create a partition 1M code ef02 (BIOS Boot Partition)
create a partition for luks 8e00 (LVM partition)
b) after partifioning we must build the filesystems on the devices (format partitions) using mkfs
mkfs.ext2 /dev/sdX1 // format bios-boot partition as ext2
mkfs.ext4 /dev/sdX2
mkfs.ext4 /dev/sdX3
mkswap /dev/sdX4
b.1) format encrypted partition
cryptsetup luksFormat -v -s 512 -sha512 /dev/sdX2
cryptsetup luksOpen /dev/sdX2 luks // luks is the device name
/** sudo dmsetup remove /dev/mapper/disk */
b.2) create logical volumes
pvcreate /dev/mapper/luks
vgcreate rootvg /dev/mapper/luks // rootvg is the volume name
lvcreate -n swap -L 5G -C y rootvg
lvcreate -n root -L 20G rootvg
lvcreate -n home -l 100%FREE rootvg
b.3) format the logical volumes
mkfs.ext4 /dev/mapper/rootvg-root
mkfs.ext4 /dev/mapper/rootvg-home
mkswap /dev/mapper/rootvg-swap
gdisk /dev/sdx
1M at the start of partition table
1M bios boot partition
1M at the end of partition table
don't mount boot partition
cryptsetup luksOpen /dev/sdxY luksdisk
vi /etc/mkinitcpio.confMODULES="virtio virtio_blk virtio_pci virtio_net" HOOKS="... block encrypt lvm2 filesystem ..." // encrypt lvm2rebuild the linux-imgmkinitcpio -p linux
configure Grub
pacman -S grub vi /etc/default/grubGRUB_CMDLINE_LINUX_DEFAULT="crtyptdevice=/dev/sda2:mainvg root=/dev/mapper/mainvg-root quiet" GRUB_ENABLE_CRYPTODISK="y"install grubgrub-install --target=i386-pc --recheck /dev/sda grub-mkconfig -o /boot/grub/grub.cfg
exitumount -R /mntshutdown now