I have been thinking about what might be the easiest way to take an ESTABLISHED and completely finished Linux system's /boot off the hard drive. In essence I would be moving /boot to a bootable USB (bios correctly configured to use it) and then either doing a urandom of the previous 250 meg it occupied, or expanding the LVM to suck up the space. Lets leave the size adjustment out of the loop for now. Obviously, creating the separate usb boot stick from the start would have been the way to go. There are times I walk into systems after they are made. I am a big proponent of having /boot gone before any workspace is approached. Its one of my cardinal rules (OPsec). Anyone have any links I could follow or read through? Short step by step here? There are lots of ways to "skin a cat" but thoughts I have don't seem overly easy. I can create a beautiful system from scratch in under two hours, so for this to be something I would form a "guide" on, it needs to be simple.
Easy: "boot size in MiB" x 2048. My /boot partition is exactly 1GB. So for me, it's 1024 x 2048, which equals 2097152 sectors to use in dd. You can also use cfdisk to see how many sectors your /boot partition has: Code: Disk: /dev/sda Size: 931.5 GiB, 1000204886016 bytes, 1953525168 sectors Label: gpt, identifier: XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX Device Start End Sectors Size Type >> /dev/sda1 2048 2099199 2097152 1G Linux filesystem /dev/sda2 2099200 1953525134 1951425935 930.5G Linux LVM In my case, /dev/sda1 is used for unencrypted boot, while /dev/sda2 is used as encrypted LVM with 3 logical volumes inside. So whenever I want to back my /boot partition I just do this: Code: dd if=/dev/sda1 of=/home/BackUp/boot-full bs=512 count=2097152
Thanks, But I am talking about using that USB as /boot not simply copying the /boot files for safekeeping. Once copied over I plan to delete /boot completely from the sata drive. I want to examine how to point Ubuntu/Debian to the usb stick for mounting the OS. That is where a guide or step by step would come in handy.
Oh, I see. Well, I think it shouldn't be that hard. Once you've moved over the contents to the USB drive, you just copy it's UUID to your fstab and point it as /boot. Then use the UUID's of your S-ATA drive partitions/volumes as you do now for /, /home, etc. I think it should come down as bellow: Code: # # /etc/fstab: static file system information # # <file system> <dir> <type> <options> <dump> <pass> UUID=XXXXXX-XXXXX-XXXXXX-XXXXX-XXXXX / btrfs rw,relatime,space_cache,subvolid=5,subvol=/ 0 0 UUID=XXXXXX-XXXXX-XXXXXX-XXXXX-XXXXX /boot btrfs rw,relatime,space_cache,subvolid=5,subvol=/ 0 0 UUID=XXXXXX-XXXXX-XXXXXX-XXXXX-XXXXX /home btrfs rw,relatime,space_cache,subvolid=5,subvol=/ 0 0 UUID=XXXXXX-XXXXX-XXXXXX-XXXXX-XXXXX none swap defaults 0 0 You must try this method before deleting the /boot partition, though, so you can revert the fstab changes if they don't work. Just make a copy of your fstab and edit it to point your USB drive as /boot, then if it doesn't work you can simply move the backup back. Then if it works you can delete the /boot partition and you won't miss it at all. I wouldn't recommend using Lables for this operation, because your motherboard or Operating System might reconize the same drives as /dev/sda at one boot but /dev/sdb at a different boot.
I'll be near a machine in question in about an hour or so. If this works I'll have two more to do at other locations. Great backups means no fear. LOL!!
As suspected this was quite easy to do. Just had to manipulate a few UUID's and set fstab. With the actual Linux disk mounted I ran sudo update-grub and sudo grub-install /dev/sdb on top of the files I copied over from the original /boot. Showed no errors and good to go. Fired right up afterwards! Easy stuff. I ran urandom on that little boot partition (sda1) and threw a dummy LUKS container over it to protect the space from being written to by operator error. Kept the partition in place in case I ever want to go back to the generic install config. Not likely! I know to some it seems over the top but I don't like unencrypted space when I am using "workspace" from within my VM's. Sure it would take a VM breakout, but with /boot extracted from the host, I know for sure nobody is going to write anything there. LOL!