You can not select more than 25 topics Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.

171 lines
7.3 KiB

5 years ago
# Arch installation with LUKS encryption and LVM
5 years ago
This is the English version of the [German installation guide on rvbg.eu](https://wiki.rvbg.eu/#arch/installation.md).
5 years ago
This guide is based upon a [german arch wiki entry](https://wiki.archlinux.de/title/Moderne_Installation_mit_UEFI_und_Verschlüsselung).
At the end of this guide a fully functional Arch Linux will be installed.
## 1. Preparation
5 years ago
Ahead of the installation an Arch boot-stick has to be created. The iso-file can be found on the [official website](https://www.archlinux.org/download/).
The iso can be written on an USB-stick using `dd`.
5 years ago
After that the USB can be plugged in the system on which Arch should be installed.
Boot the target system and select `Boot Arch Linux (x86_64)`.
5 years ago
If you need to set the keyboard layout to anything other than english you can temporarily do so by using the `loadkeys` command.
This has to be followed by your country id (for example a german keyboard layout would be `de`,`de-latin1` or `de-latin1-nodeadkeys`.
5 years ago
## 2. Formatting of the target drive
Using `lsblk` you can list all the drives and partitions.
5 years ago
Select a drive to install Arch on.
In this step you can see if old partitions need to be deleted.
For reasons of simplicity the following guide will assume the selected drive to be `/dev/sda`.
5 years ago
### Clear disk completely:
This step can take quite a while especially for large drives.
5 years ago
- `dd status=progress if=/dev/zero of=/dev/sda`
Now all partitions should be removed.
### Create new partitions:
If you miss click during the progress of the following commands you can press `CTRL+C` to close the program.
5 years ago
No changes will be made until the confirmation at the end.
The swap partition will be created later under lvm.
- `gdisk /dev/sda`
- `N` - Create a new empty partition table
- `↵ Enter` - Create a partition
- `↵ Enter` - Confirm first sector
- `+512M` - Assign size of 512 MB for the first partition
- `ef00` - Make the partition bootable
- `n` - Create a second partition
- `↵ Enter` - Confirm creation of partition
- `↵ Enter` - Confirm first sector
- `↵ Enter` - Confirm last sector
- `↵ Enter` - Confirm partition type
- `P` - Show created partitions
- `W` - Save all changes
- `Y` - Confirm saving changes
## 3. Encryption
5 years ago
We need to find out which partitions is the one we want to encrypt.
Using `blkid | grep /dev/sda` all partitions we created get listed.
The right partition has the label `Linux filesystem`.
For this guide this partition is assumed to be `/dev/sda2`.
5 years ago
- `modprobe dm-crypt` - load kernelmodule for encryption
- `cryptsetup -c aes-xts-plain -y -s 512 luksFormat /dev/sda2` - encryption
- confirm with `YES`
5 years ago
- Now you can assign a passphrase.
The passphrase has to be entered at boot to decrypt the system.
Recovering of this passphrase is **not** possible.
## 4. Setup LVM
- `cryptsetup luksOpen /dev/sda2 lvm` - Opening encrypted partition and mapping it to `/dev/mapper/lvm`
5 years ago
- `pvcreate /dev/mapper/lvm` - Create a LVM physical volume
- `vgcreate main /dev/mapper/lvm` - Create LVM Volume Group
- `lvcreate -L 16G -n swap main` - Create Swap in LVM (recommended: swap size is equal to ram size)
- `lvcreate -l 100%FREE -n root main` - Create LVM Logical Volume for /
## 5. Create filesystems and mounting them temporarily
5 years ago
We have to find out which partition is our boot-partition.
Using `blkid | grep /dev/sda` once again, we can identify it by looking for the `EFI system partition` label.
The guide assumes this partition to be at `/dev/sda1`.
5 years ago
- `mkfs.fat -F 32 -n UEFI /dev/sda1` - Assign filesystem of EFI partition
- `mkfs.ext4 -L root /dev/mapper/main-root` - Assign filesystem of root partition
- `mkswap /dev/mapper/main-swap` - Assign swap filesystem
5 years ago
Now the created filesystems will be mounted for the installation.
- `mount /dev/mapper/main-root /mnt` - Mounting root partition
- `mkdir /mnt/boot`
- `mount /dev/sda1 /mnt/boot` - Mount EFI partition
- `swapon /dev/mapper/main-swap` - Mounting swap partition
## 6. Prepare base installation (optional)
5 years ago
In this step the country specific mirrorserver for the installation will be configured.
This will improve the download speed.
5 years ago
- `cp /etc/pacman.d/mirrorlist /etc/pacman.d/mirrorlist.bak` - Create a backup of mirrorlist
- `grep -E -A 1 ".*Germany.*$" /etc/pacman.d/mirrorlist.bak | sed '/--/d' > /etc/pacman.d/mirrorlist` - Example command to only use *German* mirrors
- `cat /etc/pacman.d/mirrorlist` - Check if the file is to your liking. If it is not, you can just recover by using `mirrorlist.bak`
5 years ago
## 7. Starting base installation
Now you need a working internet connection.
Plug in your lan cable or use `wifi-menu` to get a wireless connection.
- `pacstrap /mnt base base-devel dosfstools gptfdisk lvm2 linux linux-firmware vim networkmanager` - Installation of main system with needed tools
5 years ago
- `genfstab -Up /mnt > /mnt/etc/fstab` - creation of fstab
- `arch-chroot /mnt` - Switch into the newly installed system
- `echo ArchLinux > /etc/hostname` - Assign hostname. `ArchLinux` can be changed for any name of your preference.
## 8. Set Region and Language
- `echo LANG=en\_US.UTF-8 > /etc/locale.conf` - Assign system Language to be english (you can use other languages, look into the `/etc/locale.gen` for a list of all available languages)
- `vim /etc/locale.gen` - Assigning system language by uncomment the lines depending on your needs.
5 years ago
In this example:
```
en_US.UTF-8 UTF-8
```
- `locale-gen` - Generate languages
- `echo KEYMAP=de-latin1-nodeadkeys > /etc/vconsole.conf` - set the keymap
- `tzselect` - Set region
# 9. Configure and create kernel-image
- `vim /etc/mkinitcpio.conf`
- Search the line `MODULES=()` and change it to:
`MODULES=(ext4)`
- Search the line `HOOKS=([...])` and change it to:
`HOOKS=(base udev autodetect modconf block keyboard keymap encrypt lvm2 filesystems fsck shutdown)`
5 years ago
- `mkinitcpio -p linux` - generate Kernel-Image
## 10. Install and configure UEFI bootloader
5 years ago
- `bootctl install` - Prepare bootloader
- `ls -l /dev/disk/by-uuid` - find out the UUID
- `lsblk -no UUID /dev/sda2 | head -n1 > /boot/loader/entries/arch.conf` - print the UUID in your configuration file
5 years ago
- `vim /boot/loader/entries/arch.conf` - Create configuration
- Change the config to look similar to this:
```
title Arch Linux
linux /vmlinuz-linux
initrd /initramfs-linux.img
options cryptdevice=UUID=<enter your uuid here>:lvm:allow-discards root=/dev/mapper/main-root resume=/dev/mapper/main-swap rw quiet
```
- `cp /boot/loader/entries/arch.conf /boot/loader/entries/arch-fallback.conf` - Create a fallback
5 years ago
- `vim /boot/loader/loader.conf` - Create loader configuration
- Insert the following text
```
timeout 0
default arch
```
## 11. Finishing base installation
5 years ago
- `passwd` - set password for the root account
5 years ago
- `exit` - exit the installed system
- `umount /mnt/{boot,}` - unmount all partitions
- `shutdown now` - shutdown device
5 years ago
- Now remove the Arch boot-stick
- Start the device again
5 years ago
If the system is installed in a virtual environment or a system with deactivated UEFI, don't forget to enable the EFI option, otherwise the system won't boot.
Now you can follow my larbs installation script (`curl -o larbs.sh https://raw.githubusercontent.com/tiyn/larbs/master/larbs.sh` or go on to other guides.
## Changelog and versions
> 03.04.2020 - Version 1.1en (based on 03.04.2020 - Version 1.1)
>
> 05.04.2020 - Version 2.1en (based on 05.04.2020 - Version 2.1)
>
> 28.05.2020 - Version 3.0en