that this is the case:

# cryptsetup luksDump /dev/sda2

Modify crypttab to unlock the boot partition to /dev/mapper/cryptboot using the key file that we just created:

# nano /etc/crypttab
 cryptboot    UUID=<identifier>    /etc/cryptboot.key    luks

Finally, make sure that the boot partition and the ESP do not use the noauto flag in /etc/fstab. The corresponding entries should look as follows:

# cat /mnt/etc/fstab
 ...
 UUID=...  /boot        ext2   rw,relatime,block_validity,barrier,user_xattr,acl 0 2
 UUID=...  /boot/efi    vfat   rw,relatime,fmask=0022,dmask=0022,codepage=437,iocharset=iso8859-1,shortname=mixed,errors=remount-ro  0 2
 ...

After rebooting, the partitions on the USB dongle are mounted automatically.

Appendix D: Auto-unlock Root Partition

First, create the keyfile and set the correct file permissions:

# dd bs=512 count=4 if=/dev/urandom of=/crypto_keyfile.bin
# chmod 000 /crypto_keyfile.bin
# chmod 600 /boot/initramfs-linux*

Then add the keyfile to the detached LUKS header of the root partition:

# cryptsetup luksAddKey /boot/luksheader /crypto_keyfile.bin

The LUKS header now contains two key slots, one for the initial passphrase, and one for the key file we added. You can verify that this is the case:

# cryptsetup luksDump /boot/luksheader

Add the keyfile to the initial ramdisk image:

# nano /etc/mkinitcpio.conf
 ...
 FILES=(/boot/luksheader /crypto_keyfile.bin)

Regenerate the initial ramdisk image:

# mkinitcpio -p linux

The kernel automatically looks for a /crypto_keyfile.bin on boot, so it does not need to be added to the kernel command line.

If you’d like to store the keyfile under a different path or name, you can pass it to the kernel command line via the cryptkey parameter:

# nano /etc/default/grub
 GRUB_CMDLINE_LINUX="cryptdevice=/dev/disk/by-id/YourDiskId:cryptroot:allow-discards,header cryptkey=/path/to/keyfile"

Don’t forget to also set the correct path in mkinitcpio.conf, and regenerate both the Grub configuration file and the initial ramdisk image.

After rebooting the system, you should now be taken directly to the root login prompt after entering the password for unlocking the boot partition.

Appendix E: Future Firmware Updates

At the time of this writing it was not possible to update the UEFI firmware outside of Windows, and with Lenovo’s track record on Linux support you certainly shouldn’t hold your breath for this to change. There are few ways we can work around it though, but they all require to boot into Windows 10.

The easiest option is to leave the pre-installed Windows and resize its partition to make room for an ArchLinux install in an encrypted partition. You can set it up for dual-boot and fire up Windows when a new firmware has been released. Obviously, this will prevent you from using the entire SSD for ArchLinux.

Another option is to clone the pre-installed Windows to a Windows To Go live USB stick, from which you can boot Windows instead. This can be accomplished with the free version of WinToUSB. Make sure to use a USB stick with fast read and write speeds, or you’ll spend a lot of time waiting. I personally used a SanDisk Ultra Dual Drive USB Type-C 32GB with a read speed of 150MB/s.

If your Yoga is already wiped clean, but you have access to another Windows PC, you can download the Windows 10 ISO for free and turn it into a Windows To Go USB stick using a variety of free utilities. If you run Enterprise or Education Edition, you can also use the built-in utility.

If you don’t have access to a Windows PC, you can install the Windows 10 ISO into VirtualBox and clone that installation onto a Windows To Go USB from there. This is more involved and time consuming, but I’ve tried it, and it works. Note that you cannot flash the firmware directly from within the guest operating system as it does not have access to the actual hardware.

When I updated the firmware on my Yoga 920 it reset the Secure Boot configuration to factory defaults. If you use Secure Boot, you have to temporarily disable it, put BIOS Setup back into Secure Boot Setup Mode, boot your ArchLinux, then re-enroll your UEFI keys via:

# sudo cryptboot mount
# sudo cryptboot-efikeys enroll

After that, re-enable secure boot in BIOS Setup.

Related Resources

Although the individual parts of this setup are well documented on the ArchLinux Wiki, it took me quite a while to get the boot configuration to work properly, and I couldn’t have done it without the help of TJ from the #grub FreeNode IRC channel. Make sure to check out his excellent Illustrated Guide to Grub that describes the inner workings of the Linux boot process on BIOS and UEFI in detail.

A Yoga 920 specific installation overview for Ubuntu is on Lafaspot.

A review of Fedora can be found on Kevin’s blog.

Minimal instructions for installing ArchLinux using EXT4/LVM/LUKS/NVMe on an UEFI system and the systemd-boot bootloader are in binaerbaum’s gist. The hint that Grub will not work with NVMe drives is no longer valid though. Also, systemd-boot doesn’t support encrypted boot partitions at this time.