Dual-booting OS X and Ubuntu 16.04 on Macbook Pro 10,1 with Encrypted Root

NOTE: This is for dual-booting OS X 10.11 with Ubuntu 16.04.

Install

Preparation in OS X

Resize OS X partition with Disk Utility.

Download the Ubuntu 16.04 Desktop 64-bit ISO from ubuntu or download whatever flavor you might prefer.

I prefer using dd to create a LiveUSB.

Booting into the live USB

Shut down the Macbook.

Hold the Option (Alt) key, and then press the power button for a couple seconds until you see the menu to choose a startup disk; select the LiveUSB (which will be labelled as EFI).

Ubuntu

Use gparted to create an ext2 partition of 512MB after the third partition, which is the OS X Recovery HD, and an ext4 partition with the remaining free space.

sudo -i # become root
cryptsetup -v --cipher aes-xts-plain64 --key-size 256 -y luksFormat /dev/sda5
cryptsetup luksOpen /dev/sda5 lvm
pvcreate /dev/mapper/lvm
vgcreate vgcrypt /dev/mapper/lvm
lvcreate --extents +100%FREE -n root vgcrypt

mount /dev/mapper/vgcrypt-root /mnt
mkdir /mnt/boot
mount /dev/sda4 /mnt/boot

# Launch the installer with -b flag to skip bootloader installation
ubiquity -b

Choose "Something else", and then mount the newly created ext2 as /boot, and /dev/mapper/vgcrypt as /. Keep FORMAT unchecked.

Choose to 'Continue testing', DO NOT reboot yet.

You will then need to chroot into the new system.

# may need to remount
sudo -i
blkid | grep ^/dev/sda5 # copy the UUID value 

for i in /dev /dev/pts /proc /sys /run; do sudo mount -B $i /mnt$i; done
chroot /mnt

My /etc/fstab looks something like this:

# /etc/fstab: static file system information.
#
# Use 'blkid' to print the universally unique identifier for a
# device; this may be used with UUID= as a more robust way to name devices
# that works even if disks are added and removed. See fstab(5).
#
# <file system> <mount point>   <type>  <options>       <dump>  <pass>
/dev/mapper/vgcrypt-root /               ext4    errors=remount-ro 0       1
# /boot was on /dev/sda4 during installation
UUID=<AUTOMATICALLY-DETERMINED> /boot           ext4    defaults        0       2
# /boot/efi was on /dev/sda1 during installation
UUID=<AUTOMATICALLY-DETERMINED>  /boot/efi       vfat    umask=0077      0       1

create /etc/crypttab:

NOTE I cannot remember whether this was actually necessary. I believe it may only be necessary when you need to mount an encrypted swap.

lvm UUID=c403c024-813c-48c0-8fb9-d7c5f1ddd926 none luks

The UUID is determined from a previous step.

Back in chroot:

update-initramfs -u -k all
lsinitramfs /boot/initrd* | grep cryptsetup

Install bootloader with systemd-boot

DO NOT REBOOT YET.

Outside of the chroot environment, you'll need to mount the EFI System Partition (ESP) which lives on /dev/sda1 to where the newly-installed Ubuntu partition maps the ESP:

# ubuntu Live usb
mount /dev/sda5 /mnt # replace /dev/sda5 with wherever it is you installed Ubuntu
mount /dev/sda1 /mnt/boot/efi # this is where Ubuntu mounts the ESP
chroot /mnt

Then, from within the chroot, copy the kernel and initrd to /boot/efi:

# chroot
cp /boot/* /boot/efi

Create the needed directories.

#chroot
mkdir -p /boot/efi/loader/entries

Then, create /boot/efi/loader/loader.conf with the contents:

default ubuntu
timeout 4

Create a /boot/efi/loader/entries/ubuntu.conf:

title Ubuntu LTS 
linux /vmlinuz-4.4.0-22-generic
initrd /initrd.img-4.4.0-22-generic
options cryptdevice=/dev/sda4:vgcrypt:allow-discards root=/dev/mapper/vgcrypt-root rw quiet splash

Then, finally, install the bootloader and set systemd-boot as the default:

# chroot
bootctl install --path=/boot/efi
efibootmgr -c -d /dev/sda1 -p 1 -l EFI/systemd/systemd-bootx64.efi -L "Linux Boot Manager"

Post-Install

Get WiFi working

You don't need an internet connection to get WiFi to work. Just plug in the LiveUSB you used to install Ubuntu. Once it's mounted, you'll see a folder, /path/to/USB/pool. This is where you can get the drivers.

You'll need to copy pool/main/d/dkms-*.deb and pool/restricted/b/broadcom-*.deb to, say, ~/Desktop.

sudo dpkg -i /path/to/where/you/copied/the/debs/*.deb

This should automatically load the WiFi module.

More stuff

sudo apt install lm-sensors
# Press ENTER until you are asked whether you want to save the configuration.
sudo sensors-detect 

# For power management
sudo apt install tlp

# Change permissions for /usr/local/src
sudo chown -R $USER /usr/local/src
sudo apt install git

# Install mbpfan 
# https://ineed.coffee/3838/a-beginners-tutorial-for-mbpfan-under-ubuntu/
# you will want to modify some settings
cd /usr/local/src
git clone https://github.com/dgraziotin/mbpfan
make
sudo make install
sudo make tests
sudo cp mbpfan.service /etc/systemd/system/
sudo systemctl enable mbpfan.service
sudo systemctl daemon-reload
sudo systemctl start mbpfan.service

# Replace synaptics with xserver-xorg-input-mtrack
# I would not recommend the package that is provided by
# Ubuntu as it is built on an outdated, unmaintained
# version of the driver. 
sudo apt autoremove xserver-xorg-input-synaptics
sudo apt install xserver-xorg-dev libmtdev-dev xutils-dev
cd /usr/local/src
git clone https://github.com/p2rkw/xf86-input-mtrack # this is the new fork
cd xf86-input-mtrack
libtoolize
aclocal
autoconf
automake --add-missing --copy
./configure --with-xorg-module-dir=/usr/lib/xorg/modules/
make
sudo make install
# sudo checkinstall

NVIDIA (optional)

NOTE It is not necessary to install the propriety nvidia drivers, unless you are doing some intensive graphics work that the open-source nouveau driver can't handle as well.

In Additional Drivers, enable nvidia-361. Then run

nvidia-xconfig

You'll then need to reboot.

Notes on Propriety NVIDIA Graphics

• I would stick with text-only boot for Ubuntu (i.e. no splash screen) because it freezes at the prompt for the encrypted volume pass.
• The first time I rebooted after installing NVIDIA drivers, I had a black screen. Had to force shutdown (by pressing the power button for 8 seconds), since I could not switch to a TTY, either. But on the second boot, I was able to proceed.
• ~My laptop ran really hot for the first few uses of Ubuntu 16.04, but cooled down over time. Really odd...~ It runs really hot.
• Take a look at xorg.conf.
• rc.local is necessary to get brightness control to work.

Other tools

Graphics

This machine can run really hot when the discrete GPU, the NVIDIA card, is turned on, even if using the propriety drivers. Since I don't really do any intensive gaming or CUDA programming on this machine and need it to be portable, I keep the discrete GPU off and so use the integrated Intel card.

You do not have to install the nouveau or intel drivers manually, but for reference sake (or in case you need to reinstall them), the packages are xserver-xorg-video-intel and xserver-xorg-video-nouveau.

• systemd-vgaswitcheroo-units Set of scripts to turn off the discrete GPU at boot. NOTE This only works if you are using the open-source, Nouveau drivers rather than the NVIDIA ones.
• gpu-switch Script to switch between Intel and NVIDIA cards. However, requires that you restart your Macbook.

Updating the kernel

If you're using rEFInd as a bootloader, or bootctl (included in systemd), after installation you will need to copy the initrd and vmlinuz files to /boot/efi (where your actual EFI system partition is mounted in Ubuntu):

sudo cp {abi-4.4.8-040408-generic,config-4.4.8-040408-generic,initrd.img-4.4.8-040408-generic,vmlinuz-4.4.8-040408-generic} /boot/efi