+ sleep 3
+
+ mkfs.fat -F32 $(efidev)
+
+ if $even_big_part && [[ $dev == "$even_big_dev" ]]; then
+ luks-setup $(even_bigdev)
+ mkfs.btrfs -f $(crypt-dev $(even_bigdev))
+ fi
+
+ # Holds just a single file, rarely written, so
+ # use ext2, like was often used for the /boot partition.
+ # This exists because grub can only persist data to a non-cow fs.
+ # And we use persisting a var in grub to do a one time boot.
+ # We could pass the data on the kernel command line and persist it
+ # to grubenv after booting, but that relies on the boot always succeeding.
+ # This is just a bit more robust, and it could work for booting
+ # into ipxe which can't persist data, if we ever got that working.
+ mkfs.ext2 $(grub_extdev)
+ luks-setup $(rootdev)
+
+ if [[ $SPECIAL_DISK ]]; then
+ exit 0
+ fi
+ done
+ ls -la /dev/btrfs-control # this was probably for debugging...
+ sleep 1
+ bpart $(for dev in ${devs[@]}; do root-cryptdev; done)
+ bpart ${boot_devs[@]}
+else
+ for dev in ${devs[@]}; do
+ if [[ -e /dev/mapper/$(root-cryptname) ]]; then
+ continue
+ fi
+ cryptsetup luksOpen $(rootdev) $(root-cryptname) \
+ --key-file $luks_file
+ done
+ sleep 1
+fi
+
+
+if $wipe && [[ $DISTRO != debianbullseye_bootstrap ]]; then
+ # bootstrap distro doesn't use separate encrypted root.
+ mount -o subvolid=0 $first_root_crypt /mnt
+ # systemd creates subvolumes we want to delete.
+ s=($(btrfs subvolume list --sort=-path /mnt |
+ sed -rn "s#^.*path\s*(root_$DISTRO/\S+)\s*\$#\1#p"))
+ for subvol in ${s[@]}; do btrfs subvolume delete /mnt/$subvol; done
+ btrfs subvolume set-default 0 /mnt
+ [[ ! -e /mnt/root_$DISTRO ]] || btrfs subvolume delete /mnt/root_$DISTRO
+
+ ## create subvols ##
+ cd /mnt
+
+ btrfs subvolume create root_$DISTRO
+
+ # could set default subvol like this, but no reason to.
+ # btrfs subvolume set-default \
+ # $(btrfs subvolume list . | grep "root_$DISTRO$" | awk '{print $2}') .
+
+ # For raid systems, cow allows for error correction, for non-raid systems,
+ # protects root fs from having the plug pulled. Reprovisioning a root
+ # subvol is not my favorite thing to do.
+ # # no cow on the root filesystem. it's setup is fully scripted,
+ # # if it's messed up, we will just recreated it,
+ # # and we can get better perf with this.
+ # # I can't remember exactly why, but this is preferable to mounting with
+ # # -o nodatacow, I think because subvolumes inherit that.
+ # chattr -Rf +C root_$DISTRO
+ cd /
+ umount /mnt
+fi
+
+mount -o subvolid=0 $first_boot_dev /mnt
+cd /mnt
+btrfs subvolume set-default 0 /mnt # already default, just ensuring it.
+
+# for libreboot systems. grub2 only reads from subvolid=0
+mkdir -p /mnt/grub2
+cp $FAI/distro-install-common/libreboot_grub.cfg /mnt/grub2
+
+if [[ $DISTRO == debianbullseye_bootstrap ]]; then
+ # this is just convenience for the libreboot_grub config
+ # so we can glob the other ones easier.
+ boot_vol=$DISTRO
+else
+ boot_vol=boot_$DISTRO
+fi
+if $wipe && [[ -e /mnt/$boot_vol ]]; then
+ btrfs subvolume delete /mnt/$boot_vol
+fi
+if [[ ! -e /mnt/$boot_vol ]]; then
+ btrfs subvolume create $boot_vol
+fi
+cd /
+umount /mnt
+## end create subvols ##
+
+dev=${boot_devs[0]}
+mount $first_grub_extdev /mnt
+grub-editenv /mnt/grubenv set did_fai_check=true
+grub-editenv /mnt/grubenv set last_boot=/$boot_vol
+umount /mnt
+
+fstabstd=x-systemd.device-timeout=30s,x-systemd.mount-timeout=30s
+if [[ $DISTRO == debianbullseye_bootstrap ]]; then
+ cat > /tmp/fai/fstab <<EOF
+$first_boot_dev / btrfs noatime,subvol=$boot_vol 0 0
+$first_efi /boot/efi vfat nofail,$fstabstd 0 0
+EOF
+ cat >/tmp/fai/disk_var.sh <<EOF
+BOOT_DEVICE="${short_devs[@]}"
+ROOT_PARTITION=$first_boot_dev
+EOF
+else
+ # note, fai creates the mountpoints listed here
+ cat > /tmp/fai/fstab <<EOF
+$first_root_crypt / btrfs $fstabstdopts,noatime,subvol=root_$DISTRO$mopts 0 0
+$first_root_crypt /mnt/root btrfs nofail,$fstabstd,noatime,subvolid=0$mopts 0 0
+$first_boot_dev /boot btrfs nofail,$fstabstd,noatime,subvol=$boot_vol 0 0
+$first_efi /boot/efi vfat nofail,$fstabstd 0 0
+$first_boot_dev /mnt/boot btrfs nofail,$fstabstd,noatime,subvolid=0 0 0
+EOF
+ swaps=()
+ rm -f /tmp/fai/crypttab
+ for dev in ${devs[@]}; do
+ swaps+=($(swap-cryptname))
+ cat >>/tmp/fai/crypttab <<EOF
+$(root-cryptname) $(rootdev) none keyscript=/root/keyscript,discard,luks,initramfs
+$(swap-cryptname) $(swapdev) /dev/urandom swap,cipher=aes-xts-plain64,size=256,hash=ripemd160
+EOF
+ cat >> /tmp/fai/fstab <<EOF
+$(swap-cryptdev) none swap nofail,$fstabstd,sw 0 0