Featured image of post Arch Linux install guide (UEFI + encrypted LVM)
Linux

Arch Linux install guide (UEFI + encrypted LVM)

Introduction

This is my own guide for installing Arch Linux on bare metal machine with UEFI, encrypted LVM and separate /home partition.

Steps

First you need to create and boot the installation media on your PC, as the result you will boot into plain console.

Increase font size

As most modern laptops/PCs have large resolution displays I recommend increasing the font size:

setfont ter-132b

Setup the internet connection

In this example I have a laptop with Wi-Fi modem, so I’ll be using iwd to setup the internet connection.

Run iwd:

iwctl

View a list of Wi-Fi adapters:

device list

Usually you should see one Wi-Fi device in output, in my case it is wlan0

Then if you know the station SSID and password, simply connect to the station, and don’t forget to replace {SSID} with your actual value:

station wlan0 connect {SSID}

Then exit the iwctl by typing exit, then do the ping 8.8.8.8 to ensure you are connected to the internet.

Synchronize system clock

timedatectl set-ntp true

Partition your disk

In my case I want to have separate root, /boot and /home partitions, moreover / and /home should be encrypted by LVM and be in the same volume group.

Detect your drive

First, we need to know what device to user, to view the disk devices use:

fdisk -l

In my case it is the NVMe SSD drive /dev/nvme0n1.

Partitioning

Next, use gdisk /dev/nvme0n1 to create partitions with this layout:

  • /dev/nvme0n1p1 - at least 512M - type EF00 - EFI System Partition
  • /dev/nvme0n1p2 - rest of disk - type 8309 - LUKS

Format the physical partitions

  1. EFI Partition
mkfs.vfat -F 32 /dev/nvme0n1p1
  1. LUKS Encrypted partition
cryptsetup luksFormat /dev/nvme0n1p2

Create volume group and logical volumes

First, open the encrypted container:

cryptsetup luksOpen /dev/nvme0n1p2 luks

As the result the encrypted partition is mounted at /dev/mapper/luks.

Next, treat /dev/mapper/luks as an LVM PV and create your volumes. In my case are like:

  • Volume Group vg0
    • Logical Volume lv_root - Probably at least 20G, I use 75G
    • Logical Volume lv_swap - Optional, maybe not desirable if you have an SSD
    • Logical Volume lv_home - Rest of the space

The commands to achieve this:

1
2
3
4
5

pvcreate /dev/mapper/luks
vgcreate vg0 /dev/mapper/luks
lvcreate -L 75G -n lv_root vg0
lvcreate -L 16G -n lv_swap vg0
lvcreate -l100%FREE -n lv_home vg0

Format the logical volumes

I will use ext4 filesystems for my setup, here you can use something different (like btrfs).

To format root and home partitions in ext4:

1
2

mkfs.ext4 /dev/vg0/lv_root
mkfs.ext4 /dev/vg0/lv_home

To format the swap partition and enable it:

1
2

mkswap /dev/vg0/lv_swap
swapon /dev/vg0/lv_swap

Mount the partitions

This step is required to mount the created partitions and install the Arch Linux system there. All the filesystems should be mounted considering /mnt as a root filesystem for the future installed system.

1
2
3

mount --mkdir /dev/vg0/lv_root /mnt
mount --mkdir /dev/vg0/lv_home /mnt/home
mount --mkdir /dev/nvme0n1p1 /mnt/boot

Install the base system

pacstrap -K /mnt base base-devel linux linux-firmware linux-headers

Generate the fstab file

genfstab -U /mnt >> /mnt/etc/fstab

Chroot into your system

arch-chroot /mnt

Generate locale

Uncomment en_US.UTF-8 UTF-8 and other needed locales in file /etc/locale.gen.

Then generate locales:

locale-gen

To set the system locale:

echo "LANG=en_US.UTF-8" > /etc/locale.conf

Setup the hostname

This is actually the analog of computer name in Windows, in my case I will name it thinkpad.

echo "thinkpad" > /etc/hostname

Also add the default values to the /etc/hosts file:

1
2
3
4

# Static table lookup for hostnames.
# See hosts(5) for details.
127.0.0.1 localhost
::1 localhost

Setup TimeZone

My timezone is Europe/Kiev, so in my case this sumlink should be created:

ln -s /usr/share/zoneinfo/Europe/Kiev /etc/localtime

And also I recommend switch the BIOS hardware clock to UTC:

hwclock --systohc --utc

Setup initramfs

Install the lvm2 package:

pacman -S lvm2

Edit the /etc/mkinitcpio.conf file and insert hooks encrypt and lvm2 strictly in this order between the block and filesystems hooks like this:

HOOKS=(base udev ... block encrypt lvm2 filesystems)

Then re-generate the initramfs:

mkinitcpio -P

Create a user and credntials

First it is recommended to change the root user password:

passwd root

Then install sudo package to allow your user grant privileges:

pacman -S sudo

Then edit the sudoers file:

sudo EDITOR=nano visudo

And uncomment the line %wheel ALL=(ALL:ALL) ALL and save the file.

Create a user, change the password and add it to the necessary groups:

1
2
3

useradd -m shifthackz
passwd shifthackz
usermod -aG wheel,audio,video,storage shifthackz

Install the needed packages and desktop environment

This is optional step and you may do the same after install, but I’d like to be able to use the DE straigt after install.

In this example I will install Gnome DE (on Wayland and PipeWire) with NetworkManager.

pacman -S gnome networkmanager gnome pipewire \
 pipewire-alsa pipewire-pulse pipewire-jack \
 wireplumber bluez bluez-utils

Then start the needed services by default

1
2
3

systemctl enable NetworkManager
systemctl enable gdm
systemctl enable bluetooth

Install the bootloader

I will use systemd-boot as my bootloader, to install it, run:

bootctl install

Then create the bootloader config at /boot/loader/loader.conf containing this:

1
2
3
4

default @saved
timeout 3
console-mode max
editor no

To load your CPU microcode early at bootloader install amd-ucode or intel-ucode package, in my case I have Intel CPU, so command is:

pacman -S intel-ucode

Then detect the UUID of your LVM encrypted partition (in my case /dev/nvme0n1p2):

blkid /dev/nvme0n1p2

Then create the boot entry for your Arch Linux system at /boot/loader/entries/arch.conf, make sure to replace the UUID and correct root partition in the options parameter:

1
2
3
4
5

title Arch Linux
linux /vmlinuz-linux
initrd /intel-ucode.img
initrd /initramfs-linux.img
options cryptdevice=UUID=b574960c-1d6a-4363-bd8a-0e7345f23e06:luks root=/dev/vg0/lv_root rw

Finally check the bootctl and validate that the config is correct in bootctl list.

Reboot to your new system

To reboot you need:

  • type exit to exit the chroot shell.
  • then do umount -R /mnt to unmount your partitions.
  • finally type reboot
© 2016 - 2024 | The IT Blog
All rights reserved.