I really like to mess about with the operative system configs, with the desktop environment config files etc.
The natural implication of it is that usually I find myself in the unfortunate situation of having broken the system beyond hope of repair. Although that happens quite uncommonly nowadays, I thought that could be useful to have some sort of written straighforward procedure to use for my pc in order to quickly restart from scratch with a new brand Arch Linux installation (I like rolling release OS, yes. I know it's a security shit show. Bust still, I like it).
So here we go, here is my brief uncommented tutorial for setting up an Arch encrypted installation from scratch. I wrote it down for myself, to be much quicker every time that I have to restart my system from scratch. For this reason, I omitted to give profuse explanations about every step, if some of you finds some errors or not-so-good settings please reach me out and I'll update the guide with some comments.
As a reminder, I warn you that no guide can possibly substitute the role of the Arch wiki, thus I highly suggest to pivot to it every time you have doubts or you want to deepen your knowledge of a specific topic.
System specifics
This guide has been tested on HP Pavilion Laptop 15, with 11th Gen Intel(R) Core(TM) i7-119z and 16GB of RAM. Please note that the installation process could significantly differ for systems with different specifics, particularly for non-UEFI systems.
The resulting fresh Arch Linux installation will have an encrypted main volume used for the filesystem. The system boots from a separated boot partition.
Keyboard layout
loadkeys it
Detecting boot mode
ls /sys/firmware/efi/efivars # If exists, then boot mode is UEFI
Internet connection
iwctl device list station <device> scan station <device> get-networks station <device> connect <SSID>
Timezone
timedatectl set-timezone Europe/Rome
Disk partitioning
The process considers a LVM partition with the LUKS encryption
Detect disks
lsblk fdisk -l
Create partition table and partitions
gdisk /dev/<DISK_name>
Boot partition
n # create new partition Enter # accept suggestion Enter # accept first sector +512M # provide last sector Enter # save last sector ef00 # EFI partition type Enter # finish boot partition setup
Main encrypted partition
n # create new partition Enter # accept suggestion Enter # accept first sector Enter # accept last sector (all the remaining space encrypted) 8e00 # LVM partition type Enter # finish main partition setup
Save current partition layout
w # write on disk
Format boot partition
mkfs.fat -F32 /dev/<BOOT-PARTITION_name>
Encryption
modprobe dm-crypt cryptsetup luksFormat /dev/<MAIN-PARTITION_name> # Partition to be encrypted > Here provide encryption password
Test encryption by reopening it
cryptsetup open --type luks /dev/<MAIN-PARTITION_name> lvm
Create volumes
This process create partitions of the LVM
pvcreate /dev/mapper/lvm vgcreate main /dev/mapper/lvm
Create swap volume
The swap volume size is recommended to be RAM+2GB
lvcreate -L18G main -n swap
Create main volume
lvcreate -l 100%FREE main -n root
Format volumes
mkswap /dev/mapper/main-swap mkfs.ext4 /dev/mapper/main-root
Mount partitions
mount /dev/mapper/main-root /mnt mkdir /mnt/boot mount /dev/<BOOT-PARTITION_name> /mnt/boot swapon /dev/mapper/main-swap
OS installation
pacstrap /mnt base base-devel linux linux-firmware lvm2 man-db man-pages texinfo vim neovim iwd
Setup
genfstab -U /mnt >> /mnt/etc/fstab
arch-chroot /mnt
From now on the commands are executed in the actual new system
Timezone setup
ln -sf /usr/share/zoneinfo/Europe/Berlin /etc/localtime
Localization
- Edit file with
/etc/locale.genend uncomment desired locale (en_GB.UTF-8oren_US.UTF-8recommended) - Generate locale file with
locale-gen - Create
/etc/locale.confand insert the desiredLANGvalue (es.LANG=en_GB.UTF-8) - Create
/etc/vconsole.confand enter default keyboard layout (es.KEYMAP=it)
Network
In
/etc/hostname write the desired hostname. Then edit /etc/hosts as follows
(based on the hostname):# Static table lookup for hostnames. # See hosts(5) for details. 127.0.0.1 localhost HOSTNAME ::1 localhost HOSTNAME 127.0.1.1 HOSTNAME.localdomain HOSTNAME
Boot order based on encryption
Edit
/etc/mkinitcpio.conf and modify the order of parameters for HOOKS variable
in order to make the keyboard connect before the filesystem and assure that the
keyboard is unlocked before the loading of the decryption form.For example:
HOOKS=(base udev autodetect modconf block keyboard encrypt lvm2 keymap consolefont block filesystems fsck)
Bootloader
Create the initramfs, which is an archive of the initial file system that gets
loaded into memory during the Linux startup process.
mkinitcpio -P
Install then
systemd-boot bootloader with:bootctl --path=/boot/ install
and then select the default arch profile in
/boot/loader/loader.confdefault arch editor 0
Create the profile by editing
/boot/loader/entries/arch.conf as follows:title Arch Linux linux /vmlinuz-linux initrd /initramfs-linux.img options cryptdevice=/dev/<MAIN-PARTITION_name>:main root=/dev/mapper/main-root resume=/dev/mapper/main-swap lang=it locale=en_GB.UTF-8
Define root
Create root password
passwd
Finally reboot into Arch installation
Remember to install
iwd before booting up again the system, because it is needed for the network setup interface. You can now exit the chroot environment with exit, then unmount with umount -R /mnt.Reboot the system with
reboot and remove the usb drive used for the installation.And you're done!! Welcome to a barebone installation of Arch Linux.
Now you can procede installing your favourite desktop environment, window manager and all the stuff that you like.