Skip to content

Instantly share code, notes, and snippets.

@michaelrinderle

michaelrinderle/Encrypted Arch Base Install

Forked from mattiaslundberg/arch-linux-install
Last active November 4, 2019 02:43
Show Gist options

  • Select an option

    Learn more about clone URLs
  • Save michaelrinderle/4ba0f66349265870ef169702348e8feb to your computer and use it in GitHub Desktop.

Select an option

Learn more about clone URLs
Save michaelrinderle/4ba0f66349265870ef169702348e8feb to your computer and use it in GitHub Desktop.
Download ZIP
Minimal instructions for installing arch linux on an UEFI system with full system encryption using dm-crypt and luks
Raw
Encrypted Arch Base Install
wifi-menu
cgdisk /dev/nvme0n1
1 - 100MB EFI partition # Hex code ef00
2 - 250MB Boot partition # Hex code 8300
3 - 100% size partiton # (to be encrypted) Hex code 8300
mkfs.vfat -F32 /dev/nvme0n1p1
mkfs.ext2 /dev/nvme0n1p2
cryptsetup -c aes-xts-plain64 -y --use-random luksFormat /dev/nvme0n1p3
cryptsetup luksOpen /dev/nvme0n1p3 luks
pvcreate /dev/mapper/luks
vgcreate vg /dev/mapper/luks
lvcreate --size 8G vg --name swap
lvcreate -l +100%FREE vg --name root
mkfs.ext4 /dev/mapper/vg-root
mkswap /dev/mapper/vg-swap
mount /dev/mapper/vg-root /mnt # /mnt is the installed system
swapon /dev/mapper/vg-swap # Not needed but a good thing to test
mkdir /mnt/boot
mount /dev/nvme0n1p2 /mnt/boot
mkdir /mnt/boot/efi
mount /dev/nvme0n1p1 /mnt/boot/efi
# Unless vim and zsh are desired these can be removed from the command
pacstrap /mnt base base-devel grub-efi-x86_64 zsh git efibootmgr dialog wpa_supplicant dhcpd
mkinitcpio wifi-menu lvm2 linux-hardened linux-firmware neovim
genfstab -pU /mnt >> /mnt/etc/fstab
# /mnt/etc/fstab
tmpfs /tmp tmpfs defaults,noatime,mode=1777 0 0
arch-chroot /mnt /bin/bash
ln -s /usr/share/zoneinfo/America/Chicago /etc/localtime
hwclock --systohc --utc
echo sdc-xxx-01 > /etc/hostname
echo LANG=en_US.UTF-8 >> /etc/locale.conf
echo LANGUAGE=en_US >> /etc/locale.conf
echo LC_ALL=C >> /etc/locale.conf
# Set password for root
passwd
# useradd -m -g users -G wheel -s /bin/zsh MYUSERNAME
# passwd MYUSERNAME
vim /etc/mkinitcpio.conf
# Add 'ext4' to MODULES
# Add 'encrypt' and 'lvm2' to HOOKS before filesystems
mkinitcpio -p linux-hardened
grub-install
# /etc/default/grub edit GRUB_CMDLINE_LINUX="cryptdevice=/dev/nvme0n1p3:luks:allow-discards"
grub-mkconfig -o /boot/grub/grub.cfg
exit
umount -R /mnt
swapoff -a
reboot
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment