Forked from mattiaslundberg/arch-linux-install
Last active
February 15, 2022 19:58
-
-
Save maykonchagas/ddd570a1530b209777923c9ba66413d4 to your computer and use it in GitHub Desktop.
Minimal instructions for installing arch linux on an UEFI system with full system encryption using dm-crypt and luks
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| # Install ARCH Linux with encrypted file-system and UEFI | |
| # The official installation guide (https://wiki.archlinux.org/index.php/Installation_Guide) contains a more verbose description. | |
| ## Download the archiso image from https://www.archlinux.org/ | |
| ## Copy to a usb-drive | |
| $ dd if=archlinux.img of=/dev/sdX bs=16M && sync # on linux | |
| # Boot from the usb. If the usb fails to boot, make sure that secure boot is disabled in the BIOS configuration. | |
| ## Set brazilian portuguese keymap | |
| loadkeys br-abnt2 | |
| ## Create partitions | |
| $ cgdisk /dev/sdX | |
| 1 100MB EFI partition # Hex code ef00 | |
| 2 100% size partiton # (to be encrypted) Hex code 8300 | |
| $ mkfs.vfat -F32 /dev/sdX1 | |
| ## Setup the encryption of the system | |
| $ cryptsetup -v --type luks --cipher aes-xts-plain64 --key-size 512 --hash sha512 --iter-time 5000 --use-random --verify-passphrase luksFormat /dev/sdX2 | |
| cryptsetup luksOpen /dev/sdX2 archie | |
| ## Create encrypted partitions | |
| ## This creates one partions for root, modify if /home or other partitions should be on separate partitions | |
| $ pvcreate /dev/mapper/archie | |
| $ vgcreate ecnryptd /dev/mapper/archie | |
| $ lvcreate --size 1G encryptd --name swap | |
| $ lvcreate --size 96G encryptd --name root | |
| $ lvcreate -l +100%FREE encryptd --name home | |
| ## Create filesystems on encrypted partitions | |
| $ mkfs.ext4 /dev/mapper/encryptd-root | |
| $ mkfs.ext4 /dev/mapper/encryptd-home | |
| $ mkswap /dev/mapper/encryptd-swap | |
| ## Mount the new system | |
| $ mount /dev/mapper/encryptd-root /mnt # /mnt is the installed system | |
| $ swapon /dev/mapper/encryptd-swap # Not needed but a good thing to test | |
| $ mkdir /mnt/boot | |
| $ mount /dev/sdX1 /mnt/boot | |
| # Install the system also includes stuff needed for starting wifi when first booting into the newly installed system | |
| # Unless vim and zsh are desired these can be removed from the command | |
| pacstrap /mnt base base-devel linux linux-firmware mkinitcpio cryptsetup lvm2 zsh vim git efibootmgr dialog wpa_supplicant | |
| # 'install' fstab | |
| $ genfstab -pU /mnt >> /mnt/etc/fstab | |
| ## Make /tmp a ramdisk (add the following line to /mnt/etc/fstab) | |
| $ tmpfs /tmp tmpfs defaults,noatime,mode=1777 0 0 # Change relatime on all non-boot partitions to noatime (reduces wear if using an SSD) | |
| ## Enter the new system | |
| $ arch-chroot /mnt /bin/bash | |
| ## Setup system clock | |
| $ ln -s /usr/share/zoneinfo/America/Sao_Paulo /etc/localtime | |
| $ hwclock --systohc --utc | |
| # Set the hostname | |
| $ echo $MYHOSTNAME > /etc/hostname # choose an hostname and change on MYHOSTNAME variable | |
| ## Update locale | |
| $ echo LANG=pt_BR.UTF-8 >> /etc/locale.conf | |
| $ echo LANGUAGE=pt_BR >> /etc/locale.conf | |
| $ echo LC_ALL=C >> /etc/locale.conf | |
| ## Set password for root | |
| $ passwd | |
| # Add real user remove -s flag if you don't whish to use zsh | |
| $ useradd -m -g users -G wheel -s /bin/zsh MYUSERNAME | |
| $ passwd MYUSERNAME | |
| # Configure mkinitcpio with modules needed for the initrd image | |
| $ vim /etc/mkinitcpio.conf | |
| ## Add 'ext4' to MODULES | |
| MODULES=(ext4) | |
| ## Add 'encrypt' and 'lvm2' and 'keymap' to HOOKS before filesystems | |
| HOOKS=(base udev autodetect modconf block encrypt lvm2 keymap filesystems keyboard fsck) | |
| # Regenerate initrd image | |
| mkinitcpio -p linux | |
| # Setup systemd-boot (bootctl) | |
| `bootctl --path=/boot/ install` | |
| Create bootloader. Edit `/boot/loader/loader.conf`. Replace the file's contents with: | |
| ``` | |
| default arch | |
| timeout 3 | |
| editor 0 | |
| ``` | |
| The editor 0 ensures the configuration can't be changed on boot. | |
| Next create a bootloader entry in /boot/loader/entries/arch.conf | |
| ``` | |
| title Arch Linux | |
| linux /vmlinuz-linux | |
| initrd /initramfs-linux.img | |
| options cryptdevice=UUID={UUID}:encryptd root=/dev/volume/root quiet rw | |
| ``` | |
| Replace {UUID} with the UUID of /dev/sda2ornvme0n1p2. In order to get the UUID run the following command: | |
| `blkid` | |
| Or, while stil in vim, run the following command (replacing /dev/sda2 with the relevant partition): | |
| `:read ! blkid /dev/sda2` | |
| # Exit new system and go into the cd shell | |
| exit | |
| # Unmount all partitions | |
| umount -R /mnt | |
| swapoff -a | |
| # Reboot into the new system, don't forget to remove the cd/usb | |
| reboot | |
| ## Broken configuration | |
| If something went go wrong you need to open the LVM VG | |
| cryptsetup luksOpen /dev/nvme0n1p2 arch | |
| vgscan --mknodes | |
| vgchange -ay | |
| lvscan | |
| # Post-installation | |
| ## Install i3 | |
| pacman -S dialog wpa_supplicant openssl xorg xorg-xinit xorg-server lightdm lightdm-gtk-greeter i3-gaps | |
| ### Create xinitrc | |
| `exec i3` | |
| ## Install nvidia-drivers | |
| pacman -S nvidia nvidia-utils nvidia-settings |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment