LVM on LUKS Arch installation with systemd-boot
Download Arch Linux
Find out the name of your USB drive with lsblk. Make sure that it is not mounted.
To mount the Arch ISO run the following command, replacing /dev/sdx with your drive, e.g. /dev/sdb. (do not append a partition number, so do not use something like /dev/sdb1):
dd bs=4M if=/path/to/archlinux.iso of=/dev/sdx status=progress && syncBoot from USB disk
Change default font:
setfont sun12x22Check if running in UEFI mode:
ls /sys/firmware/efiIf there is any content in this folder then you are in UEFI mode.
Check that there is a connection:
ping archlinux.orgUpdate the system clock:
timedatectl set-ntp trueLastly to enable mirrors, edit /etc/pacman.d/mirrorlist and locate your geographic region. Uncomment mirrors you would like to use.
Get the name of the disk to format/partition:
lsblkThe name should be something like /dev/sda
First shred the disk using the shred tool:
shred -v -n1 /dev/sdXNow partition the disk using gdisk:
gdisk /dev/sdaPartition 1 should be an EFI boot partition (code: ef00) of 512MB. Partition 2 should be a Linux LVM partition (8e00). The 2nd partition can take up the full disk or only a part of it. Remember to write the partition table changes to the disk on configuration completion.
Once partitioned you can format the boot partition (the LVM partition needs to be encrypted before it gets formatted)
mkfs.fat -F32 /dev/sda1First modprobe for dm-crypt
modprobe dm-cryptNow, encrypt the disk:
cryptsetup luksFormat /dev/sda2Open the disk with the password set above:
cryptsetup open --type luks /dev/sda2 archlvCheck the lvm disk exists:
ls /dev/mapper/archlvCreate a physical volume:
pvcreate /dev/mapper/archlvCreate a volume group:
vgcreate archvg /dev/mapper/archlvCreate logical partitions:
lvcreate -L16G archvg -n swap
lvcreate -L30G archvg -n root
lvcreate -l 100%FREE archvg -n homeFormat file system on logical partitions:
mkfs.ext4 /dev/mapper/archvg-root
mkfs.ext4 /dev/mapper/archvg-home
mkswap /dev/mapper/archvg-swapMount the volumes and file systems:
mount /dev/mapper/archvg-root /mnt
mkdir /mnt/home
mount /mnt/boot
mount /dev/mapper/archvg-home /mnt/home
mount /dev/sda1 /mnt/boot
swapon /dev/mapper/archvg-swapCreate mirrorlist:
pacman -Sy reflector
reflector -c "United States" -f 12 -l 12 --verbose --save /etc/pacman.d/mirrorlistBootstrap base system onto disk using pacstrap:
pacstrap /mnt base linux linux-firmware lvm2 sudo vimGenerate fstab:
genfstab -p /mnt >> /mnt/etc/fstabchroot into system:
arch-chroot /mntSet time locale:
ln -sf /usr/share/zoneinfo/America/Chicago /etc/localtimeSet clock:
hwclock --systohcUncomment en_US.UTF-8 UTF-8 en_US ISO-8859-1 and other needed localizations in /etc/locale.gen. Now run:
locale-genCreate locale config file:
locale > /etc/locale.confSet keymap for sd-vconsole:
echo "KEYMAP=us" > /etc/vconsole.confAdd an hostname:
echo "myhostname" > /etc/hostnameUpdate /etc/hosts to contain::
127.0.1.1 myhostname.localdomain myhostname
Because we are using disk encryption we have to change the initramfs.
Edit the /etc/mkinitcpio.conf. Look for the HOOKS variable and move keyboard to before the filesystems and add encrypt and lvm2 after keyboard. Like:
HOOKS=(base systemd autodetect keyboard sd-vconsole modconf block sd-encrypt sd-lvm2 filesystems fsck)
Regenerate the initramfs:
mkinitcpio -p linuxInstall a bootloader:
bootctl --path=/boot/ installCreate bootloader. Edit /boot/loader/loader.conf. Replace the file's contents with:
default arch
timeout 3
editor 0
The editor 0 ensures the configuration can't be changed on boot.
Next create a bootloader entry in /boot/loader/entries/arch.conf
title Arch Linux (Encrypted)
linux /vmlinuz-linux
initrd /initramfs-linux.img
options rd.luks.name={UUID}=archlv root=/dev/mapper/archvg-root quiet rw
In order to get the UUID run the following command in vim:
:read ! blkid /dev/sda2exit chroot:
exitunmount everything:
umount -R /mntand reboot
reboot