diefans · October 5, 2017 07:57
diff --git a/arch-linux-uefi-encrypted-install b/arch-linux-uefi-encrypted-install
 # Install ARCH Linux with encrypted file-system and UEFI
 # The official installation guide (https://wiki.archlinux.org/index.php/Installation_Guide) contains a more verbose description.
 # Based on https://gist.github.com/mattiaslundberg/8620837
 # And based on https://wiki.archlinux.de/title/Anleitung_f%C3%BCr_Einsteiger

 # Download the archiso image from https://www.archlinux.org/
 # Copy to a usb-drive
 dd if=archlinux.img of=/dev/sdX bs=16M && sync # on linux

 # Boot from the usb. If the usb fails to boot, make sure that secure boot is disabled in the BIOS configuration.

 # Set german keymap
 loadkeys de-latin1

 # This assumes a wifi only system...
 wifi-menu

 # Create partitions
 cgdisk /dev/sdX
 1 100MB EFI partition # Hex code ef00
 2 250MB Boot partition # Hex code 8300
 3 100% size partiton # (to be encrypted) Hex code 8300

 mkfs.vfat -F32 /dev/sdX1
 mkfs.ext2 /dev/sdX2

 # Setup the encryption of the system
 cryptsetup -c aes-xts-plain64 -y --use-random luksFormat /dev/sdX3
 cryptsetup luksOpen /dev/sdX3 luks

 # Create encrypted partitions
 # This creates one partions for root and home, modify if /tmp or other partitions should be on separate partitions
 pvcreate /dev/mapper/luks
 vgcreate vg0 /dev/mapper/luks
 lvcreate --size 8G vg0 --name swap
 lvcreate --size 30G vg0 --name root
 lvcreate -l +100%FREE vg0 --name home

 # Create filesystems on encrypted partitions
 mkfs.ext4 /dev/mapper/vg0-root
 mkfs.ext4 /dev/mapper/vg0-home
 mkswap /dev/mapper/vg0-swap

 # Mount the new system 
 mount /dev/mapper/vg0-root /mnt # /mnt is the installed system
 mkdir /mnt/home
 mount /dev/mapper/vg0-home /mnt/home
 swapon /dev/mapper/vg0-swap # Not needed but a good thing to test
 mkdir /mnt/boot
 mount /dev/sdX2 /mnt/boot
 mkdir /mnt/boot/efi
 mount /dev/sdX1 /mnt/boot/efi

 # Edit the mirrorlist to speed up downloading, top ten should be servers near your current location
 nano /etc/pacman.d/mirrorlist
 # Delete one line with Ctrl+K

 # Install the system also includes stuff needed for starting wifi when first booting into the newly installed system
 # Unless vim and zsh are desired these can be removed from the command
 pacstrap /mnt base base-devel grub-efi-x86_64 zsh vim git efibootmgr dialog wpa_supplicant

 # 'install' fstab
 genfstab -pU /mnt >> /mnt/etc/fstab
 # Make /tmp a ramdisk (add the following line to /mnt/etc/fstab)
 tmpfs	/tmp	tmpfs	defaults,noatime,mode=1777	0	0
 # Change relatime on all non-boot partitions to noatime (reduces wear if using an SSD)

 # Enter the new system
 arch-chroot /mnt /bin/bash

 # Setup system clock
 ln -s /usr/share/zoneinfo/Europe/Stockholm /etc/localtime
 hwclock --systohc --utc

 # Set the hostname
 echo MYHOSTNAME > /etc/hostname

 # Set keymap
 echo KEYMAP=de-latin1 > /etc/vconsole.conf

 # Update locale
 echo LANG=en_US.UTF-8 >> /etc/locale.conf
 echo LANGUAGE=en_US >> /etc/locale.conf
 #echo LC_ALL=C >> /etc/locale.conf # not recommended, caused an unicode error in python for me

 # Set password for root
 passwd

 # Add real user
 # useradd -m -g users -G wheel,storage,power -s /bin/bash MYUSERNAME
 # passwd MYUSERNAME

 # Configure mkinitcpio with modules needed for the initrd image
 vim /etc/mkinitcpio.conf
 # Add 'ext4' to MODULES
 # Add 'encrypt' and 'lvm2' to HOOKS before filesystems
 # Add keymap after keyboard but before filesystems
 # MODULES="ext4"
 # HOOKS="base udev autodetect modconf block keyboard keymap encrypt lvm2 filesystems fsck"

 # Regenerate initrd image
 mkinitcpio -p linux

 # Setup grub
 pacman -S grub
 grub-install --target=x86_64-efi --efi-directory=/boot/efi --bootloader-id=arch_grub --recheck
 # In /etc/default/grub edit the line GRUB_CMDLINE_LINUX to GRUB_CMDLINE_LINUX="cryptdevice=/dev/sdX3:luks:allow-discards" then run:
 grub-mkconfig -o /boot/grub/grub.cfg
 mkdir /boot/efi/EFI/boot
 cp /boot/efi/EFI/arch_grub/grubx64.efi /boot/efi/EFI/boot/bootx64.efi
 # If you reboot and Arch is not booting there is a good chance that you have Legacy mode enabled
 # Then reboot, get in the UEFI boot menu and disable Legacy Mode, sometimes it's hard to find the setting but it's somewhere, startpage.com is your friend ;-)

 # Exit new system and go into the cd shell
 exit

 # Unmount all partitions
 umount -R /mnt
 swapoff -a

 # Reboot into the new system, don't forget to remove the cd/usb
 reboot
	# Install ARCH Linux with encrypted file-system and UEFI
	# The official installation guide (https://wiki.archlinux.org/index.php/Installation_Guide) contains a more verbose description.
	# Based on https://gist.github.com/mattiaslundberg/8620837
	# And based on https://wiki.archlinux.de/title/Anleitung_f%C3%BCr_Einsteiger

	# Download the archiso image from https://www.archlinux.org/
	# Copy to a usb-drive
	dd if=archlinux.img of=/dev/sdX bs=16M && sync # on linux

	# Boot from the usb. If the usb fails to boot, make sure that secure boot is disabled in the BIOS configuration.

	# Set german keymap
	loadkeys de-latin1

	# This assumes a wifi only system...
	wifi-menu

	# Create partitions
	cgdisk /dev/sdX
	1 100MB EFI partition # Hex code ef00
	2 250MB Boot partition # Hex code 8300
	3 100% size partiton # (to be encrypted) Hex code 8300

	mkfs.vfat -F32 /dev/sdX1
	mkfs.ext2 /dev/sdX2

	# Setup the encryption of the system
	cryptsetup -c aes-xts-plain64 -y --use-random luksFormat /dev/sdX3
	cryptsetup luksOpen /dev/sdX3 luks

	# Create encrypted partitions
	# This creates one partions for root and home, modify if /tmp or other partitions should be on separate partitions
	pvcreate /dev/mapper/luks
	vgcreate vg0 /dev/mapper/luks
	lvcreate --size 8G vg0 --name swap
	lvcreate --size 30G vg0 --name root
	lvcreate -l +100%FREE vg0 --name home

	# Create filesystems on encrypted partitions
	mkfs.ext4 /dev/mapper/vg0-root
	mkfs.ext4 /dev/mapper/vg0-home
	mkswap /dev/mapper/vg0-swap

	# Mount the new system
	mount /dev/mapper/vg0-root /mnt # /mnt is the installed system
	mkdir /mnt/home
	mount /dev/mapper/vg0-home /mnt/home
	swapon /dev/mapper/vg0-swap # Not needed but a good thing to test
	mkdir /mnt/boot
	mount /dev/sdX2 /mnt/boot
	mkdir /mnt/boot/efi
	mount /dev/sdX1 /mnt/boot/efi

	# Edit the mirrorlist to speed up downloading, top ten should be servers near your current location
	nano /etc/pacman.d/mirrorlist
	# Delete one line with Ctrl+K

	# Install the system also includes stuff needed for starting wifi when first booting into the newly installed system
	# Unless vim and zsh are desired these can be removed from the command
	pacstrap /mnt base base-devel grub-efi-x86_64 zsh vim git efibootmgr dialog wpa_supplicant

	# 'install' fstab
	genfstab -pU /mnt >> /mnt/etc/fstab
	# Make /tmp a ramdisk (add the following line to /mnt/etc/fstab)
	tmpfs /tmp tmpfs defaults,noatime,mode=1777 0 0
	# Change relatime on all non-boot partitions to noatime (reduces wear if using an SSD)

	# Enter the new system
	arch-chroot /mnt /bin/bash

	# Setup system clock
	ln -s /usr/share/zoneinfo/Europe/Stockholm /etc/localtime
	hwclock --systohc --utc

	# Set the hostname
	echo MYHOSTNAME > /etc/hostname

	# Set keymap
	echo KEYMAP=de-latin1 > /etc/vconsole.conf

	# Update locale
	echo LANG=en_US.UTF-8 >> /etc/locale.conf
	echo LANGUAGE=en_US >> /etc/locale.conf
	#echo LC_ALL=C >> /etc/locale.conf # not recommended, caused an unicode error in python for me

	# Set password for root
	passwd

	# Add real user
	# useradd -m -g users -G wheel,storage,power -s /bin/bash MYUSERNAME
	# passwd MYUSERNAME

	# Configure mkinitcpio with modules needed for the initrd image
	vim /etc/mkinitcpio.conf
	# Add 'ext4' to MODULES
	# Add 'encrypt' and 'lvm2' to HOOKS before filesystems
	# Add keymap after keyboard but before filesystems
	# MODULES="ext4"
	# HOOKS="base udev autodetect modconf block keyboard keymap encrypt lvm2 filesystems fsck"

	# Regenerate initrd image
	mkinitcpio -p linux

	# Setup grub
	pacman -S grub
	grub-install --target=x86_64-efi --efi-directory=/boot/efi --bootloader-id=arch_grub --recheck
	# In /etc/default/grub edit the line GRUB_CMDLINE_LINUX to GRUB_CMDLINE_LINUX="cryptdevice=/dev/sdX3:luks:allow-discards" then run:
	grub-mkconfig -o /boot/grub/grub.cfg
	mkdir /boot/efi/EFI/boot
	cp /boot/efi/EFI/arch_grub/grubx64.efi /boot/efi/EFI/boot/bootx64.efi
	# If you reboot and Arch is not booting there is a good chance that you have Legacy mode enabled
	# Then reboot, get in the UEFI boot menu and disable Legacy Mode, sometimes it's hard to find the setting but it's somewhere, startpage.com is your friend ;-)

	# Exit new system and go into the cd shell
	exit

	# Unmount all partitions
	umount -R /mnt
	swapoff -a

	# Reboot into the new system, don't forget to remove the cd/usb
	reboot
No results found