arch linux: updated installation

master
tiyn 1 year ago
parent 2d0958ab66
commit a9fd064286

@ -1,7 +1,7 @@
# Arch installation with LUKS encryption and LVM # Arch installation with LUKS encryption and LVM
This guide is based upon a This guide is based upon a
[german arch wiki article](https://wiki.archlinux.de/title/Moderne_Installation_mit_UEFI_und_Verschlüsselung). [german arch wiki article](https://wiki.archlinux.de/title/Installation_mit_UEFI_und_Verschl%C3%BCsselung).
For encryption [dm-crypt](../dm-crypt.md) is used. For encryption [dm-crypt](../dm-crypt.md) is used.
Inside the encrypted partition a logical volume will be created with Inside the encrypted partition a logical volume will be created with
[LVM](../lvm.md). [LVM](../lvm.md).
@ -19,7 +19,7 @@ Boot the target system and select `Boot Arch Linux (x86_64)`.
If you need to set the keyboard layout to anything other than english you can If you need to set the keyboard layout to anything other than english you can
temporarily do so by using the `loadkeys` command. temporarily do so by using the `loadkeys` command.
This has to be followed by your country id (for example a german keyboard layout This has to be followed by your country id (for example a german keyboard layout
would be `de`,`de-latin1` or `de-latin1-nodeadkeys`. would be `de`,`de-latin1` or `de-latin1-nodeadkeys`).
## 2. Formatting of the target drive ## 2. Formatting of the target drive
@ -33,10 +33,19 @@ be `/dev/sda`.
This step can take quite a while especially for large drives. This step can take quite a while especially for large drives.
- `dd status=progress if=/dev/zero of=/dev/sda` ```sh
dd status=progress if=/dev/zero of=/dev/sda
```
Now all partitions should be removed. Now all partitions should be removed.
Alternatively the partition table can be cleared by running the following command.
This will leave old data possibly recoverable.
```sh
wipefs -fa /dev/sda
```
### Create new partitions ### Create new partitions
If you miss click during the progress of the following commands you can press If you miss click during the progress of the following commands you can press
@ -66,12 +75,13 @@ Using `blkid | grep /dev/sda` all partitions we created get listed.
The right partition has the label `Linux filesystem`. The right partition has the label `Linux filesystem`.
For this guide this partition is assumed to be `/dev/sda2`. For this guide this partition is assumed to be `/dev/sda2`.
- `modprobe dm-crypt` - load kernelmodule for encryption ```sh
- `cryptsetup -c aes-xts-plain -y -s 512 luksFormat /dev/sda2` - encryption cryptsetup -c aes-xts-plain -y -s 512 luksFormat /dev/sda2
- confirm with `YES` ```
- Now you can assign a passphrase. Afterwards confirm with `YES`.
The passphrase has to be entered at boot to decrypt the system. Now you can assign a passphrase.
Recovering of this passphrase is **not** possible. The passphrase has to be entered at boot to decrypt the system.
Recovering of this passphrase is **not** possible.
## 4. Setup LVM ## 4. Setup LVM
@ -139,14 +149,14 @@ en_US.UTF-8 UTF-8
- Search the line `MODULES=()` and change it to: - Search the line `MODULES=()` and change it to:
`MODULES=(ext4)` `MODULES=(ext4)`
- Search the line `HOOKS=([...])` and change it to: - Search the line `HOOKS=([...])` and change it to:
`HOOKS=(base udev autodetect modconf block keyboard keymap encrypt lvm2 filesystems fsck shutdown)` `HOOKS=(base udev autodetect modconf block kms keyboard keymap consolefont encrypt lvm2 filesystems fsck shutdown)`
- `mkinitcpio -p linux` - generate Kernel-Image - `mkinitcpio -p linux` - generate Kernel-Image
## 9. Install and configure UEFI bootloader ## 9. Install and configure UEFI bootloader
- `bootctl install` - Prepare bootloader - `bootctl install` - Prepare bootloader
- `ls -l /dev/disk/by-uuid` - find out the UUID of your root partition - `ls -l /dev/disk/by-uuid` - find out the UUID of your root partition.
- `vim /boot/loader/entries/arch.conf` - Create configuration - `vim /boot/loader/entries/arch.conf` - Create configuration
- Change the config to look similar to this: - Change the config to look similar to this:
@ -158,11 +168,18 @@ en_US.UTF-8 UTF-8
options cryptdevice=UUID=<enter your uuid here>:lvm:allow-discards root=/dev/mapper/main-root resume=/dev/mapper/main-swap rw quiet options cryptdevice=UUID=<enter your uuid here>:lvm:allow-discards root=/dev/mapper/main-root resume=/dev/mapper/main-swap rw quiet
``` ```
- `cp /boot/loader/entries/arch.conf /boot/loader/entries/arch-fallback.conf` - - `cp /boot/loader/entries/arch.conf /boot/loader/entries/arch-fallback.conf` - create a fallback.
create a fallback Change it to the following.
- `vim /boot/loader/loader.conf` - Create loader configuration
```txt
title Arch Linux Fallback
linux /vmlinuz-linux
initrd /initramfs-linux-fallback.img
options cryptdevice=UUID=<enter your uuid here>:lvm:allow-discards root=/dev/mapper/main-root resume=/dev/mapper/main-swap rw quiet
```
- Insert the following text - `vim /boot/loader/loader.conf` - Create loader configuration.
Insert the following text
```txt ```txt
timeout 0 timeout 0

Loading…
Cancel
Save