LVM on LUKS Arch installation with systemd-boot

arch_linux_installation.md

Arch Linux Installation

LVM on LUKS Arch installation with systemd-boot

USB

Download Arch Linux

Find out the name of your USB drive with lsblk. Make sure that it is not mounted.

To mount the Arch ISO run the following command, replacing /dev/sdx with your drive, e.g. /dev/sdb. (do not append a partition number, so do not use something like /dev/sdb1):

dd bs=4M if=/path/to/archlinux.iso of=/dev/sdx status=progress && sync

Preparation

Boot from USB disk

Change default font:

setfont sun12x22

Check if running in UEFI mode:

ls /sys/firmware/efi

If there is any content in this folder then you are in UEFI mode.

Check that there is a connection:

ping archlinux.org

Update the system clock:

timedatectl set-ntp true

Lastly to enable mirrors, edit /etc/pacman.d/mirrorlist and locate your geographic region. Uncomment mirrors you would like to use.

Partitioning

Get the name of the disk to format/partition:

lsblk

The name should be something like /dev/sda

First shred the disk using the shred tool:

shred -v -n1 /dev/sdX

Now partition the disk using gdisk:

gdisk /dev/sda

Partition 1 should be an EFI boot partition (code: ef00) of 512MB. Partition 2 should be a Linux LVM partition (8e00). The 2nd partition can take up the full disk or only a part of it. Remember to write the partition table changes to the disk on configuration completion.

Once partitioned you can format the boot partition (the LVM partition needs to be encrypted before it gets formatted)

mkfs.fat -F32 /dev/sda1

Encryption

First modprobe for dm-crypt

modprobe dm-crypt

Now, encrypt the disk:

cryptsetup luksFormat /dev/sda2

Open the disk with the password set above:

cryptsetup open --type luks /dev/sda2 lvm

Check the lvm disk exists:

ls /dev/mapper/lvm

Create a physical volume:

pvcreate /dev/mapper/lvm

Create a volume group:

vgcreate volume /dev/mapper/lvm

Create logical partitions:

lvcreate -L20G volume -n swap
lvcreate -L40G volume -n root
lvcreate -l 100%FREE volume -n home

Format file system on logical partitions:

mkfs.ext4 /dev/mapper/volume-root
mkfs.ext4 /dev/mapper/volume-home
mkswap /dev/mapper/volume-swap

Mount the volumes and file systems:

mount /dev/mapper/volume-root /mnt
mkdir /mnt/home
mount /mnt/boot
mount /dev/mapper/volume-home /mnt/home
mount /dev/sda1 /mnt/boot
swapon /dev/mapper/volume-swap

Installation

Bootstrap base system onto disk using pacstrap:

pacstrap /mnt base base-devel vim

Generate fstab:

genfstab -p /mnt >> /mnt/etc/fstab

chroot into system:

arch-chroot /mnt

Set time locale:

ln -sf /usr/share/zoneinfo/Africa/Johannesburg /etc/localtime

Set clock:

hwclock --systohc

Uncomment en_US.UTF-8 UTF-8 en_US ISO-8859-1 and other needed localizations in /etc/locale.gen. Now run:

locale-gen

Create locale config file:

locale > /etc/locale.conf

Add an hostname:

vim /etc/hostname

Update /etc/hosts to contain::

127.0.1.1   myhostname.localdomain  myhostname

Because we are using disk encryption we have to change the initramfs.

Edit the /etc/mkinitcpio.conf. Look for the HOOKS variable and move keyboard to before the filesystems and add encrypt and lvm2 after keyboard. Like:

HOOKS="base udev autodetect modconf block keyboard encrypt lvm2 filesystems fsck"

Regenerate the initramfs:

mkinitcpio -p linux

Install a bootloader:

bootctl --path=/boot/ install

Create bootloader. Edit /boot/loader/loader.conf. Replace the file's contents with:

default arch
timeout 3
editor 0

The editor 0 ensures the configuration can't be changed on boot.

Next create a bootloader entry in /boot/loader/entries/arch.conf

title Arch Linux
linux /vmlinuz-linux
initrd /initramfs-linux.img
options cryptdevice=UUID={UUID}:volume root=/dev/mapper/volume-root quiet rw

In order to get the UUID run the following command in vim:

:read ! blkid /dev/sda2

Complete

exit chroot:

exit

unmount everything:

umount -R /mnt

and reboot

reboot