Skip to content

Instantly share code, notes, and snippets.

@alvadorn

alvadorn/arch-linux-install.md

Forked from mattiaslundberg/arch-linux-install
Last active June 16, 2020 23:30
Show Gist options

  • Select an option

    Learn more about clone URLs
  • Save alvadorn/3c3e54574ac58249bcc933650b61a187 to your computer and use it in GitHub Desktop.

Select an option

Learn more about clone URLs
Save alvadorn/3c3e54574ac58249bcc933650b61a187 to your computer and use it in GitHub Desktop.
Download ZIP
Minimal instructions for installing arch linux on an UEFI system with full system encryption using dm-crypt and luks
Raw
arch-linux-install.md

Install ARCH Linux with encrypted file-system and UEFI

The official installation guide (https://wiki.archlinux.org/index.php/Installation_Guide) contains a more verbose description.

dd if=archlinux.img of=/dev/sdX bs=16M && sync # on linux

  • Boot from the usb. If the usb fails to boot, make sure that secure boot is disabled in the BIOS configuration.

Set ptbr keymap

loadkeys br-abnt2

Set timedatectl

timedatectl set-ntp true

This assumes a wifi only system...

wifi-menu

Create partitions

cgdisk /dev/sdX

1 256MB EFI partition # Hex code ef00 3 100% size partiton # (to be encrypted) Hex code 8300

mkfs.vfat /dev/sdX1

Setup the encryption of the system

cryptsetup --verbose --cipher aes-xts-plain64 --key-size 512 --hash sha512 --iter-time 5000 --use-random luksFormat /dev/sdX2
cryptsetup luksOpen /dev/sdX3 <name>

Create encrypted partitions

  • This creates one partions for root, modify if /home or other partitions should be on separate partitions
pvcreate /dev/mapper/luks
vgcreate <VG_NAME> /dev/mapper/luks
lvcreate --size 8G <VG_NAME> --name swap
lvcreate -l +100%FREE <VG_NAME> --name root

Create filesystems on encrypted partitions

mkfs.ext4 /dev/mapper/vg0-root
mkswap /dev/mapper/vg0-swap

Mount the new system

mount /dev/mapper/vg0-root /mnt # /mnt is the installed system
swapon /dev/mapper/vg0-swap # Not needed but a good thing to test
mkdir /mnt/boot
mount /dev/sdX2 /mnt/boot

Install the system also includes stuff needed for starting wifi when first booting into the newly installed system

pacstrap /mnt base base-devel linux linux-firmware fish vim inetutils netctl dhcpcd dialog wpa_supplicant btrfs-progs lvm2

'install' fstab

genfstab -pU /mnt >> /mnt/etc/fstab

Make /tmp a ramdisk (add the following line to /mnt/etc/fstab)

tmpfs /tmp tmpfs defaults,noatime,mode=1777 0 0

  • Change relatime on all non-boot partitions to noatime (reduces wear if using an SSD)

Enter the new system

arch-chroot /mnt

Setup system clock

ln -s /usr/share/zoneinfo/Europe/Stockholm /etc/localtime hwclock --systohc --utc

Set locale

  • edit /etc/locale.gen and uncomment en_US.UTF-8 then run locale-gen

Set the hostname

echo MYHOSTNAME > /etc/hostname

Update locale

echo LANG=en_US.UTF-8 >> /etc/locale.conf echo LANGUAGE=en_US >> /etc/locale.conf echo LC_ALL=C >> /etc/locale.conf

Set password for root

passwd

Add real user remove -s flag if you don't whish to use zsh

useradd -m -g users -G wheel -s /bin/zsh MYUSERNAME passwd MYUSERNAME

Configure mkinitcpio with modules needed for the initrd image

vim /etc/mkinitcpio.conf

  • Add 'btrfs' to MODULES
  • Add 'encrypt' and 'lvm2' to HOOKS before filesystems

Regenerate initrd image

mkinitcpio -p linux

Setup systemd-boot

bootctl --path=/boot install

edit /boot/loader/loader.conf and insert

default arch-*
timeout 3
editor 0

create a file on: /boot/loader/entries/arch.conf

insert this

title	Arch Linux
linux	/vmlinuz-linux
initrd	/initramfs-linux.img
options cryptdevice=UUID=<Your /dev/sda5 UUID>:cryptdisk root=/dev/mapper/arch-root quiet rw

use r! blkid to get uuid

Exit new system and go into the cd shell

exit

Unmount all partitions

umount -R /mnt
swapoff -a

Reboot into the new system, don't forget to remove the cd/usb

reboot

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment