User:Sakaki/Sakaki's EFI Install Guide/Creating and Booting the Minimal-Install Image on USB

We can now proceed to download, verify and use the Gentoo minimal install image. This is a bootable, self-contained Linux system ISO disk image, updated regularly by Gentoo Release Engineering. As the name suggests, you can boot your target PC with it and, assuming you have internet access, parlay from there to a full Gentoo installation.

This section shadows Chapter 2 of the Gentoo handbook.

Downloading and Verifying the ISO Image
Firstly, identify the name of the current release of the minimal install ISO (we'll refer to it using the generic form below). New versions come out multiple times per year. Open the link http://distfiles.gentoo.org/releases/amd64/autobuilds/latest-iso.txt in a browser to determine the current name.

Open a terminal window on the helper PC, and download the necessary files (the ISO, a contents list for that ISO, and a signed digest list):

This may take a little time to complete, depending on the speed of your Internet link.

We next need to check the integrity of the ISO, before using it. The file contains cryptographically signed digests (using various hash algorithms) for two other files you have downloaded.

As such, to verify the ISO we must:
 * 1) download the public key used for Gentoo automated weekly releases (if you don't already have this on your helper PC);
 * 2) check the signature of the  file using this key; and then
 * 3) check that the hashes (digests) contained in that file agree with values that we compute independently.

The fingerprint of the automated weekly release public key may be found on the Gentoo Release Engineering page. When requesting the key from a keyserver, you don't need to cite the whole fingerprint, just enough of it to be unambiguous. For example, at the time of writing, the automated release key fingerprint was, so to download it (step 1 in the above list), issue:

You should next verify that the key's full fingerprint matches that listed on the Release Engineering page:

If all looks good, use the program to verify the digest file (step 2):

Assuming that worked (the output reports 'Good signature'), next check the digests themselves (step 3); we'll use the SHA512 variants here:

If this outputs:

then continue, all is well.

Copying the ISO Image to USB
Next, we need to copy the ISO onto a USB key (the image is already hybrid ).

Just before inserting the USB key (the larger one) into the helper pc, issue:

Note the output, then insert the USB key, and issue:

again. The change in output will show you the key's device path (note that the initial prefix is not shown in the  output). We will refer to this path in these instructions as , but in reality on your system it will be something like, etc.

Next, we will write the ISO image to the USB key. This will require root access, so issue:

Now you can write the ISO image to the USB key (note, we use a larger than default block size here, for efficiency). Issue:

Wait for the process to complete before continuing.

Booting the ISO Image
Modern Gentoo minimal install images can be booted under EFI (as well as 'legacy' / CSM mode), but do not support secure boot. As such, we'll need to bring up your target PC &mdash; using the USB key you just set up &mdash; under UEFI but with secure boot temporarily disabled (of course, the kernel we'll ultimately create will secure boot under EFI).

So, to proceed, take the USB key from the helper PC (where we just 'd it) and insert it into the target PC. The latter is still running Windows, and you need to reboot it into the BIOS setup GUI. There are two ways to do this; choose the one that suits you:
 * Either: Use Windows boot options menu.
 * This is the easier method (particularly if your target machine is using the 'fast boot' option with Windows). In Windows, hit, then click on the power icon at the bottom right of the screen, and then while holding down , click 'Restart' from the pop-up menu. This will pass you into the Windows boot options menu. Once this comes up (and asks you to 'Choose an option'), click on the 'Troubleshoot' tile, which brings up the 'Advanced options' panel (in Windows 10, you have to click on the 'Advanced options' tile to show this): from this, click on 'UEFI Firmware Settings', and confirm if prompted. Your machine will then restart into the BIOS GUI directly (no hotkeys required) and you can proceed.


 * Or: Use the BIOS hotkey.
 * This is a less reliable method, since you are racing the OS loading process. To use it, hit from within Windows, then click on the power icon at the bottom right of the screen, and choose 'Restart' from the pop-up menu to perform a regular restart. Then, immediately the target PC starts to come back up, press the appropriate hotkey to enter the BIOS setup GUI. Unfortunately, the required hotkey varies greatly from machine to machine (as does the BIOS user interface itself). On the Panasonic CF-AX3, press  during startup (you may need to press it repeatedly).

Once you have the BIOS configuration GUI up, you need to perform the following steps :
 * 1) disable legacy / CSM boot mode (if available and currently the active default);
 * 2) enable EFI boot mode (if not already the active default);
 * 3) ensure any 'fast boot' / 'ultra fast boot' options (if present) are disabled (as these may cause USB to be disabled until the operating system comes up);
 * 4) turn off secure boot (for the reason noted above);
 * 5) select the Gentoo minimal install USB key as the highest priority UEFI boot device; and
 * 6) restart your machine (saving changes).

It's impossible to be precise about the GUI actions required to achieve the above, as they will vary from BIOS to BIOS. However, to give you an idea, here's how you would go about it on the Panasonic CF-AX3 (which has an AMT BIOS).

Use the arrow keys to move to the 'Boot' tab. Then, navigate down to the 'UEFI Boot' item, and press. In the popup that appears, select 'Enabled' using the arrow keys, and press. This switches the system out of legacy / CSM boot and into standard UEFI mode (steps 1 and 2 in the list above):

Next, if you have a 'Fast Boot' / 'Ultra Fast Boot' option in your BIOS, you should turn it off at this point (step 3 in the list); as this may cause USB devices to be disabled at boot time. The Panasonic has the choice of 'Normal' (as here) or 'Compatible' boot modes; 'Normal' does allow boot from USB and works with the USB keys I used, but if you have problems (and the same BIOS), you could try switching this to 'Compatible' instead).

Then (step 4), we'll turn off secure boot, since the Gentoo minimal install image isn't signed with a Microsoft-sanctioned key (don't worry, we'll set up our own secure-boot keystore later in the tutorial). On the CF-AX3, use the arrow keys to select the 'Security' tab, then navigate down to the 'Secure Boot' item, and select it by pressing. This enters a 'Security' sub-page; navigate to the 'Secure Boot control' item, and press. In the popup that appears, select 'Disabled' using the arrow keys, and press :

Next, on the CF-AX3, if your machine was originally in CSM / legacy boot mode during step 1 above, it is necessary to restart the machine at this point (as it will not pick up valid UEFI boot devices immediately upon switching into UEFI boot mode). Again, the method to achieve this varies from machine to machine; on the Panasonic's BIOS, hit to restart, and confirm if prompted.

When the machine restarts, hit again, to re-enter BIOS setup.

Now we can select a boot device (step 5) &mdash; if you don't do this, you'll simply be dumped back into Windows when you restart. Using the arrow keys, navigate to the 'Boot' tab, and then down to the 'UEFI Priorities' item. Press, and a sub-page is displayed. Ensure the item 'UEFI Boot from USB' is enabled (if it isn't, enable it now, and then press to restart (confirming if prompted), and come back to this point). Navigate down to 'Boot Option #1' and press. In the pop-up menu that appears, select your (Gentoo minimal install) USB key, and press to select it:

That's it! Now press to restart (step 6; the required method varies from BIOS to BIOS), and confirm if prompted.

Hopefully, after a short delay you'll be presented with a GRUB boot screen. Unless you want to enter custom options &mdash; which most users will not &mdash; simply press to proceed. After a few seconds (and before you are provided with a command prompt), you'll be asked to choose a keymap. It's important, particularly on a machine with non-standard keyboard layout such as the CF-AX3, to get this right, otherwise you may have problems with passwords and so forth. Again, the correct map to choose will obviously depend on your machine but, on the Panasonic CF-AX3, press to select the Japanese keymap.

A few seconds later, you should have a Gentoo Linux root command prompt! Now, we'll set-up a root password (this is only for use during the install, it will not persist across into the final system).

Make a note of the password, as you will require it shortly.

Setting the Date and Time
It's important to ensure that you have the correct time and date on your target machine. Check it with:

Per the handbook, you should stick with UTC for now (the real timezone specification will come later in the install). If necessary, set the date and time, in MMDDhhmmYYYY format (Month, Day, hour, minute, year):

Next Steps
Next, we'll setup the network and get an SSH daemon running. Click here to go to the next chapter, "Setting Up Networking and Connecting via ".