Merge pull request #23 from suikan4github/develop

Merege Develop as v1.1.0 release
2025-12-20 02:21:17 -03:00 · 2021-07-11 15:55:34 +09:00 · 2021-07-11 15:55:34 +09:00 · c126247add
commit c126247add
parent 858dadff8f 456cbf87cd
16 changed files with 560 additions and 190 deletions
--- a/CHANGELOG.md
+++ b/CHANGELOG.md
@ -2,13 +2,46 @@
 Record of the modification in project development.
 ## [Unreleased] - yyyy-mm-dd
 ### Added
 ### Changed
 ### Deprecated
 ### Removed
 ### Fixed
-### Security
+### Known Issue
 ## [1.1.0] - 2021-07-11
 Added ITERTIME parameter and corrected other small issues. Application notes AN01 - AN04 are added. 
 The Followings are tested distributions 
 - Ubuntu 20.04.2
 - Ubuntu MATE 20.04.2
 - Ubuntu 21.04
 - Void Linux glibc 20210218 mate
 - Void Linux musl 20210218 mate
 - Void Linux glibc 20210218 base
 See [Testing before release v1.1.0](https://github.com/suikan4github/kaiten-yaki/issues/16).
 ### Added
 - [Issue 13 : Add ITERTIME configuration parameter to config.txt](https://github.com/suikan4github/kaiten-yaki/issues/13)
 - [Issue 18 : Add a consideration of the number of key slot](https://github.com/suikan4github/kaiten-yaki/issues/18)
 - [Issue 19 : Add a consideration of more flexible partitioning](https://github.com/suikan4github/kaiten-yaki/issues/19)
 - [Issue 20 : Add a consideration of LUKS stretching](https://github.com/suikan4github/kaiten-yaki/issues/20)
 - [Issue 21 : Add a document of how to recover from the mistyping of passphrase](https://github.com/suikan4github/kaiten-yaki/issues/21)
 ### Changed
 - [Issue 5 : OVERWRITEINSTALL confirmation is missing](https://github.com/suikan4github/kaiten-yaki/issues/5)
 - [Issue 6 : Remove loglevel dependency from the void-kaiten-yaki.sh ](https://github.com/suikan4github/kaiten-yaki/6)
 - [Issue 7 : Add the return status validation ](https://github.com/suikan4github/kaiten-yaki/7)
 - [Issue 11 : Make chroot'ed job independent script file ](https://github.com/suikan4github/kaiten-yaki/11)
 - [Issue 12 : change ERASEALL=0 as default ](https://github.com/suikan4github/kaiten-yaki/12)
 - [Issue 14 : Change config.sh description ](https://github.com/suikan4github/kaiten-yaki/14)
 ### Deprecated
 ### Removed
 ### Fixed
 - [Issue 8 : Wrong message after cancellation ](https://github.com/suikan4github/kaiten-yaki/8)
 - [Issue 15 : CITERTIME parameter is not passed to the chrooted_job ](https://github.com/suikan4github/kaiten-yaki/15)
 - [Issue 17 : Unmount fails ](https://github.com/suikan4github/kaiten-yaki/17)
 ### Known Issue
 ## [1.0.0] - 2021-07-03
@ -24,5 +57,6 @@ Record of the modification in project development.
 ### Known Issue
-[Unreleased]: https://github.com/suikan4github/kaiten-yaki/compare/v1.0.0...develop
+[Unreleased]: https://github.com/suikan4github/kaiten-yaki/compare/v1.1.0...develop
 [1.1.0]: https://github.com/suikan4github/kaiten-yaki/compare/v1.0.0...v1.1.0
 [1.0.0]: https://github.com/suikan4github/kaiten-yaki/compare/v0.0.0...v1.0.0
--- a/INSTALL.md
+++ b/INSTALL.md
@ -6,45 +6,48 @@ Installation requires mainly 2 steps.
 - Run the kaiten-yaki script
 You can execute the install script without the command line parameter. For example :
-```shell
+```sh
 source ubuntu-kaiten-yaki.sh
 ```
 The first stage of the script is preparation like: erasing a disk, format partition, and encryption. This is the most critical stage of the entire installation process. This part is controlled by the configuration parameter. Thus, you have to edit the config.txt carefully. 
 In the second stage, the distribution-dependent GUI/TUI installer is invoked from the running script. That is the Ubiquity/void-installer of Ubuntu/Void Linux, respectively. 
-The third stage is easy. There is nothing the user can do. Everything is automatic. 
+The third configure the target Linux system to decrypt the encrypted volume automatically, without prompting user to type passphrase. In this stage, Everything is automatic. 
 # Installation
 Follow the steps below. 
 ## Shell preparation
-First of all, promote the shell to root. Almost of the procedure requires root privilege. Note that the scripts require Bash. 
+First of all, promote the shell to root. Almost of the procedure in the installation requires root privilege. Note that the scripts require Bash. 
-In the case of Ubuntu :
+In the case of Ubuntu installation:
 ```bash
 # Promote to the root user
 sudo -i /bin/bash
 ```
-In the case of Void-Linux : 
+In the case of Void Linux installation: 
 ```bash
 sudo -i /bin/bash
 xbps-install -Su xbps nano
 ```
 The nano is an editor package to configure the config.txt. The choice of editor is up to you. Kaiten-yaki script doesn't have a dependency on nano editor.
-Then, edit the config.txt. 
+And then, go to the kaiten-yaki/script directory. 
-
+```bash
 cd /the/downloaded/directory/kaiten-yaki/script
 ```
 Now, ready to configure. 
 ## Configuration parameters
 This is a very critical part of the installation. The configuration parameters are in the config.sh. Edit these parameters before the installation. 
 Followings are the set of the default settings of the parameters : 
 - Install to  **/dev/sda** (DEV).
- Erase the entire disk (ERASEALL).
+- Do not erase the entire disk (ERASEALL).
 - Overwrite install is disabled.
 - In the case of EFI firmware, 200MB is allocated to the EFI partition (EFISIZE).
 - Create a logical volume group named "vg1" in the encrypted volume (VGNAME)
 - Create a swap logical volume named "swap" in the "vg1". The size is 8GB (LVSWAPNAME,LVSWAPSIZE)
- Create a logical volume named **"anko"** for / in the "vg1". The size of the **50%** of the entire free space (LVROOTNAME, LVROOTSIZE).
+- Create a logical volume named **"anko"** as root volume,  in the "vg1". The size of the new volume is the **50%** of the free space (LVROOTNAME, LVROOTSIZE).
 ```bash
 # Configuration parameters for Kaiten-Yaki 
@ -53,50 +56,59 @@ Followings are the set of the default settings of the parameters :
 export DEV="/dev/sda"
 # Whether you want to erase all contents of the storage device or not.
-# 1: Yes, I want to erase all.
+# 1 : Yes, I want to erase all.
-# 0: No, I don't. I want to add to the existing LUKS volume. 
+# 0 : No, I don't. I want to add to the existing LUKS volume. 
-export ERASEALL=1
+export ERASEALL=0
-# Logical Volume name for your Linux installation. Keep it unique from other distributions.
+# Logical Volume name for your Linux installation. 
 # Keep it unique from other distribution.
 export LVROOTNAME="anko"
 # Logical volume size of the Linux installation.
-# 30% means the new logical volume will use 30% of the free space in the LVM volume group.
+# 30% mean, new logical volume will use 30% of the free space 
-# For example, assume the free space is 100GB, and LVROOTSIZE is 30%FREE. The script will create a 30GB logical volume.  
+# in the LVM volume group. For example, assume the free space is 100GB, 
 # and LVROOTSIZE is 30%FREE. Script will create 30GB logical volume.  
 export LVROOTSIZE="50%FREE"
-# Set the size of the EFI partition and swap partition. The unit is Byte. you can use M, G... notation.
+# Set the size of EFI partition and swap partition. 
 # The unit is Byte. You can use M,G... notation.
 export EFISIZE="200M"
 export LVSWAPSIZE="8G"
 # Usually, these names can be left untouched. 
-# If you change, keep them consistent through all installations in your system.
+# If you change, keep them consistent through all installation in your system.
 export CRYPTPARTNAME="luks_volume"
 export VGNAME="vg1"
 export LVSWAPNAME="swap"
-# Do not touch this parameter unless you understand precisely what you are doing.
+# Do not touch this parameter, unless you understand what you are doing.
-# 1: Overwrite the existing logical volume as root volume. 0: Create new logical volume as root volume. 
+# 1 : Overwrite the existing logical volume as root volume. 
 # 0 : Create new logical volume as root volume. 
 export OVERWRITEINSTALL=0
 # Do not touch this parameter, unless you understand what you are doing.
 # This is a paameter value of the --iter-time option for cyrptsetup command. 
 # If you specify 1000, that means 1000mSec. 0 means compile default.  
 export ITERTIME=0
 # Void Linux only. Ignored in Ubuntu.
 # The font size of the void-installer
 export XTERMFONTSIZE=11
 ```
 There are several restrictions : 
- For the first distribution installation, you must set ERASEALL to 1, to erase the entire screen and create a LUKS partition. Kaiten-yaki script creates a maximum LUKS partition as possible. 
+- For the first distribution installation, you must set ERASEALL to 1, to erase the entire storage device and create a LUKS partition. Kaiten-yaki script creates a maximum LUKS partition as possible. 
- The LVROOMNAME must be unique among all installations in a computer. Otherwise, Kaiten-yaki terminates in a middle. 
+- The LVROOTNAME must be unique among all installations in a computer. Otherwise, Kaiten-yaki terminates in a middle. 
- The LVSWAPNAME must be unique among all installations in a computer. Otherwise, Kaiten-yaki creates an unnecessary logical volume. This is a waste of storage resources. 
+- The LVSWAPNAME must be identical among all installations in a computer. Otherwise, Kaiten-yaki creates an unnecessary logical volume. This is a waste of storage resources. 
 - The EFISIZE and the LVSWAPSIZE are refereed during the first distribution installation only. 
 - The LVROOTSIZE is the size of a logical volume to create. This is a relative value to the existing free space in the volume group. If you want to install 3 distributions in a computer, you may want to set 33%FREE, 50%FREE, and 100%FREE for the first, second, and third distribution installation, respectively. 
 - The name with "-" is not allowed for the VGNAME, LVROOTNAME, and LVSWAPNAME. I saw some installer doesn't work if "-" in in the name. 
-## About the overwrite-install
+### About the overwrite-install
 The OVERWRITEINSTALL parameter allows you to use an existing logical volume as the root volume of the new installation.
 This is very dangerous because of several aspects like destroying the wrong volume and the risk of security. But sometimes it is
 very useful. 
-For example, assume you are installing a distribution by Kaiten-yaki. If you reboot the system at the end of GUI/TUI installer by mistake, your system will never boot again. 
+For example, assume you are installing a distribution by Kaiten-yaki. If you reboot the system at the end of GUI/TUI installer by mistake, your system may never boot again. 
 In this case, the overwrite-install can recycle this "bad" logical volume and let your system boot again. 
 To use the overwrite-install, you have to set some parameters as follows: 
@ -108,7 +120,16 @@ And set the following parameters as same as the previous installation.
 - VGNAME
 - CRYPTPARTNAME
-So, Kaiten-yaki will leave the "bad" logical volume and allow you to overwrite it by GUI/TUI installer. 
+Kaiten-yaki will leave the "bad" logical volume and allow you to overwrite it by GUI/TUI installer. 
 ### About ITERTIME parameter
 This parameter is recommended to left as default value (=0), unless you understand what it mean well. 
 The ITERTIME parameter is passed as --iter-time parameter to the [cryptosetup command](https://man7.org/linux/man-pages/man8/cryptsetup.8.html), when script setup the LUKS crypto volume. 
 The unit of value is milliseconds. The target linux kernel may take this duration, to calculate a hash value from the given passphrase. You can change this duration through this parameter. 
 The smaller value gives the weaker security. 
 ## First stage: Setting up the volumes
 After you set the configuration parameters correctly, execute the following command from the shell. Again, you have to be promoted as the root user, and you have to use Bash.  
@ -121,7 +142,7 @@ In the case of Void Linux
 ```bash
 source void-kaiten-yaki.sh
 ```
-After several interactive confirmations, Kaiten-yaki will ask you to input a passphrase. This passphrase will be applied to the encryption of the LUKS volume. Make sure you use identical passphrases between all installations of the distributions in a computer. Otherwise, the install process terminates with an error.  
+After several interactive confirmations, Kaiten-yaki will ask you to input a passphrase. This passphrase will be applied to the encryption of the LUKS volume. Make sure you use identical passphrases between all installations of the distributions in a computer. Otherwise, the install process terminates with an error, except the first distribution installation.  
 ## Second stage : GUI/TUI installer
 After the first script finishes, the GUI/TUI installer starts automatically. Configure it as usual and run it. Ensure you map the following correctly.
@ -145,7 +166,7 @@ At the end of the GUI/TUI installing, do not reboot the system. Click "Continue"
 ## Third stage: Finalizing
 After GUI/TUI installer quits without rebooting, the final part of the install process automatically starts. 
-In this section, Kaiten-yaki put the encryption key of the LUKS volume into the ramfs initial stage to allow the Linux kernel to decrypt the LUKS partition which contains root logical volume. So, the system will ask you passphrase only once when GRUB starts. 
+In this section, Kaiten-yaki put the encryption key of the LUKS volume into the ramfs initial stage to allow the Linux kernel to decrypt the LUKS partition which contains root logical volume. Thus, the system will ask you passphrase only once when GRUB starts. 
 You can reboot the system if you see the "Ready to reboot" message on the console. 
--- a/README.md
+++ b/README.md
@ -1,9 +1,9 @@
 # Kaiten-yaki: Full disk encryption install script for Linux
-Kaiten-yaki is a script set to install to your desktop system. With these scripts, you can install Ubuntu/Void Linux to an encrypted partition easily. 
+Kaiten-yaki is a script set to install Linux to your desktop system. With these scripts, you can install Ubuntu/Void Linux to an encrypted partition easily. 
 The followings are the list of functionalities: 
 - Ubuntu and Void Linux.
- Install from LiveCD/USB.
+- Help to install from LiveCD/USB.
 - Invoke GUI/TUI installer automatically at the middle of script execution, for the ease of installation.
 - Automatic detection of BIOS/EFI firmware and create MBR/GPT, respectively.
 - Create an EFI partition, if needed.
@ -14,7 +14,7 @@ The followings are the list of functionalities:
 With the configuration parameters, you can customize each installation.  For example, you can configure the system to have 2, 3, or 4,... distributions in an HDD/SSD, as you want. 
-Following is the HDD/SSD partitioning plan of these scripts ( In the case of BIOS, the disk has MBR and doesn't have an EFI partition, while it is depicted here). 
+Following is the HDD/SSD partitioning plan of these scripts ( In the case of BIOS, the disk has MBR and doesn't have an EFI partition). 
 ![Partition Diagram](image/partition_diagram_0.png)
@ -27,21 +27,31 @@ These scripts are tested with the following environment.
 - VMWare Workstation 15.5.7 ( EFI/BIOS )
 - ThinkPad X220 (BIOS)
 - Ubuntu 20.04.2 amd64 desktop
 - Ubuntu 21.04 amd64 desktop
 - Ubuntu Mate 20.04.2 amd64 desktop
 - void-live-x86_64-20210218-mate.iso
 - void-live-x86_64-musl-20210218-mate.iso
 - void-live-x86_64-20210218.iso
 # Installation
-Start the PC with the LiveCD/LiveUSB of the distribution to install. Download this repository from GitHub, and expand it. 
+Rough procedure of the installation is as followings : 
 1. Start the PC with the LiveCD/LiveUSB of the distribution to install
 1. Download this repository from GitHub
 3. Run the script.
-Then, go to the script directory and follow the procedure in the [INSTALL.md](INSTALL.md)
+The detail procedure is explained in the [INSTALL.md](INSTALL.md).
 # Known issues
 If you install two or more Void Linux into the EFI system, only the last one can boot without trouble. This is not the problem of Kaiten-yaki. 
 # Variants considerations
-Ubuntu has several variants ( flavors ). While I have tested only MATE flavor, other flavors may work correctly as far as it uses Ubiquity installer.
+Ubuntu has several variants ( flavors ). While while only the MATE flavor is tested, other flavors may work correctly as far as it uses Ubiquity installer.
 # Application notes
 - [AN01 : How to recover from the mistyping of the passphrase](appnote/an01_howtorecover.md)
 - [AN02 : Managing LUKS key slots](appnote/an02_keyslot.md)
 - [AN03 : The ITERTIME parameter and vulnerability](appnote/an03_itertime.md)
 - [AN04 : How to make LUKS volume to the favorite partition](appnote/an04_favoritepartition.md)
 # Acknowledgments
 These scripts are based on the script by [myn's diary](https://myn.hatenablog.jp/entry/install-ubuntu-focal-with-lvm-on-luks). That page contains rich information, hint, and techniques around the encrypted volume and Ubiquity installer. 
--- a/appnote/an01_howtorecover.md
+++ b/appnote/an01_howtorecover.md
@ -0,0 +1,62 @@
 # AN01 : How to recover from the mistyping of the passphrase
 The mistyping of the passphrase is painful, in the full disk encrypted Linux. 
 In the usual encrypted Ubuntu install by Ubiquity, mistyping disk passphrase is warned by the kernel, and prompted to re-type. But in the full encrypted system, the user sees a boring message and command prompt. Usually, the user just gives up and reboot. It adds tens of second to reboot, and discourage the user to use a long passphrase. 
 ![bios](../image/an01_bios.png)
 This application note explains how to recover from this condition, quickly.  
 # BIOS system
 In the BIOS system, the recovery is pretty easy. 
 In the case of the mistyping passphrase, GRUB goes into rescue mode. The user can recover by 3 commands from this mode. 
 ```
 cryptomount -a
 insmod normal
 normal
 ```
 The **cryptomount** command tries to mount the encrypted partition specified by parameter. To mount it, GRUB prompts the user to type the passphrase. The "-a" option means all encrypted partitions. If the system is encrypted by Kaiten-yaki, it has only one encrypted LUKS partition. So, this is the easiest way. 
 The **insmod** command loads a GRUB command module from the mounted storage and inserts it into the command list. The second line loads the "normal" command which displays the normal menu to the user. 
 Finally, **normal** command shows the normal boot menu to the user. 
 Now, the user can select the system to boot as usual.
 # EFI system
 In the EFI system, recovery needs extra steps compared to the BIOS system. 
 Unlike the BIOS system, GURB is not in the rescue mode but the normal mode, when the passphrase is mistyped. So, the user can use command completion. This is better than the BIOS system. 
 The first step of the recovery is the same with the BIOS system. 
 ```
 cryptomount -a
 ```
 Again, in the EFI system, the user can use the command completion by pressing the [TAB] key. 
 The second step is unique in the EFI system. The user can check the list of volumes existing in the system by **ls** command. The ls command allows the user can identify which volume contains the grub menu. And then, the user picks the right volume and assign it to the **prefix** variable, with the grub path. 
 Following is the example. The (lvm/vg1-mate) is dependent on the system. It has to be substituted by the appropriate volume name for each system. 
 ```
 ls
 set prefix=(lvm/vg1-mate)/boot/grub
 ```
 Then, the third step is the same with the BIOS systems. 
 ```
 insmod normal
 normal
 ```
 Following is the screenshot of the command sequence to recover the mistyping of the passphrase. 
 ![bios](../image/an01_efi.png)
 ## Conclusion
 In the full disk encrypted system, mistyping of the passphrase is more painful than the partially encrypted system. The user can overcome this situation with several steps of commands and can show the normal boot menu. 
 ![bios](../image/an01_normal.png)
--- a/appnote/an02_keyslot.md
+++ b/appnote/an02_keyslot.md
@ -0,0 +1,83 @@
 # AN02 Managing LUKS key slots
 If somebody wants to install two or three distributions into a system, Kaiten-yaki works perfectly. There is no problem at all. 
 On the other hand, some extreme cases like installing distributions as many as possible, or repeating the overwrite installation unveils the limitation of the number of the LUKS key slots. The user must understand and must manage the LUKS key slots well, to handle these cases. 
 This application note explains the limitations and difficulties that come from the number of LUKS key slots, and how to overcome that limitation( if possible ).
 # The LUKS key slots
 The LUKS volume has 8 key slots which can stores one key hash value.  In other words, the user can use 8 different keys to open a LUKS volume. 
 In this context, the "user" is not limited to a human being. Any software can use a passphrase to open a LUKS volume. Thus, even only one person uses a computer, multiple key slots may be used.
 If an user ( or software ) feeds a passphrase to open a LUKS volume, the management software ( dm-crypt library ) scans key slots and check whether there is a matching slot or not. If there is a slot in which the stored hash value matches with the hash value of the given passphrase, that passphrase is the right one.  
 # How Kaiten-yaki uses the LUKS key slots
 Kaiten-yaki uses N+1 LUKS key slots to install the N distributions in a system ( where N is an integer ). 
 Whenever Kaiten-yaki creates a LUKS volume, it registers a passphrase typed by the user. This passphrase is stored in the key slot 0. So, when the user types his passphrase correctly at boot time, its hash will be matched with the hash value in slot 0, by default. 
 In addition to the user passphrase, Kaiten-yaki uses one key slot to register the passphrase to let the Linux kernel open the LUKS volume. This passphrase is different from the user passphrase. Actually, this passphrase is random binary brock generated by /dev/random. This key is stored in the file under /etc/luks. Even somebody watches its value over the shoulder of a user, the risk is small because it is difficult to read for a human being.  
 Anyway, this usage defines the maximum number of Linux installed in a system. That is 7 if all are installed by Kaiten-yaki. If a user try to install the 8th distribution in a LUKS volume with Kaiten-yaki, it will fail because there is no vacant LUKS key slot. 
 # Overwrite installation 
 The overwrite installation is another case that consumes a LUKS key slot. 
 if the variable OVERWITEINSTALL in config.sh is set to 1, Kaiten-yaki just overwrites an existing logical volume in the LUKS volume. Also, in this case, Kaiten-yaki registers a new key file for the new installation. Thus, while the number of the installed Linux is the same, the number of the used LUKS key slot is increased. 
 Eventually, the user fails to install even the installed Linux is small like 2 or 3, if there is not vacant LUKS key slot.  
 # Managing key slots
 Some users may want to delete a key slot to install another distribution. In this case, they must know which LUKS key slots are used or not. 
 This section explains how to investigate the used slots. 
 First of all, user can list the status of the all LUKS key slots. The example of this command is shown below. Slot 0, 1, and 2 are occupied : 
 ```
 takemasa@mate-vm:~$ sudo cryptsetup luksDump /dev/sda2 | grep -i bled
 Key Slot 0: ENABLED
 Key Slot 1: ENABLED
 Key Slot 2: ENABLED
 Key Slot 3: DISABLED
 Key Slot 4: DISABLED
 Key Slot 5: DISABLED
 Key Slot 6: DISABLED
 Key Slot 7: DISABLED
 ```
 If there is still a vacant LUKS key slot, the user can install another distribution without deleting the existing slot. But if there is not vacant LUKS key slot at all, the user must delete an occupied but unused slot. To know such a slot, the user must mark all the occupied and used slots. 
 First of all, check the LUKS key slot for the user passphrase. Run the followings command. 
 ```sh
 cryptsetup -v --test-passphrase luksOpen /dev/sdXN
 ```
 Where X is a, b, c..., N is 1, 2, 3...
 The command will prompt to type the passphrase to decrypt. If the user types the correct passphrase, the command shows the key slot number of that passphrase. The followings are the example :  
 ```
 takemasa@mate-vm:~$ sudo cryptsetup -v --test-passphrase luksOpen /dev/sda2
 Enter passphrase for /dev/sda2: 
 Key slot 0 unlocked.
 Command successful.
 ```
 We can see the slot 0 is used. 
 Next, run the following command **for each** installation of distribution. This command shows the slot number which stores the key of the passphrase file passing to the kernel. /etc/luks/boot_os.keyfile is created by Kaiten-yaki, during the installation
 ```sh
 sudo cryptsetup -v --test-passphrase luksOpen /dev/sdXN --key-file /etc/luks/boot_os.keyfile
 ```
 Followings are the sample execution : 
 ```
 takemasa@mate-vm:~$ sudo cryptsetup -v --test-passphrase luksOpen /dev/sda2 --key-file /etc/luks/boot_os.keyfile
 Key slot 2 unlocked.
 Command successful.
 ```
 By repeating this command inside all installations, the user can list up the occupied and used slots. The other slots are occupied but not used. 
 Finally, the user can delete the appropriate occupied but not used LUKS key slot by the following command. 
 ```sh
 sudo cryptsetup luksKillSlot /dev/sdXN key_slot_number_to_delete
 ```
 # Conclusion
 For the typical case like installing 2 or 3 distributions in a system, there is no problem to use Kaiten-yaki, at all. 
 But if users want to install as many as possible, or repeat the overwrite install, they must understand the number of the LUKS key slots. 
--- a/appnote/an03_itertime.md
+++ b/appnote/an03_itertime.md
@ -0,0 +1,48 @@
 # AN03 The ITERTIME parameter and vulnerability
 The ITERTIME configuration parameter in the config.sh can provide a better user experience during the passphrase input. It can reduce the pain of the longer passphrase and encourage users to use longer passphrases. 
 On the other hand, it may pull a vulnerability.
 The followings are the consideration around the ITERTIME parameter.
 ## The passphrase experience
 Let's assume there is a Ubuntu desktop system in which the disk was encrypted by Ubiquity installer without Kaiten-yaki. In this system, the /boot partition is installed as a separate and un-encrypted state. So, the Linux kernel file is not protected. 
 If the user mistyped the passphrase at boot, Ubuntu prompts to type a passphrase again. There is no pain. It just asks. 
 Now, let's see what's happen if a user mistyped the passphrase on the system which was installed by Kaiten-yaki. It takes a very wrong time to see the error message. And the system doesn't prompt to type again ( The prompt issue is discussed in the [AN01](an01_howtorecover.md) ). Especially, the more number of the installations in a system makes the longer duration till the error message. Sometimes this is unbearable pain to the user. 
 This kind of pain de-motivates users to use a long passphrase, because the longer passphrase causes more mistypes. As a result, some users may use the shorter passphrase. The bad user experience of passphrase input may help the malicious attackers.
 ## Why the full disk encryption is so slow at passphrase input
 GRUB is the root cause of this slow user passphrase matching. 
 The passphrase is hashed and stored to LUKS key slot when a LUKS volume is created ( or, a new passphrase is added ). The stored hash value is not simple. The cryptsetup command makes hash value from the user passphrase. And then, create the next hash from this hash. And then, create a third hash from the 2nd hash, so on. This repeating is named [key stretching](https://en.wikipedia.org/wiki/Key_stretching). 
 The key stretching technique enforces malicious attackers to use more computation resources on the brute force attacking. The more stretching iteration times require the more resources to attack. 
 Of course, there is a balance and security strength. By default, the cryptsetup command takes the iteration needing 1 sect to calculate the passphrase hash, for the LUKS1 format. This sounds like a good balance. The cryptsetup runs on Linux when it calculates the appropriate iteration of key stretching. So, there is no problem if Linux challenges user passwords. It will take about 1 sec, by default on the Linux system. 1 second is acceptable for almost users. 
 But there is a pitfall. On the full disk encryption system by Kaiten-yaki, the /boot is encrypted. So, to load the Linux kernel, GRUB has to decrypt the LUKS volume. That means GRUB has to calculate the passphrase hash. Unfortunately, this calculation is slower than Linux's one. Thus the user has to wait longer than 1 second.
 The duration by GRUB to calculate the passphrase hash value is up to the system. It depends on the CPU. Also, In addition to this slow hashing, GRUB has to scan all used key slots when the user mistyped. For example, if 3 distributions are installed in a LUKS volume by Kaiten-yaki, 4 key slots are used. Thus, if it takes 10 seconds to challenged one hash by GRUB, this system takes 40seconds to show "The wrong password". 
 This is the mechanism of the slow response at the passphrase input. 
 ## The key stretching, the --iter-time parameter, and the vulnerability
 Kaiten-yaki can relax this pain by ITERTIME configuration parameter in config.sh. This parameter is passed to the cryptsetup command as --iter-time parameter. 
 By setting 1000 to the ITERTIME, cryptsetup takes the key stretching iteration cycle to take 1000 milliseconds.  By setting 100, it will be 100 milliseconds. It is believed the default value of --iter-time is 1000 ( Its compile default ). Thus, choosing 100 as ITERTIME shorten the duration to the "Wrong password" from 40 seconds to 4 seconds, in the above example. This sounds acceptable. 
 On the other hand, the smaller ITERTIME is the weaker to the bute force attack. It is assumed the strength of the passphrase hash is linear to the ITERTIME parameter ( --iter-time parameter of cryptsetup ).
 ## The longer passphrase vs. longer key stretching
 While the passphrase hash strength is considered linear to the key stretching iteration, the passphrase strength is exponential to its length. 
 There many discussions on the strength of the passphrase. Simply speaking, Adding one alphabet ( a-z ) may expand its strength 26 times. That is why the long passphrase is very important. 
 The 1/10 strength of the key stretching can be covered by adding 1 character to the passphrase. 
 ## Conclusion
 The full disk encryption will give big pain to the user at the passphrase input phase. It seems to be reasonable to use the smaller ITERTIME ( --iter-time ) parameter to encourage the user to use the longer passphrase like 20 letters, from the viewpoint of security. 
 The security policy is up to the people, community, and mission. The consideration here assumed the desktop PC as a hobby. For mission-critical usage, the user should consult security experts. 
--- a/appnote/an04_favoritepartition.md
+++ b/appnote/an04_favoritepartition.md
@ -0,0 +1,44 @@
 # AN04 How to make LUKS volume to the favorite partition
 Kaiten-yaki creates the LUKS volume on the 1st partition for the BIOS system ( 2nd partition for the EFI system ) by default. Also, Kaiten-yaki assigns all space for the  LUKS volume, except the space for the EFI partition. 
 This application note explains how to use the favorite partition with favorite size for LUKS volume. 
 ## Step 1: Making partitions
 To use custom partitioning, the user must create all partitions by themselves. The user can do it with the popular partitioning tool like gparted. It is recommended to set the partition table as  MBR and GPT for BIOS and EFI systems, respectively. 
 In this documentation, we assume the user wants to use /dev/sda5 as LUKS partition to install Ubuntu, as example. 
 ## Step 2: Configuration
 Next user must configure the config.sh. 
 The first parameter to edit is **DEV** parameter which represents the target device. In this example, it must be set as /dev/sda.
 ```sh
 export DEV="/dev/sda"
 ```
 The second parameter to edit is **CRYPTPARTITION**. By default, this parameter is set automatically according to the firmware type. The EFIPARTITION parameter can be left untouched. This parameter is not used. 
 ```sh
 if [  ${ISEFI} -ne 0  ] ; then 
 # EFI firmware
 export EFIPARTITION=1
 export CRYPTPARTITION=5
 else
 # BIOS firmware
 export CRYPTPARTITION=5
 fi  # EFI firmware
 ```
 Makes sure the **ERASEALL** and **OVERWRITEINSTALL** are 0.
 ## Step 3: Make LUKS partition
 After saving the customer config.sh, run the following command to set the environment variable. 
 ```sh
 source config.sh
 ```
 Then, run the following command to create a LUKS volume. 
 ```sh
 cryptsetup luksFormat --iter-time "${ITERTIME}" --type=luks1 "${DEV}${CRYPTPARTITION}"
 ```
 This command sets up the LUKS volume on the specified partition. This command also asks for the passphrase of this LUKS volume. 
 ## Step 4: Run Kaiten-yaki
 Now, it's a time to run Kaiten-yaki
 ```sh
 source kaiten-yaki-ubuntu
 ```
 All other operations are same with usual install. 
--- a/image/an01_bios.png
+++ b/image/an01_bios.png
--- a/image/an01_efi.png
+++ b/image/an01_efi.png
--- a/image/an01_normal.png
+++ b/image/an01_normal.png
--- a/script/config.sh
+++ b/script/config.sh
@ -8,30 +8,39 @@ export DEV="/dev/sda"
 # Whether you want to erase all contents of the storage device or not.
 # 1 : Yes, I want to erase all.
 # 0 : No, I don't. I want to add to the existing LUKS volume. 
-export ERASEALL=1
+export ERASEALL=0
-# Logical Volume name for your Linux installation. Keep it unique from other distribution.
+# Logical Volume name for your Linux installation. 
 # Keep it unique from other distribution.
 export LVROOTNAME="anko"
 # Logical volume size of the Linux installation.
-# 30% mean, new logical volume will use 30% of the free space in the LVM volume group.
+# 30% mean, new logical volume will use 30% of the free space 
-# For example, assume the free space is 100GB, and LVROOTSIZE is 30%FREE. Script will create 30GB logical volume.  
+# in the LVM volume group. For example, assume the free space is 100GB, 
 # and LVROOTSIZE is 30%FREE. Script will create 30GB logical volume.  
 export LVROOTSIZE="50%FREE"
-# Set the size of EFI partition and swap partition. The unit is Byte. you can use M,G... notation.
+# Set the size of EFI partition and swap partition. 
 # The unit is Byte. You can use M,G... notation.
 export EFISIZE="200M"
 export LVSWAPSIZE="8G"
 # Usually, these names can be left untouched. 
-# If you change, keep them consistent through all instllation in your system.
+# If you change, keep them consistent through all installation in your system.
 export CRYPTPARTNAME="luks_volume"
 export VGNAME="vg1"
 export LVSWAPNAME="swap"
-# Do not touch this parameter, unless you understand precisely what you are doing.
+# Do not touch this parameter, unless you understand what you are doing.
-# 1 : Overwrite the existing logical volume as root vlume. 0 : Create new logical volume as root volume. 
+# 1 : Overwrite the existing logical volume as root volume. 
 # 0 : Create new logical volume as root volume. 
 export OVERWRITEINSTALL=0
 # Do not touch this parameter, unless you understand what you are doing.
 # This is a paameter value of the --iter-time option for cyrptsetup command. 
 # If you specify 1000, that means 1000mSec. 0 means compile default.  
 export ITERTIME=0
 # Void Linux only. Ignored in Ubuntu.
 # The font size of the void-installer
 export XTERMFONTSIZE=11
--- a/script/lib/chrooted_job_ubuntu.sh
+++ b/script/lib/chrooted_job_ubuntu.sh
@ -0,0 +1,48 @@
 #!/bin/bash
 # Include configuration. This sript file have to be executed at Kaiten-yaki/script dir
 # shellcheck disable=SC1091
 source config.sh
 # Create a key file for LUKS and register it as contents of the initramfs image
 function chrooted_job() {
 	# Mount the rest of partitions by target /etc/fstab
 	mount -a
 	# Prepare the crypto tool in the install target
 	echo "...Installing cryptsetup-initramfs package."
 	apt -qq install -y cryptsetup-initramfs
 	# Prepare a new key file to embed in to the ramfs.
 	# This new file contains a new key to open the LUKS volume. 
 	# The new key is 4096byte length binary value. 
 	# Because this key is sotred as "cleartext", in the target file sysmte,
 	# only root is allowed to access this key file. 
 	echo "...Prepairing key file."
 	mkdir /etc/luks
 	dd if=/dev/urandom of=/etc/luks/boot_os.keyfile bs=4096 count=1 status=none
 	chmod u=rx,go-rwx /etc/luks
 	chmod u=r,go-rwx /etc/luks/boot_os.keyfile
 	# Add the new key to the LUKS 2nd key slot. The passphrase is required to modify the LUKS keyslot.  
 	echo "...Adding a key to the key file."
 	printf %s "${PASSPHRASE}" | cryptsetup luksAddKey --iter-time "${ITERTIME}" -d - "${DEV}${CRYPTPARTITION}" /etc/luks/boot_os.keyfile
 	# Register the LUKS voluem to /etc/crypttab to tell "This volume is encrypted" 
 	echo "...Adding LUKS volume info to /etc/crypttab."
 	echo "${CRYPTPARTNAME} UUID=$(blkid -s UUID -o value ${DEV}${CRYPTPARTITION}) /etc/luks/boot_os.keyfile luks,discard" >> /etc/crypttab
 	# Add key file to the list of the intems in initfsram. 
 	echo "...Registering key file to the ramfs"
 	echo "KEYFILE_PATTERN=/etc/luks/*.keyfile" >> /etc/cryptsetup-initramfs/conf-hook
 	echo "UMASK=0077" >> /etc/initramfs-tools/initramfs.conf
 	# Finally, update the ramfs initial image with the key file. 
 	echo "...Upadting initramfs."
 	update-initramfs -uk all
 	# Leave chroot
 }
 # Execute job
 chrooted_job
--- a/script/lib/chrooted_job_void.sh
+++ b/script/lib/chrooted_job_void.sh
@ -0,0 +1,49 @@
 #!/bin/bash
 # Include configuration. This sript file have to be executed at Kaiten-yaki/script dir
 # shellcheck disable=SC1091
 source config.sh
 # Create a key file for LUKS and register it as contents of the initramfs image
 function chrooted_job() {
 	# Mount the rest of partitions by target /etc/fstab
 	mount -a
 	# Prepare the crypto tool in the install target
 	echo "...Installing cryptsetup-initramfs package."
 	xbps-install -y lvm2 cryptsetup
 	# Prepare a new key file to embed in to the ramfs.
 	# This new file contains a new key to open the LUKS volume. 
 	# The new key is 4096byte length binary value. 
 	# Because this key is sotred as "cleartext", in the target file sysmte,
 	# only root is allowed to access this key file. 
 	echo "...Prepairing key file."
 	mkdir /etc/luks
 	dd if=/dev/urandom of=/etc/luks/boot_os.keyfile bs=4096 count=1 status=none
 	chmod u=rx,go-rwx /etc/luks
 	chmod u=r,go-rwx /etc/luks/boot_os.keyfile
 	# Add the new key to the LUKS 2nd key slot. The passphrase is required to modify the LUKS keyslot.  
 	echo "...Adding a key to the key file."
 	printf %s "${PASSPHRASE}" | cryptsetup luksAddKey --iter-time "${ITERTIME}" -d - "${DEV}${CRYPTPARTITION}" /etc/luks/boot_os.keyfile
 	# Register the LUKS voluem to /etc/crypttab to tell "This volume is encrypted" 
 	echo "...Adding LUKS volume info to /etc/crypttab."
 	echo "${CRYPTPARTNAME} UUID=$(blkid -s UUID -o value ${DEV}${CRYPTPARTITION}) /etc/luks/boot_os.keyfile luks,discard" >> /etc/crypttab
 	# Add key file to the list of the intems in initfsram. 
 	echo "...Registering key file to the ramfs"
 	echo 'install_items+=" /etc/luks/boot_os.keyfile /etc/crypttab " ' > /etc/dracut.conf.d/10-crypt.conf
 	# Finally, update the ramfs initial image with the key file. 
 	echo "...Upadting initramfs."
 	xbps-reconfigure -fa
 	echo "...grub-mkconfig."
 	grub-mkconfig -o /boot/grub/grub.cfg
 	# Leave chroot
 }
 # Execute job
 chrooted_job
--- a/script/lib/common.sh
+++ b/script/lib/common.sh
@ -70,9 +70,9 @@ function confirmation(){
 		return 1 # with error status
 	fi	# if YES
-	# For sure ask to be sure to erase. 
+	# For sure ask to erase. 
 	if [ "${ERASEALL}" -ne 0 ] ; then
-		echo "Are you sure you want to erase entire ${DEV}? [Y/N]"
+		echo "Are you sure you want to erase entire \"${DEV}\"? [Y/N]"
 		read -r YESNO
 		if [ "${YESNO}" != "Y" ] && [ "${YESNO}" != "y" ] ; then
 			cat <<-HEREDOC 
@ -84,6 +84,20 @@ function confirmation(){
 		fi	# if YES
 	fi	# if erase all
 	# For sure ask to overwrite. 
 	if [ "${OVERWRITEINSTALL}" -ne 0 ] ; then
 		echo "Are you sure you want to overwrite \"${LVROOTNAME}\" in \"${VGNAME}\"? [Y/N]"
 		read -r YESNO
 		if [ "${YESNO}" != "Y" ] && [ "${YESNO}" != "y" ] ; then
 			cat <<-HEREDOC 
 		...Check your config.sh. The variable OVERWRITEINSTALL is ${OVERWRITEINSTALL}.
 		...Installation process terminated..
 		HEREDOC
 		return 1 # with error status
 		fi	# if YES
 	fi	# if overwrite
 	# ----- Set Passphrase -----
 	# Input passphrase
 	echo ""
@ -110,7 +124,7 @@ function confirmation(){
 # ******************************************************************************* 
-#                                Pre-install stage 
+#                           Common Pre-install stage 
 # ******************************************************************************* 
 function pre_install() {
@ -124,32 +138,38 @@ function pre_install() {
 			# Zap existing partition table and create new GPT
 			echo "...Initializing \"${DEV}\" with GPT."
 			sgdisk --zap-all "${DEV}"
 			if is_error ; then return 1 ; fi; 	# If error, terminate
 			# Create EFI partition and format it
 			echo "...Creating an EFI partition on \"${DEV}\"."
 			# shellcheck disable=SC2140
 			sgdisk --new="${EFIPARTITION}":0:+"${EFISIZE}" --change-name="${EFIPARTITION}":"EFI System"  --typecode="${EFIPARTITION}":ef00 "${DEV}"  
 			if is_error ; then return 1 ; fi; 	# If error, terminate
 			echo "...Formatting the EFI parttion."
 			mkfs.vfat -F 32 -n EFI-SP "${DEV}${EFIPARTITION}"
 			if is_error ; then return 1 ; fi; 	# If error, terminate
 			# Create Linux partition
 			echo "...Creating a Linux partition on ${DEV}."
 			# shellcheck disable=SC2140
 			sgdisk --new="${CRYPTPARTITION}":0:0    --change-name="${CRYPTPARTITION}":"Linux LUKS" --typecode="${CRYPTPARTITION}":8309 "${DEV}"
 			if is_error ; then return 1 ; fi; 	# If error, terminate
 			# Then print them
 			sgdisk --print "${DEV}"
 		else # BIOS
 			# Zap existing partition table
 			echo "...Erasing partition table of \"${DEV}\"."
 			dd if=/dev/zero of="${DEV}" bs=512 count=1
 			if is_error ; then return 1 ; fi; 	# If error, terminate
 			# Create MBR and allocate max storage for Linux partition
 			echo "...Creating a Linux partition on ${DEV} with MBR."
 			sfdisk "${DEV}" <<- HEREDOC
 			2M,,L
 			HEREDOC
 			if is_error ; then return 1 ; fi; 	# If error, terminate
 		fi	# if EFI firmware
 		# Encrypt the partition to install Linux
 		echo "...Initializing \"${DEV}${CRYPTPARTITION}\" as crypt partition"
-		printf %s "${PASSPHRASE}" | cryptsetup luksFormat --type=luks1 --key-file - --batch-mode "${DEV}${CRYPTPARTITION}"
+		printf %s "${PASSPHRASE}" | cryptsetup luksFormat --iter-time "${ITERTIME}" --type=luks1 --key-file - --batch-mode "${DEV}${CRYPTPARTITION}"
 	fi	# if erase all
@ -180,8 +200,10 @@ function pre_install() {
 	else
 		echo "...Initializing a physical volume on \"${CRYPTPARTNAME}\""
 		pvcreate /dev/mapper/"${CRYPTPARTNAME}"
 		if [ $? -ne 0 ] ; then deactivate_and_close; return 1 ; fi;
 		echo "...And then creating Volume group \"${VGNAME}\"."
 		vgcreate "${VGNAME}" /dev/mapper/"${CRYPTPARTNAME}"
 		if [ $? -ne 0 ] ; then deactivate_and_close; return 1 ; fi;
 	fi # if /dev/volume-groupt exist
 	# Create a SWAP Logical Volume on VG, if it doesn't exist
@ -190,6 +212,7 @@ function pre_install() {
 	else
 		echo "...Creating logical volume \"${LVSWAPNAME}\" on \"${VGNAME}\"."
 		lvcreate -L "${LVSWAPSIZE}" -n "${LVSWAPNAME}" "${VGNAME}" 
 		if [ $? -ne 0 ] ; then deactivate_and_close; return 1 ; fi;
 	fi	# if /dev/mapper/swap volume already exit. 
 	# Create a ROOT Logical Volume on VG. 
@ -217,6 +240,7 @@ function pre_install() {
 		else # not exist and not overwrite install
 			echo "...Creating logical volume \"${LVROOTNAME}\" on \"${VGNAME}\"."
 			lvcreate -l "${LVROOTSIZE}" -n "${LVROOTNAME}" "${VGNAME}"
 			if [ $? -ne 0 ] ; then deactivate_and_close; return 1 ; fi;
 		fi
 	fi
@ -259,6 +283,54 @@ function para_install_msg() {
 	return 0
 }
 # ******************************************************************************* 
 #                  Common post-install stage
 # ******************************************************************************* 
 # In side this script, the chrooted job is parameterrized as by evn variable TARGETCHROOTEDJOB
 function post_install() {
 	## Mount the target file system
 	# ${TARGETMOUNTPOINT} is created by the GUI/TUI installer
 	echo "...Mounting /dev/mapper/${VGNAME}-${LVROOTNAME} on ${TARGETMOUNTPOINT}."
 	mount /dev/mapper/"${VGNAME}"-"${LVROOTNAME}" "${TARGETMOUNTPOINT}"
 	# And mount other directories
 	echo "...Mounting all other dirs."
 	for n in proc sys dev tmp etc/resolv.conf; do mount --rbind "/$n" "${TARGETMOUNTPOINT}/$n"; done
 	# Copy all scripts to the target /tmp for using in chroot session. 
 	echo "...Copying files in current dir to ${TARGETMOUNTPOINT}/tmp."
 	mkdir "${TARGETMOUNTPOINT}/tmp/kaiten-yaki"
 	cp -r ./* -t "${TARGETMOUNTPOINT}/tmp/kaiten-yaki"
 	# Change root and create the keyfile and ramfs image for Linux kernel. 
 	# The here-document is script executed under chroot. At here we call 
 	# the distribution dependent script "lib/chrooted_job_${DISTRIBUTIONSIGNATURE}.sh",
 	# which was copied to /temp at previous code.
 	echo "...Chroot to ${TARGETMOUNTPOINT}. and execute chrooted_job_${DISTRIBUTIONSIGNATURE}.sh"
 	# shellcheck disable=SC2086
 	cat <<- HEREDOC | chroot "${TARGETMOUNTPOINT}" /bin/bash
 		cd /tmp/kaiten-yaki
 		# Execute copied script
 		source "lib/chrooted_job_${DISTRIBUTIONSIGNATURE}.sh"
 	HEREDOC
 	# Unmount all. -l ( lazy ) option is added to supress the busy error. 
 	echo "...Unmounting all."
 	umount -R -l "${TARGETMOUNTPOINT}"
 	# Finishing message
 	cat <<- HEREDOC
 	****************** Post-install process finished ******************
 	...Ready to reboot.
 	HEREDOC
 	return 0
 } # End of post_install_local()
 # ******************************************************************************* 
 #              Deactivate all LV in the VG and close LUKS volume
 # ******************************************************************************* 
@ -280,13 +352,15 @@ function deactivate_and_close(){
 # ******************************************************************************* 
 function on_unexpected_installer_quit(){
 	echo "***** ERROR : The GUI/TUI installer terminated unexpectedly. *****" 
-	if [ "${OVERWRITEINSTALL}" -eq 0 ] ; then	# If not over install, volume is new. So delete it
+	if [ "${OVERWRITEINSTALL}" -ne 0 ] ; then	# If overwrite install, keep the volume
 		echo "...Keep logical volume \"${VGNAME}-${LVROOTNAME}\" untouched."
 	else # if not overwrite istall, delete the new volume
 		echo "...Deleting the new logical volume \"${VGNAME}-${LVROOTNAME}\"."
 		lvremove -f /dev/mapper/"${VGNAME}"-"${LVROOTNAME}" 
 	fi
 	# Deactivate all lg and close the LUKS volume
 	deactivate_and_close
-	echo "...The new logical volume has been deleted. You can retry Kaiten-yaki again." 
+	echo "...You can retry Kaiten-yaki again." 
 }
@ -316,3 +390,20 @@ function distribution_check(){
 	# no error
 	return 0
 }
 # ******************************************************************************* 
 #              Error report and return revsers status.  
 # ******************************************************************************* 
 function is_error() {
 	if [ $? -eq 0 ] ; then # Is previous job OK? 
 		return 1	# If OK, return error ( because it was not error )
 	else
 		cat <<- HEREDOC
 		**** ERROR ! ****
 		Installation process terminated. 
 		HEREDOC
 		return 0	# If error, return OK ( because it was error )
 	fi;
 }
--- a/script/ubuntu-kaiten-yaki.sh
+++ b/script/ubuntu-kaiten-yaki.sh
@ -5,14 +5,13 @@
 	source ./config.sh
 	# Load common functions
-	source ./lib.sh
+	source ./lib/common.sh
 function main() {
 	# This is the mount point of the install target. 
 	export TARGETMOUNTPOINT="/target"
 	# ******************************************************************************* 
 	#                                Confirmation before installation 
 	# ******************************************************************************* 
@ -55,7 +54,8 @@ function main() {
 	# ******************************************************************************* 
 	# Distribution dependent finalizing. Embedd encryption key into the ramfs image.
-	post_install_local
+	# The script is parameterized by env-variable to fit to the distribution 
 	post_install
 	# Normal end
 	return 0
@ -100,70 +100,6 @@ function para_install_local() {
 	return 0
 }
 # ******************************************************************************* 
 # Ubuntu dependent post-installation process
 function post_install_local() {
 	## Mount the target file system
 	# ${TARGETMOUNTPOINT} is created by the GUI/TUI installer
 	echo "...Mounting /dev/mapper/${VGNAME}-${LVROOTNAME} on ${TARGETMOUNTPOINT}."
 	mount /dev/mapper/"${VGNAME}"-"${LVROOTNAME}" ${TARGETMOUNTPOINT}
 	# And mount other directories
 	echo "...Mounting all other dirs."
 	for n in proc sys dev etc/resolv.conf; do mount --rbind "/$n" "${TARGETMOUNTPOINT}/$n"; done
 	# Change root and create the keyfile and ramfs image for Linux kernel. 
 	echo "...Chroot to ${TARGETMOUNTPOINT}."
 	# shellcheck disable=SC2086
 	cat <<- HEREDOC | chroot ${TARGETMOUNTPOINT} /bin/bash
 		# Mount the rest of partitions by target /etc/fstab
 		mount -a
 		# Set up the kernel hook of encryption
 		echo "...Installing cryptsetup-initramfs package."
 		apt -qq install -y cryptsetup-initramfs
 		# Prepare a key file to embed in to the ramfs.
 		echo "...Prepairing key file."
 		mkdir /etc/luks
 		dd if=/dev/urandom of=/etc/luks/boot_os.keyfile bs=4096 count=1 status=none
 		chmod u=rx,go-rwx /etc/luks
 		chmod u=r,go-rwx /etc/luks/boot_os.keyfile
 		# Add a key to the key file. Use the passphrase in the environment variable. 
 		echo "...Adding a key to the key file."
 		printf %s "${PASSPHRASE}" | cryptsetup luksAddKey -d - "${DEV}${CRYPTPARTITION}" /etc/luks/boot_os.keyfile
 		# Add the LUKS volume information to /etc/crypttab to decrypt by kernel.  
 		echo "...Adding LUKS volume info to /etc/crypttab."
 		echo "${CRYPTPARTNAME} UUID=$(blkid -s UUID -o value ${DEV}${CRYPTPARTITION}) /etc/luks/boot_os.keyfile luks,discard" >> /etc/crypttab
 		# Putting key file into the ramfs initial image
 		echo "...Registering key file to the ramfs"
 		echo "KEYFILE_PATTERN=/etc/luks/*.keyfile" >> /etc/cryptsetup-initramfs/conf-hook
 		echo "UMASK=0077" >> /etc/initramfs-tools/initramfs.conf
 		# Finally, update the ramfs initial image with the key file. 
 		echo "...Upadting initramfs."
 		update-initramfs -uk all
 		# Leave chroot
 	HEREDOC
 	# Unmount all
 	echo "...Unmounting all."
 	umount -R ${TARGETMOUNTPOINT}
 	# Finishing message
 	cat <<- HEREDOC
 	****************** Post-install process finished ******************
 	...Ready to reboot.
 	HEREDOC
 	return 0
 } # End of post_install_local()
 # ******************************************************************************* 
--- a/script/void-kaiten-yaki.sh
+++ b/script/void-kaiten-yaki.sh
@ -5,14 +5,13 @@
 	source ./config.sh
 	# Load common functions
-	source ./lib.sh
+	source ./lib/common.sh
 function main() {
 	# This is the mount point of the install target. 
 	export TARGETMOUNTPOINT="/mnt/target"
 	# ******************************************************************************* 
 	#                                Confirmation before installation 
 	# ******************************************************************************* 
@ -50,14 +49,14 @@ function main() {
 	else
 		# Not yet. Let's add.
 		echo "...Modify /etc/default/grub."
-		sed -i "s#loglevel=4#loglevel=4 ${GRUB_ADDITIONAL_PARAMETERS}#" /etc/default/grub
+		sed -i -e  "/GRUB_CMDLINE_LINUX_DEFAULT/{s#\"#  ${GRUB_ADDITIONAL_PARAMETERS}\"#2}"  /etc/default/grub
 	fi
 	# Common part of the pre-install stage
 	if ! pre_install ; then
-		echo "...restoring modified /etc/default/grub."
+		# If error, restore the modification.
-		sed -i "s#loglevel=4 ${GRUB_ADDITIONAL_PARAMETERS}#loglevel=4#" /etc/default/grub
+		echo "...restoring /etc/default/grub, if needed"
 		sed -i -e "s#${GRUB_ADDITIONAL_PARAMETERS}##" /etc/default/grub
 		return 1 # with error status
 	fi
@ -76,7 +75,8 @@ function main() {
 	# ******************************************************************************* 
 	# Distribution dependent finalizing. Embedd encryption key into the ramfs image. 
-	post_install_local
+	# The script is parameterized by env-variable to fit to the distribution 
 	post_install
 	# Normal end
 	return 0
@ -128,71 +128,6 @@ function para_install_local() {
 	return 0
 }
 # ******************************************************************************* 
 # Void Linux dependent post-installation process
 function post_install_local() {
 	## Mount the target file system
 	# ${TARGETMOUNTPOINT} is created by the GUI/TUI installer
 	echo "...Mounting /dev/mapper/${VGNAME}-${LVROOTNAME} on ${TARGETMOUNTPOINT}."
 	mount /dev/mapper/"${VGNAME}"-"${LVROOTNAME}" ${TARGETMOUNTPOINT}
 	# And mount other directories
 	echo "...Mounting all other dirs."
 	for n in proc sys dev etc/resolv.conf; do mount --rbind "/$n" "${TARGETMOUNTPOINT}/$n"; done
 	# Change root and create the keyfile and ramfs image for Linux kernel. 
 	echo "...Chroot to ${TARGETMOUNTPOINT}."
 	# shellcheck disable=SC2086
 	cat <<- HEREDOC | chroot ${TARGETMOUNTPOINT} /bin/bash
 		# Mount the rest of partitions by target /etc/fstab
 		mount -a
 		# Set up the kernel hook of encryption
 		echo "...Installing cryptsetup-initramfs package."
 		xbps-install -y lvm2 cryptsetup
 		# Prepare a key file to embed in to the ramfs.
 		echo "...Prepairing key file."
 		mkdir /etc/luks
 		dd if=/dev/urandom of=/etc/luks/boot_os.keyfile bs=4096 count=1 status=none
 		chmod u=rx,go-rwx /etc/luks
 		chmod u=r,go-rwx /etc/luks/boot_os.keyfile
 		# Add a key to the key file. Use the passphrase in the environment variable. 
 		echo "...Adding a key to the key file."
 		printf %s "${PASSPHRASE}" | cryptsetup luksAddKey -d - "${DEV}${CRYPTPARTITION}" /etc/luks/boot_os.keyfile
 		# Add the LUKS volume information to /etc/crypttab to decrypt by kernel.  
 		echo "...Adding LUKS volume info to /etc/crypttab."
 		echo "${CRYPTPARTNAME} UUID=$(blkid -s UUID -o value ${DEV}${CRYPTPARTITION}) /etc/luks/boot_os.keyfile luks,discard" >> /etc/crypttab
 		# Putting key file into the ramfs initial image
 		echo "...Registering key file to the ramfs"
 		echo 'install_items+=" /etc/luks/boot_os.keyfile /etc/crypttab " ' > /etc/dracut.conf.d/10-crypt.conf
 		# Finally, update the ramfs initial image with the key file. 
 		echo "...Upadting initramfs."
 		xbps-reconfigure -fa
 		echo "...grub-mkconfig."
 		grub-mkconfig -o /boot/grub/grub.cfg
 		# Leave chroot
 	HEREDOC
 	# Unmount all
 	echo "...Unmounting all."
 	umount -R ${TARGETMOUNTPOINT}
 	# Finishing message
 	cat <<- HEREDOC
 	****************** Post-install process finished ******************
 	...Ready to reboot.
 	HEREDOC
 	return 0
 } # End of post_install_local()
 # *******************************************************************************