At the end of this post we should have a running Arch linux box with the following characteristcs.
- UEFI enabled boot.
- Encrypted LVM volume.
Table of contents
- Istallation media
- Blank Screen
- Set the keyboard layout
- UEFI mode
- Connect to the internet
- Update the system clock
- Prepare the storage devices
- Encrypting
- Setting up the LVM
- Installing Arch
- Configure the network
- Users and passwords
- Reboot
Istallation media
Specific information about how to generate the installation from different platforms can be found in the arch official wiki
Usb stick on Linux
Find out the name of the usb.
lsblk
Use the dd comand to copy the arch linux iso image to your usb stick. Replace /dev/sdx by your usb drive - i.e: /dev/sdc - without the partition number.
dd bs=4M if=<path-to-iso-file> of=/dev/sdx status=progress && sync
Blank screen
If you get a blank screen after booting you will need to pass nomodeset to the kernel.
Syslinux
Press tab when the menu shows up and add the nomodeset ad the end of the string. The following strings are just to ilustrate the end result.
linux /boot/vmlinuz-linux root=/dev/sda3 initrd=/boot/initramfs-linux.img nomodeset
systemd-boot
Press e when the menu shows up and add the nomodeset ad the end of the string
initrd=\initramfs-linux.img root=/dev/sda2 nomodeset
grub
Press e when the menu shows up and add the nomodeset ad the end of the string
linux /boot/vmlinuz-linux root=UUID=978e3e81-8048-4ae1-8a06-aa727458e8ff nomodeset
Set the keyboard layout
You can change the keyboard layout if don’t use the default layout - qwerty.
# list of available layouts
localectl list-keymaps
# if you use dvorak
loadkeys dvorak
UEFI mode
To verify you are booted in UEFI mode, check that the following directory is populated.
ls /sys/firmware/efi/efivars
Connect to the internet
Find you wifi interface.
ip link
Configure the wifi connection using the wifi-menu.
wifi-menu -o <name-of-wifi-interface>
Update the system clock
Use systemd-timesyncd to ensure that your system clock is accurate.
timedatectl set-ntp true
Prepare the storage devices
Wipe your entire disk. This can take a long time depending on the size of the disk.
Use the lsblk command to find the name of the disc before using this command.
dd if=/dev/zero of=/dev/sdx iflag=nocache oflag=direct bs=4096
Make sure dm-mod and dm_crypt modules are loaded.
modprobe -a dm-mod dm_crypt
Run parted to open the device whose partition table must be created.
parted /dev/sdx
Create the required EFI System Partition.
# 512MiB is suggested by arch documentation.
mkpart ESP fat32 1MiB 513MiB
set 1 boot on
Create the LVM partition.
mkpart primary ext4 513MiB 100%
set 2 lvm on
Quit parted.
quit
Format the EFI System Partition.
# use lsblk /dev/<disc-name> to find the partition number.
mkfs.fat -F32 /dev/sdx1
Encrypting
We will use cryptsetup to encrpyt our lvm partition.
# -v = verbose
# -y = verify password, ask twice, and complain if they don’t match
# -c = specify the cipher used
# -s = specify the key size used
# -h = specify the hash used
# -i = number of milliseconds to spend passphrase processing
# –use-random = which random number generator to use
# luksFormat = to initialize the partition and set a passphrase
# /dev/sda2 = the partition to encrypt (this is just an ilustration.)
cryptsetup -v -y -c aes-xts-plain64 -s 512 -h sha512 -i 5000 --use-random luksFormat /dev/sda2
Save the header information of the LUKS device.
cryptsetup luksDump /dev/sda2 > /tmp/luksDump.txt
Open the LUKS device so we can setup the LVM on it.
# mounts the device at /dev/mapper/crypto
cryptsetup luksOpen /dev/sda2 crypto
Setting up the LVM
Create a physical volume on /dev/mapper/crypto
pvcreate /dev/mapper/crypto
Create a volume group called vgroup00 but you can name it whatever you want.
vgcreate vgroup00 /dev/mapper/crypto
Create the logical volumes.
- lvolswap will be our swap partition.
- lvolroot will be our / partition.
- lvolhome will be our /home partition.
lvcreate -C y -L 8GB vgroup00 -n lvolswap
lvcreate -L 100GB vgroup00 -n lvolroot
lvcreate -l +100%FREE vgroup00 -n lvolhome
Scan the volume groups and import any changes.
vgscan
vgchange -ay
Create the filesystem on each logical volume.
mkswap /dev/mapper/vgroup00-lvolswap
mkfs.ext4 /dev/mapper/vgroup00-lvolroot
mkfs.ext4 /dev/mapper/vgroup00-lvolhome
Prepare the newly created filesystems to receive Arch.
swapon /dev/mapper/vgroup00-lvolswap
mount /dev/mapper/vgroup00-lvolroot /mnt
mkdir -p /mnt/boot
mount /dev/sda1 /mnt/boot
mkdir /mnt/home
mount /dev/mapper/vgroup00-lvolhome /mnt/home
Installing Arch
Refresh the package list.
pacman -Syy
Use pacstrap to install the base-system. You will have to press enter twice to confirm the installation of all packages. One when asked to confirm the packages from the base group and another to when asked about the packages for the base-devel group.
pacstrap -i /mnt base base-devel
Generate the fstab file.
genfstab -U /mnt > /mnt/etc/fstab
Change root.
arch-chroot /mnt /bin/bash
Set the locale.
Uncomment your preferred encoding from the /etc/locale.gen file, generate the locales, and create the /etc/locale.conf file.
vi /etc/locale.gen
locale-gen
# replace en_US.UTF-8 by the encoding you uncommented in /etc/locale.gen file
echo LANG=en_US.UTF-8 > /etc/locale.conf
export LANG=en_US.UTF-8
Set the time.
tzselect
# Zeno/Subzone is the value from tzselect
ln -s /usr/share/zoneinfo/Zone/SubZone /etc/localtime
hwclock --systohc --utc
Regenerate Initramfs.
Edit the etc/mkinitcpio.conf as follows:
vi /etc/mkinitcpio.conf
# before
HOOKS="base udev autodetect modconf block filesystems keyboard fsck"
# after
HOOKS="base udev autodetect modconf block keyboard encrypt lvm2 filesystems fsck"
The hooks keymap, encrypt, lvm2, and resume need to come between block and filesystems. The shutdown hook is after the filesystems entry.
mkinitcpio -p linux
Install the bootloader.
# pacman -S intel-ucode is only necessary if you have an Intel CPU.
pacman -S intel-ucode
bootctl install
Edit the /boot/loader/loader.conf
default arch-encrypted
timeout 4
editor 0
Note: the default value is the name of the entry you want to use as default. In our case it will be arch-encrypted-nomodeset or arch-encrypted.
Create a file called /boot/loader/entries/arch-encrypted-nomodeset.conf with the following content to add a boot entry.
title Arch Linux (Encrypted - Nomodeset)
linux /vmlinuz-linux
initrd /initramfs-linux.img
options cryptdevice=UUID=<DEV_UUID>:vgroup00 root=UUID=<LVM_VOL_UUID> quiet rw nomodeset
Note: nomodeset is only necessary if you have the blank screen issue.
Note: If you have an Intel video card and you want to use the xf86-video-intell driver you must not use the nomodeset. You can set GDM and create the arch-encrypted.conf as follows:
Note: DEV_UUID is the UUID of the device containing the LUKS partition. LVM_VOL_UUID is the UUID of the LVM root volume. You can get those UUIDs using the command blkid.
title Arch Linux (Encrypted)
linux /vmlinuz-linux
initrd /initramfs-linux.img
options cryptdevice=/dev/sda2:vgroup00 root=UUID=<UUID> quiet rw
Note: By creating the two files if something goes wrong with one setting you can just reboot and choose the other one in the boot loader.
Configure the network
Set the hostname.
# replace Arch by a name of your preference.
echo Arch > /ect/hostname
Change the /etc/hosts file.
# replace#
# /etc/hosts: static lookup table for host names
#
#\<ip-address> \<hostname.domain.org> \<hostname>
127.0.0.1 localhost.localdomain localhost Arch
::1 localhost.localdomain localhost Arch
# End of file Arch by a name of your preference.
echo Arch > /ect/hostname
Install the necessary packages to configure the wireless connection.
pacman -S iw wpa_supplicant dialog
Users and passwords
Set the root password.
passwd
Create a user for you.
# replace username by your username.
useradd -m -g users -s /bin/bash username
passwd username
Reboot
Run the following commands and then remove the USD stick from the computer.
exit
umount -R /mnt
reboot