Installation of Debian 11 UEFI on USB stick using 'debootstrap'

Requirements

Computer with 64 bit processor (Intel or AMD) and installed Debian 11 on HDD/SSD in UEFI mode.
For better results, 'Legacy mode' should be disabled in UEFI settings (so-called BIOS settings).
USB stick with minimum size of 4 GiB (32 GiB recommended).

Warning: all data on the USB stick will be destroyed during the installation!

In this guide the installation is performed on 32 GiB USB stick. Change the size of your partitions accordingly to your USB stick's maximum capacity.

Preparation

Install 'debootstrap'.

sudo apt update

      sudo apt upgrade

      sudo apt install debootstrap

Connect an USB stick to a computer.

Find the device name.

sudo dmesg

Read through the last entries of 'dmesg' output. In my case, the lines 'usb 2-5: New USB device found', 'usb 2-5: Product: Flash Drive' and '[sdb] 62656641 512-byte logical blocks: (32.1 GB/29.9 GiB)' indicate that the USB stick is identified as /dev/sdb.

Warning: if you select the wrong device during installation, all the data on that device will be destroyed.

Run 'lsblk' to list all avaliable devices.

lsblk

      NAME        MAJ:MIN RM   SIZE RO TYPE MOUNTPOINT
sda           8:0    0 931.5G  0 disk 
├─sda1        8:1    0   512M  0 part /boot/efi
├─sda2        8:2    0 119.2G  0 part /
├─sda3        8:3    0   3.7G  0 part [SWAP]
└─sda4        8:4    0 808.1G  0 part /home
sdb           8:16   1  29.9G  0 disk 
└─sdb1        8:17   1  29.9G  0 part

My USB stick has single partition formatted as FAT32 by manufacturer. It will be reformatted and all data on the partition along with partition table will be lost.

Partitioning the USB stick

Make sure you are formating the correct device! Use 'su -' command to switch user to root.

su -

      cd /

Check your $PATH variable.

echo "$PATH" | tr ':' '\n'

If it lacks '/sbin' and '/usr/sbin', add them (bash syntax).

declare -x PATH="$PATH:/sbin:/usr/sbin"

Use 'fdisk' to partition the device.

fdisk /dev/sdb

On 'fdisk' prompt type 'g' and press 'Enter' to create a new GPT disklabel.

Type 'n' to create a new partiton, press 'Enter' on prompts to select partiton number and the first sector. For last sector type '+560M'. If the boot partition will be smaller than 560 mebibytes, some buggy UEFI firmware may fail to read the contents of boot partition. This USB stick is created with intent to use it to boot from any computer with UEFI firmware. That's why the size of boot partition is set to 560M. Press 't' to change the type of partition, type '1' (number one) to select the 'EFI System' type. You can always type 'L' to view the list of all available partition types.

Type 'n' to create a new partition, press 'Enter' on prompts to select partiton number and the first sector. For last sector type '+2G'. Press 't' to change the type of partition, type '19' to select the 'Linux swap' type. It is important to have a swap partition on Linux system. Without swap, if the kernel runs out of memory, it will kill random process to free the memory. Depending on the process, the system may crash resulting in data loss.

Type 'n' to create a new partiton, press 'Enter' on prompts to select partiton number, the first sector and the last sector. Leave it as default 'Linux filesystem' partition.

Type 'w' and press 'Enter' to save partition table.

Run 'lsblk' to list all avaliable devices.

lsblk

        NAME        MAJ:MIN RM   SIZE RO TYPE MOUNTPOINT
sda           8:0    0 931.5G  0 disk 
├─sda1        8:1    0   512M  0 part /boot/efi
├─sda2        8:2    0 119.2G  0 part /
├─sda3        8:3    0   3.7G  0 part [SWAP]
└─sda4        8:4    0 808.1G  0 part /home
sdb           8:16   1  29.9G  0 disk 
├─sdb1        8:17   1   560M  0 part 
├─sdb2        8:18   1     2G  0 part 
└─sdb3        8:19   1  27.2G  0 part

Formatting the USB stick

EFI partition must have FAT32 filesystem. Make sure to specity '-F 32' parameter to 'mkfs.fat' or it may automatically choose FAT16 filesystem. Some UEFI systems are unable to boot from EFI partition formatted as FAT16. Use '-n' to set the volume name (label) to be able to easily identify it later. For FAT32 partition labels must be no longer than 11 characters and use only uppercase letters.

mkfs.fat -F 32 -n 'USBBOOT' /dev/sdb1

Format /dev/sdb2 as swap. '-L' parameter sets the label of the partition.

mkswap -L 'USBSWAP' /dev/sdb2

Format /dev/sdb3 as ext4 filesystem. '-L' parameter sets the label of the partition.

mkfs.ext4 -L 'USBROOT' /dev/sdb3

Run 'blkid' to check newly created and formatted partitions.

blkid | grep 'sdb'

Mounting the USB stick's partitions

Mount the /dev/sdb3 partition on /mnt using 'mount' command.

mount /dev/sdb3 /mnt

Create the /mnt/boot/efi directories using 'mkdir -p' command.

mkdir -p /mnt/boot/efi

Mount the /dev/sdb1 partition on /mnt/boot/efi/ using 'mount' command.

mount /dev/sdb1 /mnt/boot/efi/

Installation of Debian 11 on the USB stick

Temporarily move swap from your computer's HDD/SSD on the USB stick to not interfere with the installation of the new system.

Change the swap accordingly to your devices, in my case they are /dev/sda3 and /dev/sdb2.

swapon /dev/sdb2

      swapoff /dev/sda3

Install Debian 11 system on /mnt using 'debootstrap'. 'bullseye' is the codename of Debian 11.

debootstrap bullseye /mnt

If your current installation was performed without Internet connection from a 'Live DVD', you will need to add online sources to your /etc/apt/sources.list to be able to update.

Example of /etc/apt/sources.list containing only free software:

deb http://deb.debian.org/debian bullseye main

      deb http://deb.debian.org/debian-security/ bullseye-security main

      deb http://deb.debian.org/debian bullseye-updates main

Example of /etc/apt/sources.list containing free and proprietary software:

deb http://deb.debian.org/debian bullseye main contrib non-free

      deb http://deb.debian.org/debian-security/ bullseye-security main contrib non-free

      deb http://deb.debian.org/debian bullseye-updates main contrib non-free

Copy your /etc/apt/sources.list to /mnt/etc/apt/ directory using 'cp'.

cp /etc/apt/sources.list /mnt/etc/apt/

Copy /etc/fstab to /mnt/etc/ and edit it changing UUIDs to those listed by your 'blkid' command. Add 'noatime' to increase the lifespan of the USB stick.

cp /etc/fstab /mnt/etc/

      blkid | grep 'sdb'

      nano /mnt/etc/fstab

Example of /mnt/etc/fstab:

UUID=933946ff-74de-44ab-8954-1e8f3f18f1b7 / ext4 noatime,errors=remount-ro 0 1

      UUID=E273-C4A5 /boot/efi vfat noatime,umask=0077 0 1

      UUID=cde70597-9144-4456-ac81-04e21060928e none swap sw 0 0

      /dev/sr0 /media/cdrom0 udf,iso9660 user,noauto 0 0

Copy /etc/resolv.conf to /mnt/etc/ to have internet connection while being in chrooted environment.

cp /etc/resolv.conf /mnt/etc/

Mount virtual filesystems on /mnt.

mount -v --bind /dev /mnt/dev

      mount -vt devpts /dev/pts /mnt/dev/pts

      mount -vt proc /proc /mnt/proc

      mount -vt sysfs /sys /mnt/sys

      mount -vt tmpfs /run /mnt/run

Changing root into USB stick

Use 'chroot' command to change root into /mnt, which is the / filesystem of USB stick.

chroot /mnt

Check your $PATH variable.

echo "$PATH" | tr ':' '\n'

If it lacks '/sbin' and '/usr/sbin', add them (bash syntax).

declare -x PATH="$PATH:/sbin:/usr/sbin"

Set password for user 'root' using 'passwd' command.

passwd

Update the system using 'apt'.

apt update

      apt upgrade

Install locales.

apt install locales

Select your locale settings by running 'dpkg-reconfigure locales' command.

dpkg-reconfigure locales

Select your time zome settings by running 'dpkg-reconfigure tzdata' command.

dpkg-reconfigure tzdata

Install Linux kernel, sudo, network-manager.

apt install linux-image-amd64 sudo network-manager

Set the hostname by editing /etc/hostname. It must contain one line with one word in it. Default is 'debian'. Then add your hostname to /etc/hosts.

nano /etc/hostname

      nano /etc/hosts

Example of /etc/hosts:

127.0.0.1	localhost
127.0.1.1	yourhostname
::1		localhost ip6-localhost ip6-loopback
ff02::1		ip6-allnodes
ff02::2		ip6-allrouters

Make sure that the file '/etc/initramfs-tools/conf.d/resume' exists and points to the swap partition.

cat /etc/initramfs-tools/conf.d/resume

      RESUME=UUID=cde70597-9144-4456-ac81-04e21060928e

Install 'grub2' bootloader, then update it's configuration.

apt install grub-efi-amd64

      grub-install --target=x86_64-efi --force-extra-removable /dev/sdb

      update-initramfs -u

      update-grub

The '--force-extra-removable' parameter is required to make removable USB drive bootable. It will create /boot/efi/EFI/BOOT/ directory with files bootx64.efi, fbx64.efi, grub.cfg, grubx64.efi in it. The UEFI firmware will look for /boot/efi/EFI/BOOT/bootx64.efi file on the removable media during the boot process of the computer.

You will need to reinstall 'grub2' with '--force-extra-removable' parameter after every kernel upgrade to update the /boot/efi/EFI/BOOT/ directory.

grub-install --target=x86_64-efi --force-extra-removable /dev/sdb

      update-initramfs -u

      update-grub

On cheap motherboards it is possible that UEFI firmware will only boot from /boot/efi/EFI/MICROSOFT/BOOT/bootmgfw.efi, which is a location of Windows boot manager. In that case you need to copy contents of /boot/efi/EFI/BOOT/ to /boot/efi/EFI/MICROSOFT/BOOT/ and rename bootx64.efi to bootmgfw.efi. The FAT32 filesystem is case-insensitive, in your case it may be /boot/efi/efi/boot/, BOOTX64.EFI, or any combination of the above. If your motherboard boots only from /boot/efi/EFI/MICROSOFT/BOOT/bootmgfw.efi file, you will have to complete this procedure every time the kernel gets upgraded.

mkdir -p /boot/efi/EFI/MICROSOFT/BOOT/

      cd /boot/efi/EFI/MICROSOFT/BOOT/

      cp /boot/efi/EFI/BOOT/* ./

      cp bootx64.efi bootmgfw.efi

      cd /

Exit chrooted environment using 'exit' command.

exit

Unmount the /mnt

Change swap back to your computer's drive. In my case it's /dev/sda3.

swapon /dev/sda3

      swapoff /dev/sdb2

Unmount the virtual filesystems.

umount /mnt/run

      umount /mnt/sys

      umount /mnt/proc

      umount /mnt/dev/pts

      umount /mnt/dev

Unmount physical filesystems.

umount /mnt/boot/efi/

      umount /mnt

Exit from root's shell.

exit

Booting from USB stick

Read you motherboard's manual to find which key will launch the 'Boot menu' during system boot. Usually it's F8 or F12.

Reboot your computer while having USB stick connected to it, during boot sequence in the beginning rapidly press the boot key (F8 in my case) to launch the 'Boot menu'. Using arrow keys on the keyboard, navigate to your USB device menu entry. If you have 'Legacy mode' enabled, select the entry with 'UEFI:' text in it. If everything was done correctly, you'll be booting into Debian 11 that is located on your USB stick.

Adding user and installing graphical environment

Login as 'root' user. To add user with administrative priviledges, use 'useradd' command, set user's password using 'passwd' command.

/usr/sbin/useradd -m -G sudo -s /usr/bin/bash -c 'Full Name' username

      passwd username

Install graphic environment.

apt install xorg

Install login manager and desktop environment.

apt install lightdm xfce4 xfce4-goodies xfce4-power-manager gvfs-backends gvfs-fuse

Reboot using 'reboot' command.

reboot

During booting process in the beginning rapidly press the boot key (F8 in my case) to launch the 'Boot menu'. Boot from USB stick in UEFI mode, on the graphical login screen enter your user name and password.

If the graphical login manager did not lauch, enable it using 'systemctl' command.

sudo systemctl enable lightdm

      sudo systemctl start lightdm

Install other programs:

sudo apt install firefox-esr evolution libreoffice gimp mupdf

      …