-
Notifications
You must be signed in to change notification settings - Fork 0
Installing Arch Linux with FDE
Felix Auringer edited this page Nov 24, 2020
·
1 revision
- see also the official guide until
Partition the disks ls /sys/firmware/efi/efivars- plug lan cable in
ping archlinux.orgtimedatectl set-ntp true
- plug USB drive in
- create 1G ESP on USB drive
fdisk /dev/<usb>- delete all partitions:
d - use gpt:
g - create 1G EFI partition:
n<enter><enter>+1Gt1 - persist changes:
w
- create filesystem:
mkfs.fat -F32 /dev/<usb>1 - if ESP already existed: copy contents from old ESP to new ESP, delete old ESP
-
/dev/<usb>1is now referred to as/dev/<esp>
- check whether GRUB supports LUKS 2 (checked in 2020/11)
- create luks1 container:
gdisk /dev/<luks disk>- create partition:
n<enter><enter>+<size>G<enter> - persist changes:
w
- create container:
cryptsetup luksFormat --type luks1 /dev/<luks partition> - open container:
cryptsetup open /dev/<luks partition> cryptlvm - create physical volume (LVM):
pvcreate /dev/mapper/cryptlvm - create volume group (LVM): `vgcreate arch /dev/mapper/cryptlvm
- optional more logical volumes:
lvcreate -L <size>G arch -n <label> - use rest of the space for root partition:
lvcreate -l 100%FREE arch -n root - create filesystems for all logical volumes:
mkfs.ext4 /dev/arch/<label>
- see also the official guide
- mount root filesystem:
mount /dev/arch/root /mnt - create directory for ESP:
mkdir /mnt/efi - install arch:
pacstrap /mnt base linux linux-firmware base-devel vim man-db man-pages texinfo lvm2 grub efibootmgr - for all partitions that should automatically be mounted during boot:
- create directories where they should be mounted
- mount them
- create fstab:
genfstab -U /mnt >> /mnt/etc/fstab - mount ESP:
mount /dev/<esp> /mnt/efi - chroot into your new installation:
arch-chroot /mnt
- see also the official guide until
Initramfs
- timezone:
ln -sf /usr/share/zoneinfo/Europe/Berlin /etc/localtime - hardware clock:
hwclock --systohc - edit
/etc/locale.gen:- uncomment
en_US.UTF-8 UTF-8
- uncomment
- generate locales:
locale-gen - set
LANGvariable:echo "LANG=en_US.UTF-8" > /etc/locale.conf - use NTP:
timedatectl set-ntp true
- set hostname:
echo "<hostname>" > /etc/hostname - edit
/etc/hostsand add the following lines:127.0.0.1 localhost <hostname>::1 localhost <hostname>
- install network manager of choice (NetworkManager is only example)
- install NetworkManager:
pacman -S networkmanager - enable NetworkManager:
systemctl enable NetworkManager.service
- install NetworkManager:
- edit
/etc/mkinitcpio.conf:- add
encryptandlvm2inHOOKSafterblockandkeyboardand beforefsck
- add
- generate initramfs:
mkinitcpio -P
- find out UUID of partition of
cryptlvmwithblkid - edit
/etc/default/gruband change the following lines:GRUB_ENABLE_CRYPTODISK=yGRUB_CMDLINE_LINUX="... cryptdevice=UUID=<UUID>:cryptlvm root=/dev/arch/root ..."
- install Grub on ESP:
grub-install --removable --target=x86_64-efi --efi-directory=/efi --bootloader-id=grub --boot-directory=/efi --recheck - generate grub config:
grub-mkconfig -o /efi/grub/grub.cfg - configure uefi using
efibootmgr:- use
\\as separators in paths - create:
efibootmgr --create --disk <esp> --part <esp> --loader <path to .efi> --label <label> - delete:
efibootmgr -b <hex> -B - order:
efibootmgr -o <hex1>,<hex2>, ... - verbose:
efibootmgr -v
- use
- set root password:
passwd - leave chroot:
exit - unmount all partitions:
umount -R /mnt - shutdown:
poweroff - remove installation media
- start computer
- create file:
dd if=/dev/zero of=/swapfile bs=1M count=24576 status=progress - set permissions:
chmod 600 /swapfile - convert file to swapfile:
mkswap /swapfile - activate swap:
swapon /swapfile - append to
/etc/fstab:/swapfile none swap sw 0 0
- edit
/etc/mkinitcpio.conf:- add
resumeinHOOKSafterlvm2
- add
- regenerate initramfs:
mkinitcpio -P - determine resume offset:
filefrag -v /swapfile- first entry of physical offset in row ext 0
- edit
/etc/default/gruband change the following line:GRUB_CMDLINE_LINUX="... resume=/dev/arch/root resume_offset=<offset> ..."
- regenerate grub config:
grub-mkconfig -o /efi/grub/grub.cfg
- create keyfile:
dd bs=512 count=4 if=/dev/random of=/root/cryptlvm.keyfile iflag=fullblock - set permissions:
chmod 000 /root/cryptlvm.keyfile - add key to LUKS:
cryptsetup -v luksAddKey /dev/<luks partition> /root/cryptlvm.keyfile - edit
/etc/mkinitcpio.confand change the following line:FILES=(/root/cryptlvm.keyfile)
- regenerate initramfs:
mkinitcpio -P - edit
/etc/default/gruband change the following line:GRUB_CMDLINE_LINUX="... cryptkey=rootfs:/root/cryptlvm.keyfile ..."
- regenerate grub config:
grub-mkconfig -o /efi/grub/grub.cfg
- install basic tools:
pacman -S zsh git openssh wget - add user:
useradd -m -G wheel -s /bin/zsh <username> - change password:
passwd <username> - enable sudo with
EDITOR=vim visudo:- uncomment
%wheel ALL=(ALL) ALL
- uncomment
- logout from root and continue as user
mkdir .clonedcd .clonedgit clone https://aur.archlinux.org/yay.gitcd yaymakepkg -si
Most of my config files in the home directory are in my github dotfiles repository.
A list of all other config files that I edited is in ./other_configs.
- get ssh keys to new machine
git clone --bare [email protected]:felixauringer/dotfiles.git $HOME/.dotfilesgit --git-dir=$HOME/.dotfiles --work-tree=$HOME checkout
- install Oh My Zsh with
sh -c "$(wget https://raw.github.com/ohmyzsh/ohmyzsh/master/tools/install.sh -O -)" - move to correct installation directory:
mv ~/.oh-my-zsh ~/.cloned/oh-my-zsh - install powerlevel10k theme:
git clone --depth=1 https://github.com/romkatv/powerlevel10k.git $HOME/.cloned/oh-my-zsh/custom/themes/powerlevel10k - install font:
yay -S ttf-meslo-nerd-font-powerlevel10k - download Arc icon theme:
git clone https://github.com/horst3180/arc-icon-theme --depth 1 $HOME/.cloned - move icons to expected location:
mkdir -p $HOME/.icons && cp -r $HOME/.cloned/arc-icon-theme/Arc $HOME/.icons