User:Vokiel/Razer-Blade-15-2020

From Gentoo Wiki
Jump to:navigation Jump to:search

Razer Blade 15 Base Model (Early 2020) Installation Log

This page is an installation log of gentoo linux on a Razer Blade 15 Base Model with an OLED. I won't go into detailed technical explanations in this log. I may drop a number of links which may eventually die and become inaccessible. I will however document everything that I've done, what worked well and what didn't. I will try to log everything in a neutral position as much as possible. I'll set my own requirements, and make my own choices. Some of which will most likely be wrong, so don't take this page as a Guide without asking for multiple opinions on it. If you find some problematic setup, don't hesitate to share it under the Discussions tab.

This is the product string I get from dmidecode:

user $dmidecode -s system-product-name
Blade 15 Base Model (Early 2020) - RZ09-0328


Requirements

  1. Must not dual boot Windows or any other system.
  2. Must use an EFI boot partition on a GPT disk.
  3. Must use an LVM partition setup inside a LUKS container.
  4. Must use a key file to unlock the LUKS partition from a USB thumb drive or key.
    1. Should be able to use a normal fallback password
  5. Must be able to suspend/hibernate
  6. Must use the Nvidia proprietary driver with Optimus.
  7. Should use OpenRC
  8. Should use OpenRazer
  9. Should use Enlightenment
    1. First alternative is i3
    2. Second alternative is Xfce
  10. Should use GRUB with custom Razer theme
  11. Should use SDDM with custom Razer theme


Making a Bootable EFI USB Key

Originally from Sakaki's EFI Install Guide

user $mkdir tmp
user $cd tmp
user $gpg --keyserver hkps.pool.sks-keyservers.net --recv-key 2D182910
user $gpg --fingerprint 2D182910
pub   rsa4096 2009-08-25 [SC] [expires: 2022-07-01]
      13EB BDBE DE7A 1277 5DFD  B1BA BB57 2E0E 2D18 2910
uid           [ unknown] Gentoo Linux Release Engineering (Automated Weekly Release Key) <releng@gentoo.org>
sub   rsa2048 2019-02-23 [S] [expires: 2022-07-01]
user $gpg --verify install-amd64-minimal-20210502T214503Z.iso.DIGESTS.asc
gpg: Signature made Sun 02 May 2021 07:41:05 PM EDT
gpg:                using RSA key 534E4209AB49EEE1C19D96162C44695DB9F6043D
gpg: Good signature from "Gentoo Linux Release Engineering (Automated Weekly Release Key) <releng@gentoo.org>" [unknown]
gpg: WARNING: This key is not certified with a trusted signature!
gpg:          There is no indication that the signature belongs to the owner.
Primary key fingerprint: 13EB BDBE DE7A 1277 5DFD  B1BA BB57 2E0E 2D18 2910
     Subkey fingerprint: 534E 4209 AB49 EEE1 C19D  9616 2C44 695D B9F6 043D
user $awk '/SHA512 HASH/{getline;print}' install-amd64-minimal-20210502T214503Z.iso.DIGESTS.asc | sha512sum --check
install-amd64-minimal-20210502T214503Z.iso: OK
install-amd64-minimal-20210502T214503Z.iso.CONTENTS.gz: OK
user $su -
root #cd /home/.../tmp
root #dd if=install-amd64-minimal-20210502T214503Z.iso of=/dev/sda bs=8192k status=progress && sync

All the above worked fine, however I had to use a different key server (hkps.pool.sks-keyservers.net) to retrieve the public key from Gentoo Release Engineering. Found this domain on some random forum post. Booting the Razer was successful with the livecd prompt showing up.


Connecting to the Network

Basically followed the Network Guide, but this always fails on WIFI for various reasons. My network is under WPA-PSK, so I used net-setup and followed the setup wizard. This gave me an Unreachable Network problem, which I had to fix by adding the default gateway manually with:

root #route add default gw 192.168.1.1
Note
I didn't need to install or deal with wpa_supplicant to have a connection initialized with net-setup


Creating the Partitions

LVM will be used on this laptop, so only 2 partitions are really needed: The standard EFI partition required for booting in UEFI mode and the actual Luks encrypted partition that will contain all other partitions.

root #fdisk /dev/nvme0n1

With fdisk, we create a new GPT partition table and dump whatever was there before (g). After, it's simply a matter of creating an EFI partition (n, default, default, +512M, t, 1) and then an extended Linux Filesystem partition. (n, default, default, default)

Warning
This is a log. Only do this if you don't want to dual boot
root #fdisk -l /dev/nvme0n1
Disk /dev/nvme0n1: 476.94 Gib, 512110190592 bytes, 1000215216 sectors
Disk model: NVMe CA5-8D512
Units: sectors of 1 * 512 = 512 bytes
Sector size (logical/physical): 512 bytes / 512 bytes
I/O size (minimum/optimal): 512 bytes / 512 bytes
Disklabel type: gpt
Disk identifier: ...

Device           Start        End   Sectors   Size Type
/dev/nvme0n1p1    2048    1050623   1048576   512M EFI System
/dev/nvme0n1p2 1050624 1000215182 999164559 476.4G Linux filesystem


EFI Partition

Needs to be vfat according to the EFI System Partition Guide.

root #mkfs.vfat -F 32 /dev/nvme0n1p1


LUKS Partition

First step is to erase or randomize the disk data to avoid usage pattern attacks. Taken from Arch's DM-crypt Drive Preparation

root #cryptsetup open --type plain -d /dev/urandom /dev/nvme0n1p2 crypt-wipe
root #dd if=/dev/zero of=/dev/mapper/crypt-wipe status=progress
root #cryptsetup close crypt-wipe

Encryption scheme is chosen to match cryptsetup's default values:

root #cryptsetup luksFormat /dev/nvme0n1p2
WARNING!
========
This will overwrite data on /dev/nvme0n1p2 irrevocably.

Are you sure? (Type 'yes' in capital letters): YES
Enter passphrase for /dev/nvme0n1p2:
Note
At this stage a simple passphrase is used to keep things simple. An encrypted key file will be added later.
root #cryptsetup luksOpen /dev/nvme0n1p2 gentoo
Enter passphrase for /dev/nvme0n1p2:


LVM Partitions

The LVM partitions created are: swap, /, /var, /var/log, /var/tmp, /home and a toy partition on /media

root #pvcreate /dev/mapper/gentoo
root #vgcreate vg0 /dev/mapper/gentoo
root #lvcreate --size 16G --name swap vg0
root #lvcreate --size 48G --name root vg0
root #lvcreate --size 12G --name var vg0
root #lvcreate --size 8G --name varlog vg0
root #lvcreate --size 12G --name vartmp vg0
root #lvcreate --size 72G --name home vg0
root #lvcreate --extents 100%FREE --name media vg0
root #vgchange --available y
root #pvdisplay
--- Physical volume ---
PV Name               /dev/mapper/gentoo
VG Name               vg0
PV Size               476.42 GiB / not usable <1.32 MiB
...
root #vgdisplay
--- Volume group ---
VG Name               vg0
System ID
Format                lvm2
...
root #lvdisplay
--- Logical volume ---
LV Path               /dev/vg0/swap
LV Name               swap
VG Name               vg0
...
LV Size               16.00 GiB

--- Logical volume ---
LV Path               /dev/vg0/root
LV Name               root
VG Name               vg0
...
LV Size                48.00 GiB

--- Logical volume ---
LV Path               /dev/vg0/var
LV Name               var
VG Name               vg0
...
LV Size               12.00 GiB

--- Logical volume ---
LV Path               /dev/vg0/varlog
LV Name               varlog
VG Name               vg0
...
LV Size               8.00 GiB

--- Logical volume ---
LV Path               /dev/vg0/vartmp
LV Name               vartmp
VG Name               vg0
...
LV Size               12.00 GiB

--- Logical volume ---
LV Path               /dev/vg0/home
LV Name               home
VG Name               vg0
...
LV Size               72.00 GiB

--- Logical volume ---
LV Path               /dev/vg0/media
LV Name               media
VG Name               vg0
...
LV Size               308.42 GiB

Format all partitions, XFS will be used for all /var reads/writes whereas the other file systems can just use EXT4:

root #mkswap -L "swap" /dev/mapper/vg0-swap
root #mkfs.ext4 -L "root" /dev/mapper/vg0-root
root #mkfs.ext4 -L "root" /dev/mapper/vg0-home
root #mkfs.ext4 -L "root" /dev/mapper/vg0-media
root #mkfs.xfs -l internal,size=128m -d agcount=2 /dev/mapper/vg0-var
root #mkfs.xfs -l internal,size=128m -d agcount=2 /dev/mapper/vg0-varlog
root #mkfs.xfs -l internal,size=128m -d agcount=2 /dev/mapper/vg0-vartmp

Installing Gentoo from Stage 3

Following the Handbook closely:

root #swapon -v /dev/mapper/vg0-swap
root #mount -v -t ext4 /dev/mapper/vg0-root /mnt/gentoo
root #mkdir -p /mnt/gentoo/var/{log,tmp}
root #mount -v -t xfs /dev/mapper/vg0-var /mnt/gentoo/var
root #mount -v -t xfs /dev/mapper/vg0-varlog /mnt/gentoo/var/log
root #mount -v -t xfs /dev/mapper/vg0-vartmp /mnt/gentoo/var/tmp
root #mkdir /mnt/gentoo/{boot,home,media}
root #mount /dev/nvme0n1p1 /mnt/gentoo/boot
root #mount -v -t ext4 /dev/mapper/vg0-home /mnt/gentoo/home
root #mount -v -t ext4 /dev/mapper/vg0-media /mnt/gentoo/media

Fetching the installation files and verifying their signature:

Same process as with the ISOs, but on the new laptop:

root #gpg --keyserver hkps.pool.sks-keyservers.net --recv-key 2D182910
root #gpg --fingerprint 2D182910
pub   rsa4096 2009-08-25 [SC] [expires: 2022-07-01]
      13EB BDBE DE7A 1277 5DFD  B1BA BB57 2E0E 2D18 2910
uid           [ unknown] Gentoo Linux Release Engineering (Automated Weekly Release Key) <releng@gentoo.org>
sub   rsa2048 2019-02-23 [S] [expires: 2022-07-01]
root #gpg --verify stage3-amd64-20210505T214503Z.tar.xz.DIGESTS.asc
gpg: Signature made Wed 05 May 2021 07:01:05 PM EDT
gpg:                using RSA key 534E4209AB49EEE1C19D96162C44695DB9F6043D
gpg: Good signature from "Gentoo Linux Release Engineering (Automated Weekly Release Key) <releng@gentoo.org>" [unknown]
gpg: WARNING: This key is not certified with a trusted signature!
gpg:          There is no indication that the signature belongs to the owner.
Primary key fingerprint: 13EB BDBE DE7A 1277 5DFD  B1BA BB57 2E0E 2D18 2910
     Subkey fingerprint: 534E 4209 AB49 EEE1 C19D  9616 2C44 695D B9F6 043D
root #awk '/SHA512 HASH/{getline;print}' stage3-amd64-20210505T214503Z.tar.xz.DIGESTS.asc | sha512sum --check
stage3-amd64-20210505T214503Z.tar.xz: OK
stage3-amd64-20210505T214503Z.tar.xz.CONTENTS.gz: OK
root #tar xpvf stage3-amd64-20210505T214503Z.tar.xz --xattrs-include='*.*' --numeric-owner


Configuring make.conf

This is a minimal make.conf file:

FILE /etc/portage/make.conf
# These settings were set by the catalyst build script that automatically
# built this stage.
# Please consult /usr/share/portage/config/make.conf.example for a more
# detailed example.
COMMON_FLAGS="-march=skylake -O2 -pipe"
CFLAGS="${COMMON_FLAGS}"
CXXFLAGS="${COMMON_FLAGS}"
FCFLAGS="${COMMON_FLAGS}"
FFLAGS="${COMMON_FLAGS}"
CPU_FLAGS_X86="aes avx avx2 f16c fma3 mmx mmxext pclmul popcnt rdrand sse sse2 sse3 sse4_1 sse4_2 ssse3"
MKOPTS="-j5"

# NOTE: This stage was built with the bindist Use flag enabled
PORTDIR="/var/db/repos/gentoo"
DISTDIR="/var/cache/distfiles"
PKGDIR="/var/cache/binpkgs"

# This sets the language of build output to English.
# Please keep this setting intact when reporting bugs.
LC_MESSAGES=C

GENTOO_MIRRORS="https://mirror.csclub.uwaterloo.ca/gentoo-distfiles/"
ACCEPT_LICENSE="*"
Warning
I avoid setting USE flags globally. The only exception is X and this flag will be added later in the log. Notice I don't add VIDEO_CARDS or INPUT_DEVICES at this time either.
Warning
I accept all licenses, avoiding having to figure out license names individually or in groups.

Helper commands that I used:

root #grep -m1 -A3 "vendor_id" /proc/cpuinfo
vendor_id       : GenuineIntel
cpu family      : 6
model           : 165
model name      : Intel(R) Core(TM) i7-10750H CPU @ 2.60GHz

From Safe CFLAGS, that is -march=skylake

root #emerge --ask cpuid2cpuflags
root #cpuid2cpuflags
CPU_FLAGS_X86: aes avx avx2 f16c fma3 mmx mmxext pclmul popcnt rdrand sse sse2 sse3 sse4_1 sse4_2 ssse3


Chroot to /mnt/gentoo

Largely from the Installation Guide:

root #mirrorselect -i -o >> /mnt/gentoo/etc/portage/make.conf
root #mkdir -p /mnt/gentoo/etc/portage/repos.conf
root #cp /mnt/gentoo/usr/share/portage/config/repos.conf /mnt/gentoo/etc/portage/repos.conf/gentoo.conf
root #cp --dereference /etc/resolv.conf /mnt/gentoo/etc/
root #mount --types proc /proc /mnt/gentoo/proc/
root #mount --rbind /sys /mnt/gentoo/sys
root #mount --rbind /sys /mnt/gentoo/sys
root #mount --rbind /dev/ /mnt/gentoo/dev
root #chroot /mnt/gentoo /bin/bash
root #source /etc/profile
Warning
First I picked an rsync mirror from the list, but below when doing the first sync, this would fail. So I had to redo the selection for an https address
root #export PS1="(chroot) ${PS1}"
(chroot) root #emerge-webrsync
(chroot) root #eselect profile list
Available profile symlink targets:
  [1]   default/linux/amd64/17.1 (stable)
  [2]   default/linux/amd64/17.1/selinux (stable)
  [3]   default/linux/amd64/17.1/hardened (stable)
  [4]   default/linux/amd64/17.1/hardened/selinux (stable)
  [5]   default/linux/amd64/17.1/desktop (stable)
  [6]   default/linux/amd64/17.1/desktop/gnome (stable)
  [7]   default/linux/amd64/17.1/desktop/gnome/systemd (stable)
  [8]   default/linux/amd64/17.1/desktop/plasma (stable)
  [9]   default/linux/amd64/17.1/desktop/plasma/systemd (stable)
...

Requirements on this build are made to avoid fat environments like Gnome, KDE and SystemD. Starting leaner with default/linux/amd64/17.1/desktop (stable).

(chroot) root #eselect profile set 5
(chroot) root #emerge --ask --verbose --update --deep --newuse @world
(chroot) root #echo "Canada/Eastern" > /etc/timezone
(chroot) root #emerge --config sys-libs/timezone-data
(chroot) root #nano -w /etc/locale.gen
(chroot) root #locale-gen
(chroot) root #eselect locale list
  [1]   C
  [2]   cs_CZ
  [3]   cs_CZ.iso88592
  [4]   cs_CZ.utf8
  [5]   C.utf8
  [6]   da_DK
  [7]   da_DK.iso88591
  [8]   da_DK.utf8
  [9]   de_DE
  [10]  de_DE.iso88591
  [11]  de_DE.utf8
  [12]  en_CA
  [13]  en_CA.iso88591
  [14]  en_CA.utf8
  [15]  en_US
  [16]  en_US.iso88591
  [17]  en_US.utf8 *
...


Configuring the kernel

(chroot) root #emerge --ask sys-apps/pciutils
(chroot) root #emerge --ask sys-kernel/gentoo-sources
(chroot) root #eselect kernel list
Available kernel symlink targets:
  [1]   linux-5.10.27-gentoo *
(chroot) root #cd /usr/src/linux
(chroot) root #make menuconfig
(chroot) root #lspci -v|less
(chroot) root #lsmod
... Repeat until configured ...
Warning
There's no best way to configure a kernel, you have to immerse yourself with Linux and do some research. This is by no mean authoritative. I went on pure instinct, coming up with some search hits, and deciding whether it might be needed or useful. I start by what I know I'll need and remove what i know I won't.

EFI partition scheme, from EFI System Partition and NVMe:

KERNEL Enable the block layer
-*- Enable the block layer  --->
    Partition Types  --->
    [*] Advanced partition selection
    [*]   PC BIOS (MSDOS partition tables) support
    [*]   EFI GUID Partition support
Device drivers --->
    <*> NVM Express block device

Cryptsetup and LVM options, largely from Dm-crypt and LVM:

KERNEL Multiple devices driver support (RAID and LVM)
Device Drivers --->
[*] Multiple devices driver support (RAID and LVM)  --->
< >   RAID support
<*>   Device mapper support
<*>     Crypt target support                                                                                                                 
<*>     Snapshot target
< >     Zero target
<*>     Multipath target
<*>       I/O Path Selector based on the number of in-flight I/Os                                                                            
<*>       I/O Path Selector based on the service time

Adding iwd options with cryptsetup options:

KERNEL Cryptographic API
[*] Cryptographic API --->
{*}   ECDH algorithm
      *** Block modes ***
-*-   ECB support
<*>   LRW support
{*}   XTS support
-*-   ESSIV support for block encryption
      *** Digest ***
<M>   CRC32c INTEL hardware acceleration
{M}   CRC32 CRC algorithm
<M>   CRC32 PCLMULQDQ hardware acceleration
<M>   xxHash hash algorithm
<M>   CRCT10DIF algorithm
{M}   MD4 digest algorithm
<*>   RIPEMD-160 digest algorithm
<*>   SHA1 digest algorithm
<*>   SHA256 digest algorithm (SSSE3/AVX/AVX2/SHA-NI)
<*>   SHA512 digest algorithm (SSSE3/AVX/AVX2)
-*-   SHA384 and SHA512 digest algorithms
<*>   Whirlpool digest algorithms
<M>   GHASH hash function (CLMUL-NI accelerated)
<M>   AES cipher algorithms (AES-NI)
<M>   ARC4 cipher algorithm
<M>   DES and Triple DES EDE cipher algorithms
<M>   Triple DES EDE cipher algorithm (x86-64)
{*}   Serpent cipher algorithm
<M>   Serpent cipher algorithm (x86_64/SSE2)
{M}   Serpent cipher algorithm (x86_64/AVX)
<M>   Serpent cipher algorithm (x86_64/AVX2)
<*>   Twofish cipher algorithm
{M}   Twofish cipher algorithm (x86_64)
{M}   Twofish cipher algorithm (x86_64, 3-way parallel)
<M>   Twofish cipher algorithm (x86_64/AVX)
      *** Compression ***
{M}   Deflate compression algorithm
<M>   LZO compression algorithm
<M>   LZ4 compression algorithm                                                                                                              
<M>   LZ4HC compression algorithm
      *** Random Number Generation ***
-*-   NIST SP800-90A DRBG  --->
-*-   Jitterentropy Non-Deterministic Random Number Generator
<*>   User-space interface for hash algorithms
<*>   User-space interface for symmetric key cipher algorithms
[*]   Enable obsolete cryptographic algorithms for userspace
-*- Asymmetric (public-key cryptographic) key type
<M>   PKCS#8 private key parser
Warning
Several modules above have been added because they were loaded by the Gentoo Live iso, using lsmod.

From our LVM partitions and other uses: Docker, F2FS, MTP & Samba:

KERNEL File systems
File systems --->
    <M> Second extended fs support
    [*]   Ext2 extended attributes
    [*]     Ext2 POSIX Access Control Lists
    <*> The Extended 4 (ext4) filesystem
    [*]   Ext4 POSIX Access Control Lists
    [*]   Ext4 Security Labels
    <*> XFS filesystem support
    [*]   XFS POSIX ACL support
    <M> F2FS filesystem support
    [*]   F2FS Status Information
    [*]   F2FS extended attributes
    [*]     F2FS Access Control Lists
    -*- Enable POSIX file locking API
    [ ]   Enable Mandatory file locking
    [ ] Quota support
    <*> FUSE (Filesystem in Userspace) support
    <M> Overlay filesystem support
    [*]   Overlayfs: follow redirects even if redirects are turned off
        Caches  --->
        <M> General filesystem local caching manager
        CD-ROM/DVD Filesystems  --->
        <M> UDF file system support
        DOS/FAT/EXFAT/NT Filesystems  --->
        <M> NTFS file system support
        Pseudo filesystems  --->
        [*]   Sysctl support (/proc/sys)
        [*]   Enable /proc page monitoring
        [*] sysfs file system support
    -*- Miscellaneous filesystems  --->
        -*-   Persistent store support
        <M>     DEFLATE (ZLIB) compression
    [*] Network File Systems  --->
        <M>   NFS client support
        <M>     NFS client support for NFS version 2
        <M>     NFS client support for NFS version 3
        <M>     NFS client support for NFS version 4                                                                                                 
        [*]   NFS client support for NFSv4.1
        [*]     NFS client support for NFSv4.2                                                                                                       
        <M>   SMB3 and CIFS support (advanced network filesystem)
        [*]     Extended statistics
        [*]     Support legacy servers which use less secure dialects                                                                                
        [*]       Support legacy servers which use weaker LANMAN security                                                                            
        [*]     CIFS extended attributes                                                                                                             
        [*]       CIFS POSIX Extensions
Networking support --->
    Networking options --->
        {M} DNS Resolver support

Network drivers, OpenVPN and Android USB tethering support:

KERNEL Network device support
Device Drivers  --->
[*] Network device support  --->
< >     Network console logging support
<*>     Universal TUN/TAP device driver support
[*]   Ethernet driver support  --->
      ... Remove everything safe for ...                                                                                                                     
      [*]   Realtek devices
      <M>     Realtek 8169/8168/8101/8125 ethernet support
<M>   USB Network Adapters  --->
<M>   Multi-purpose USB Networking Framework
-M-     CDC Ethernet support (smart devices such as cable modems)
<M>     CDC EEM support
<M>     Host for RNDIS and ActiveSync devices
<M>   Simple USB Network Links (CDC Ethernet subset)
[*]     Embedded ARM Linux links (iPaq, ...)
[*]   Wireless LAN  --->
      ... Remove everything safe for ...
      [*]   Intel devices
      <M>     Intel Wireless WiFi Next Gen AGN - Wireless-N/Advanced-N/Ultimate-N (iwlwifi)
      <M>       Intel Wireless WiFi MVM Firmware support

Adding Bluetooth support:

KERNEL Networking options
[*] Networking support  --->
    <M>   Bluetooth subsystem support  --->
          [*]   Bluetooth Classic (BR/EDR) features
          <*>     RFCOMM protocol support
          [*]       RFCOMM TTY support
          <M>     BNEP protocol support
          [*]       Multicast filter support
          [*]       Protocol filter support
          <*>     HIDP protocol support                                                                                                             
          [*]     Bluetooth High Speed (HS) features                                                                                                   
          [*]   Bluetooth Low Energy (LE) features                                                                                                     
          [*]   Enable LED triggers                                                                                                                    
          [*]   Enable Microsoft extensions
Cryptographic API --->
    <M>   Userspace cryptographic algorithm configuration
    <M>   User-space interface for AEAD cipher algorithms

For Power Management and other Intel features:

KERNEL Power management and ACPI options
Power management and ACPI options --->
[*] Energy Model for CPUs
[*] ACPI (Advanced Configuration and Power Interface) Support  --->
    [ ]   Dock
    [*]   ACPI Platform Error Interface (APEI)
[*] Power Management Timer Support
    CPU Frequency scaling  --->
          Default CPUFreq governor (performance)  --->
    < >   'userspace' governor for userspace frequency scaling
    < >   'ondemand' cpufreq policy governor
    -*-   Intel P state control
    [ ]     Legacy cpb sysfs knob support for AMD CPUs
Device Drivers  --->
    Misc devices  --->
        {M} Intel Management Engine Interface
        <M> ME Enabled Intel Chipsets
    -*- Pin controllers  --->
        <M>   Intel Cannon Lake PCH pinctrl and GPIO driver
    -*- GPIO Support  --->
        [*]   Character device (/dev/gpiochipN) support
        [*]     Support GPIO ABI Version 1
    <*> Hardware Monitoring support  --->
        <M>   Intel Core/Core2/Atom temperature sensor
    -*- Thermal drivers  --->
    [*]   Fair-share thermal governor
    [*]   Bang Bang thermal governor
    [*]   Power allocator thermal governor
          Intel thermal drivers  --->
          <M> Intel PowerClamp idle injection driver
          <M> Intel PCH Thermal Reporting Driver
              ACPI INT340X thermal drivers  --->
              <M> ACPI INT340X thermal drivers
              <M> ACPI INT3406 display thermal driver
    [*] Generic powercap sysfs driver  --->
    <M>   Intel RAPL Support via MSR Interface

For using the proprietary nvidia driver and other platform adjustments:

KERNEL Processor type and features
Processor type and features  --->
    [ ] Enable MPS table
    [ ] Support for extended (non-PC) x86 platforms
    [*] Intel Low Power Subsystem Support
    [*] Supported processor vendors  --->
    [*]   Support Intel processors
    [*] Enable DMI scanning
    [*] Machine Check / overheating reporting
    [ ]   AMD MCE features
    [*] CPU microcode loading support
    [ ]   AMD microcode loading support
    [ ] Enable 5-level page tables support
    [*] NUMA Memory Allocation and Scheduler Support
    [ ]   Old style AMD Opteron NUMA detection
Bus options (PCI etc.)  --->
    [*] Mark VGA/VBE/EFI FB as generic system framebuffer
Character devices  --->
    [*] Enable TTY
    [ ]   Non-standard serial port support
    <*> IPMI top-level message handler  ----
    <*> Hardware Random Number Generator Core support  --->
    < >   VIA HW Random Number Generator support
Device Drivers  --->
    Multifunction device drivers  --->
        <M> Intel Low Power Subsystem support in ACPI mode
        <M> Intel Low Power Subsystem support in PCI mode
    Graphics support  --->
        <*> /dev/agpgart (AGP Support)  --->
        < >   AMD Opteron/Athlon64 on-CPU GART support
        -*- Support or frame buffer devices  --->
        [*]   Simple framebuffer support

For ALSA, PulseAudio and The USB Guide:

KERNEL Sound card support
Device Drivers  --->
<*> Sound card support  --->
<*>   Advanced Linux Sound Architecture  --->
      -*-   Dynamic device file minor numbers
            HD-Audio  --->
            <*> Build Realtek HD-audio codec support
            <*> Build HDMI/DisplayPort HD-audio codec support
            -*- Enable generic HD-audio codec parser
      [*]   USB sound devices  --->
            <*>   USB Audio/MIDI driver

For the IMC Networks USB Camera:

(chroot) root #emerge --ask sys-apps/usbutils
(chroot) root #lsusb
Bus 006 Device 001: ID 1d6b:0003 Linux Foundation 3.0 root hub
Bus 005 Device 001: ID 1d6b:0002 Linux Foundation 2.0 root hub
Bus 002 Device 001: ID 1d6b:0003 Linux Foundation 3.0 root hub
Bus 001 Device 005: ID 1532:0255 Razer USA, Ltd RZ09-0328, Gaming Laptop [Blade 15 Base Model (2020)]
Bus 001 Device 004: ID 13d3:56bd IMC Networks USB Camera
KERNEL Multimedia support
Device Drivers --->
    <*> Multimedia support  --->
    [ ]   Filter media drivers
          Media drivers  --->
          [*] Media USB Adapters  --->
              <M>   USB Video Class (UVC)
              [ ]     UVC input events device support
          [ ] Radio Adapters  ----

For a DualShock, Logitech devices and the touchpad:

KERNEL HID support
Device Drivers  --->
    Input device support  --->
    <*>   Mouse interface
    <*>   Joystick interface
    [*]   Miscellaneous devices  --->
          <M>   User level driver support
    HID support  --->
    -*- HID bus support
    [*]   Battery level reporting for HID devices
    <*>   User-space I/O driver support for HID subsystem
          Special HID drivers  --->
          <*> Logitech devices
          <*>   Logitech receivers full support
          -*-   Logitech HID++ devices support
          <M> HID Multitouch panels
          <*> Sony PS2/3/4 accessories
          [*]   Sony PS2/3/4 accessories force feedback support
          I2C HID support  --->
              <M> HID over I2C transport layer
          Intel ISH HID support  --->
              <M> Intel Integrated Sensor Hub

For I2C and Thunderbolt on Intel:

KERNEL Device drivers
Device drivers --->
    [*] PCI support  --->
    [*]   PCI Express Port Bus support
    [*]     PCI Express Hotplug driver
    [*]   Support for PCI Hotplug  --->
    [*]   ACPI PCI Hotplug driver
        I2C support  --->
        <*>   I2C device interface
              I2C Hardware Bus support  --->
                  <M> Intel 82801 (ICH/PCH)
                  <M> NVIDIA GPU I2C controller
                  <M> Synopsys DesignWare Platform
    [*] USB support  --->
        <M>   USB Type-C Support  --->

All options needed for Docker, Android studio and QEMU:

KERNEL General setup
General setup  --->
    -*- Control Group support  --->
    [*]   Memory controller
    [*]   IO controller
    [*]   CPU controller
          [*]   Group scheduling for SCHED_OTHER
          [*]     CPU bandwidth provisioning for FAIR_GROUP_SCHED
          [*]   Group scheduling for SCHED_RR/FIFO
    [*]   PIDs controller
    [*]   RDMA controller
    [*]   HugeTLB controller
    [*]   Device controller
    [*]   Perf controller
    -*- Namespaces support  --->
    [*]   User namespace
[*] Virtualization  --->
    <*>   Kernel-based Virtual Machine (KVM) support
    <*>     KVM for Intel (and compatible) processors support
[*] Enable the block layer  --->
    [*]   Block layer bio throttling support
[*] Networking support  --->
    [*] Network packet filtering framework (Netfilter)  --->
        [*]   Advanced netfilter configuration
        <*>     Bridged IP/ARP packets filtering
              Core Netfilter Configuration  --->
              -*- Netfilter Xtables support (required for ip_tables)
              <*>   "addrtype" address type match support
              <M>   "ipvs" match support
        <M>   IP virtual server support  --->
                    *** IPVS transport protocol load balancing support ***
              [*]   TCP load balancing support
              [*]   UDP load balancing support
                    *** IPVS scheduler ***
              <M>   round-robin scheduling
              [*]   Netfilter connection tracking
              IP: Netfilter Configuration  --->
                  <*> Netfilter IPv4 packet duplication to alternate destination
                  <*> IP tables support (required for filtering/masq/NAT)
                  <*>   iptables NAT support
                  <*>     MASQUERADE target support
                  <*>     NETMAP target support
                  <*>     REDIRECT target support
                  <*>   Packet mangling
    <*> 802.1d Ethernet Bridging
    <M> 802.1Q/802.1ad VLAN Support
    [*] QoS and/or fair queueing  --->
    <*>   Control Group Classifier
    -*- L3 Master device support
    [*] Network priority cgroup
    -*- Network classid cgroup
Character devices  --->
    [*] Enable TTY
    [*]   Unix98 PTY support
Device Drivers  --->
    [*] Block devices  --->
        <M>   Network block device support
    [*] Network device support  --->
        [*]   Network core driver support
        <M>     Dummy net driver support
        <M>     MAC-VLAN support                                                                                                                  
        <M>     IP-VLAN support
        <M>     Virtual eXtensible Local Area Network (VXLAN)
        <*>     Virtual ethernet pair device
[*] Cryptographic API --->
    -*-   Diffie-Hellman algorithm
Security options  --->
    -*- Enable access key retention support
    [*]   Enable register of persistent per-UID keyrings
    <*>   ENCRYPTED KEYS
    [*]   Diffie-Hellman operations on retained keys
Warning
By far the worst section of the kernel configuration. It's very difficult to keep up to date with Docker options, cgroups and most of the kernel work done here. You'll find that the article on Docker is mostly out of date as well. The best way of reaching this configuration is to emerge Docker and read the warnings on missing kernel options, once you've booted onto your new system.

Initramfs tweaks:

KERNEL General setup
General setup --->
    [*] Initial RAM filesystem and RAM disk (initramfs/initrd) support
    [ ]   Support initial ramdisk/ramfs compressed using bzip2
    [ ]   Support initial ramdisk/ramfs compressed using LZMA
    [ ]   Support initial ramdisk/ramfs compressed using XZ
    [ ]   Support initial ramdisk/ramfs compressed using LZO
    [ ]   Support initial ramdisk/ramfs compressed using LZ4
    [ ]   Support initial ramdisk/ramfs compressed using ZSTD

Trimming the security model and other useless devices:

KERNEL Security options
Device drivers --->
    < > PCCard (PCMCIA/CardBus) support  ----
    <*> Serial ATA and Parallel ATA drivers (libata)  --->
        [ ]   ATA SFF support (for legacy IDE and PATA)
    [ ] Macintosh device drivers  ----
    [ ] Watchdog Timer Support  ----
Security options --->
    [ ] Enable different security models


Installing kernal, modules/firmware

Note
Initially I had the intel-ishtp module under /etc/modules-load.d/ but that never went anywhere. Still unsure if the hardware I have supports this
(chroot) root #make && make modules_install
(chroot) root #make install
(chroot) root #emerge --ask sys-kernel/linux-firmware


Installing an initramfs

Note
Requirement is still to have the LVM partition decrypted through a key file that is itself password protected but at this point, it was getting complicated, and hardly working. I backtracked and used an initramfs made with genkernel.
Warning
I also ran into an issue where a module was missing from initramfs at some point. The issue is that if you change the kernel repeatedly adding/removing options, then the initramfs should normally be recreated if there are any modules that it'll require to boot.
(chroot) root #emerge --ask sys-fs/lvm2
(chroot) root #rc-update add lvm boot
(chroot) root #emerge --ask sys-fs/cryptsetup
(chroot) root #genkernel --lvm --luks --install --kernel-config=/usr/src/linux/.config initramfs

Configuring /etc/fstab

(chroot) root #vi /etc/fstab
FILE /etc/fstab
#       documentation for details on setting a label. To obtain the UUID, use
#       the blkid(8) command.

#LABEL=boot             /boot           ext4    noauto,noatime  1 2
#UUID=58e72203-57d1-4497-81ad-97655bd56494      /               ext4            noatime         0 1
#LABEL=swap             none            swap    sw              0 0
#/dev/cdrom             /mnt/cdrom      auto    noauto,ro       0 0
/dev/nvme0n1p1          /boot           vfat    noauto,noatime                          1 2
/dev/mapper/vg0-root    /               ext4    noatime                                 0 1
/dev/mapper/vg0-swap    none            swap    sw                                      0 0
/dev/mapper/vg0-var     /var            xfs     noatime,nodev,logbufs=8                 0 0
/dev/mapper/vg0-varlog  /var/log        xfs     noatime,nodev,logbufs=8                 0 0
/dev/mapper/vg0-vartmp  /var/tmp        xfs     noatime,nodev,logbufs=8                 0 0
/dev/mapper/vg0-home    /home           ext4    noatime,nodev,nosuid,errors=remount-ro  0 2
/dev/mapper/vg0-media   /media          ext4    noatime,nodev,nosuid,errors=remount-ro  0 0
tmpfs                   /tmp            tmpfs   defaults,nodev,noexec,nosuid,size=512m,mode=1777        0 0

Resizing /var

While using the system, it became obvious that I underestimated size requirements of /var. That's mainly because the legacy /usr/portage moved to /var/... I resized /media and re-allocated some space.

root #e2fsck -f /dev/mapper/vg0-media
root #resize2fs /dev/mapper/vg0-media 290G
root #lvreduce -L 290G /dev/mapper/vg0-media
root #lvextend -L +8G /dev/mapper/vg0-var
root #xfs_growfs /dev/mapper/vg0-var

System Services