-
-
Save softmoth/1388e99bc718fd7414ac0c6787d711cd to your computer and use it in GitHub Desktop.
Minimal instructions for installing arch linux on an UEFI system with full system encryption using dm-crypt and luks
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
# Install ARCH Linux with encrypted file-system and EFI on 8,2 MacBook. | |
# The official installation guide contains a more verbose description: | |
# https://wiki.archlinux.org/index.php/Installation_Guide | |
# Resize "Macintosh HD" to make room for Linux. This works live, including with | |
# whole-disk encryption (WDE, FileVault). Ensure backups are current, of course, | |
# before proceeding | |
diskutil list | |
diskutil cs list | |
# Ensure all data will fit in 250G, with some to spare! | |
# Optional SHARE partition that OS X & Linux both can use | |
diskutil cs resizeStack THE-MACINTOSH_HD-UUID 250G \ | |
fat32 BOOT 200M \ | |
fat32 SHARE 32G \ | |
free Linux 0 | |
# Use the SHARE directory to pre-populate packages, etc. | |
# Make sure this matches the 32G SHARE partition | |
diskutil mount disk0s3 | |
# Download from AUR: broadcom-wl-dkms, cower, pacaur | |
# This is not really sufficient, too many dependencies to handle this way, so a | |
# hard-wired connection really is best to bootstrap | |
git clone --depth 1 https://aur.archlinux.org/cower.git | |
git clone --depth 1 https://aur.archlinux.org/pacaur.git | |
git clone --depth 1 https://aur.archlinux.org/broadcom-wl-dkms.git | |
cd /; diskutil unmount /Volumes/SHARE | |
# Download the archiso image from https://www.archlinux.org/ | |
# Copy to a usb-drive | |
sudo dd if=archlinux.img of=/dev/sdX bs=16M | |
diskutil eject /dev/sdX | |
# Boot from the usb (hold down Option as soon as it restarts) | |
# Swap Caps Lock and Control on the console | |
loadkeys us ctrl | |
# TODO Get broadcom-wl-dkms installed from AUR | |
ip link # Identify what interfaces are available | |
dhcpcd $INTERFACE # Get IP address (e.g., for USB tethered from phone) | |
modprobe wl | |
# This assumes a wifi only system... | |
wifi-menu | |
#ip link set wlp3s0 down # If it needs to be reset | |
# Create partitions | |
fdisk -l # Identify device | |
cgdisk /dev/sdX | |
# Change Linux partition type to 8300 | |
# Setup the encryption of the system; sdXY is the linux partition (e.g., sda6) | |
cryptsetup -y --use-random luksFormat /dev/sdXY | |
cryptsetup luksOpen /dev/sdXY luks | |
# Create encrypted partitions | |
# This creates one partions for root, modify if /home or other partitions should be on separate partitions | |
pvcreate /dev/mapper/luks | |
vgcreate vg0 /dev/mapper/luks | |
lvcreate --size 16G vg0 --name swap | |
lvcreate -l +100%FREE vg0 --name root | |
# Create filesystems on encrypted partitions | |
mkfs.ext4 /dev/mapper/vg0-root | |
# Disable journal, may help USB stick longevity | |
#tune2fs -O ^has_journal /dev/mapper/vg0-root | |
mkswap /dev/mapper/vg0-swap | |
# Mount the new system | |
mount /dev/mapper/vg0-root /mnt # /mnt is the installed system | |
swapon /dev/mapper/vg0-swap # Not needed but a good thing to test | |
mkdir /mnt/boot | |
# This is the 200M HFS+ partition | |
mount /dev/sdX4 /mnt/boot | |
mount -o remount,force,rw /mnt/boot | |
# Install the system also includes stuff needed for starting wifi when first booting into the newly installed system | |
# Unless vim and zsh are desired these can be removed from the command | |
pacstrap /mnt base base-devel grub-efi-x86_64 unzip linux-headers wpa_supplicant zsh vim | |
# 'install' fstab | |
genfstab -pU /mnt >> /mnt/etc/fstab | |
# Make /tmp a ramdisk (add the following line to /mnt/etc/fstab) | |
tmpfs /tmp tmpfs defaults,noatime,mode=1777 0 0 | |
# Ensure /share is listed, too | |
# Change relatime on all non-boot partitions to noatime (reduces wear if using an SSD) | |
# Enter the new system | |
arch-chroot /mnt /bin/bash | |
# Setup system clock | |
ln -s /usr/share/zoneinfo/Europe/Stockholm /etc/localtime | |
hwclock --systohc --utc | |
# Set the hostname | |
echo MYHOSTNAME > /etc/hostname | |
# Update locale | |
echo LANG=en_US.UTF-8 >> /etc/locale.conf | |
vi /etc/locale.gen | |
locale-gen | |
# Fix console keymap | |
zcat /usr/share/kbd/keymaps/i386/{qwerty/us.map.gz,include,ctrl.map.gz} > /etc/vconsole.map | |
vi /etc/vconsole.conf # Add the following: | |
KEYMAP=/etc/vconsole.map | |
# Add powerline-fonts-git from AUR | |
FONT=ter-powerline-v16n | |
# Set password for root | |
passwd | |
visudo # Allow wheel group to do any command | |
# Add real user; remove -s flag if you don't wish to use zsh | |
useradd -m -G wheel,input,storage,power,users -s /bin/zsh MYUSERNAME | |
passwd MYUSERNAME | |
# Configure mkinitcpio with modules needed for the initrd image | |
vi /etc/mkinitcpio.conf | |
# Add 'ext4 i915' to MODULES; i915 avoids hang when Xorg run as root | |
# Add 'encrypt' and 'lvm2' to HOOKS before filesystems | |
# Regenerate initrd image | |
mkinitcpio -p linux | |
# Download rEFInd from sf.net/p/refind/files/ | |
mkdir -p /mnt/boot/EFI/BOOT | |
unzip refind-bin-0.10.3.zip | |
cd refind-bin-0.10.3/refind | |
cp refind_x64.efi /boot/EFI/BOOT/BOOTX64.efi | |
cp refind.conf-sample /boot/EFI/BOOT/refind.conf | |
# Copy needed icons/*.png, if rEFInd graphics are desired | |
# Set timeout, textonly, textmode 2, and the menuentry below: | |
vi /boot/EFI/BOOT/refind.conf | |
menuentry "Arch Linux" { | |
icon /EFI/BOOT/icons/os_arch.png | |
volume VOLUME-UUID-FROM-BOOT # diskutil info disk0s4 | |
# Use the Linux kernel as the EFI loader | |
loader vmlinuz-linux | |
initrd initramfs-linux.img | |
# TODO use UUID here? | |
options "rw cryptdevice=/dev/sdXY:luks:allow-discards root=/dev/mapper/vg0-root" | |
} | |
# Exit the chroot, back to the installer shell | |
exit | |
# Unmount all partitions | |
umount -R /mnt | |
swapoff -av | |
# Reboot into the new system, don't forget to remove the cd/usb | |
reboot | |
# First try to get wifi going | |
pacaur -S wpa_actiond connman openssh git | |
pacaur -S xorg-server xorg-xinit | |
pacaur -S ttf-droid lightdm lightdm-gtk-greeter | |
pacaur -S xf86-input-mtrack i3-wm dmenu sakura | |
pacaur -S tmux firefox powerline-fonts | |
cat <<EOF > /etc/X11/xorg.conf.d/10-keyboard.conf | |
Section "InputClass" | |
Identifier "system-keyboard" | |
MatchIsKeyboard "on" | |
Option "XkbOptions" "ctrl:nocaps" | |
EndSection | |
EOF | |
cat <<EOF > /etc/X11/xorg.conf.d/10-mtrack.conf | |
Section "InputClass" | |
MatchIsTouchpad "on" | |
Identifier "Touchpads" | |
Driver "mtrack" | |
EndSection | |
Section "InputClass" | |
MatchIsTouchpad "true" | |
Identifier "Touchpads" | |
Driver "mtrack" | |
#Option "ButtonZonesEnable" "1" | |
Option "ClickFinger1" "1" | |
Option "ClickFinger2" "3" | |
Option "ClickFinger3" "2" | |
Option "IgnorePalm" "1" | |
Option "ScrollDistance" "100" | |
Option "ScrollUpButton" "5" | |
Option "ScrollDownButton" "4" | |
Option "ScrollLeftButton" "7" | |
Option "ScrollRightButton" "6" | |
Option "Sensitivity" "0.8" | |
Option "SwipeDownButton" "0" | |
Option "SwipeUpButton" "0" | |
Option "TapButton1" "1" | |
Option "TapButton2" "3" | |
Option "TapButton3" "2" | |
#Option "TapButton4" "9" | |
Option "ThumbSize" "50" | |
EndSection | |
EOF | |
systemctl enable sshd | |
systemctl enable lightdm # Test 'startx' first |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment