1
0
mirror of https://github.com/tiyn/wiki.git synced 2025-05-11 07:37:45 +02:00

Compare commits

..

No commits in common. "38f8578dcb6c0f12fde59cf6eb32a1107979d1c7" and "2d0958ab66fa1701b2ecd4c095d6ba77a6a45a95" have entirely different histories.

@ -1,7 +1,7 @@
# Arch installation with LUKS encryption and LVM
This guide is based upon a
[german arch wiki article](https://wiki.archlinux.de/title/Installation_mit_UEFI_und_Verschl%C3%BCsselung).
[german arch wiki article](https://wiki.archlinux.de/title/Moderne_Installation_mit_UEFI_und_Verschlüsselung).
For encryption [dm-crypt](../dm-crypt.md) is used.
Inside the encrypted partition a logical volume will be created with
[LVM](../lvm.md).
@ -19,7 +19,7 @@ Boot the target system and select `Boot Arch Linux (x86_64)`.
If you need to set the keyboard layout to anything other than english you can
temporarily do so by using the `loadkeys` command.
This has to be followed by your country id (for example a german keyboard layout
would be `de`,`de-latin1` or `de-latin1-nodeadkeys`).
would be `de`,`de-latin1` or `de-latin1-nodeadkeys`.
## 2. Formatting of the target drive
@ -33,19 +33,10 @@ be `/dev/sda`.
This step can take quite a while especially for large drives.
```sh
dd status=progress if=/dev/zero of=/dev/sda
```
- `dd status=progress if=/dev/zero of=/dev/sda`
Now all partitions should be removed.
Alternatively the partition table can be cleared by running the following command.
This will leave old data possibly recoverable.
```sh
wipefs -fa /dev/sda
```
### Create new partitions
If you miss click during the progress of the following commands you can press
@ -75,13 +66,12 @@ Using `blkid | grep /dev/sda` all partitions we created get listed.
The right partition has the label `Linux filesystem`.
For this guide this partition is assumed to be `/dev/sda2`.
```sh
cryptsetup -c aes-xts-plain -y -s 512 luksFormat /dev/sda2
```
Afterwards confirm with `YES`.
Now you can assign a passphrase.
The passphrase has to be entered at boot to decrypt the system.
Recovering of this passphrase is **not** possible.
- `modprobe dm-crypt` - load kernelmodule for encryption
- `cryptsetup -c aes-xts-plain -y -s 512 luksFormat /dev/sda2` - encryption
- confirm with `YES`
- Now you can assign a passphrase.
The passphrase has to be entered at boot to decrypt the system.
Recovering of this passphrase is **not** possible.
## 4. Setup LVM
@ -149,14 +139,14 @@ en_US.UTF-8 UTF-8
- Search the line `MODULES=()` and change it to:
`MODULES=(ext4)`
- Search the line `HOOKS=([...])` and change it to:
`HOOKS=(base udev autodetect modconf block kms keyboard keymap consolefont encrypt lvm2 filesystems fsck shutdown)`
`HOOKS=(base udev autodetect modconf block keyboard keymap encrypt lvm2 filesystems fsck shutdown)`
- `mkinitcpio -p linux` - generate Kernel-Image
## 9. Install and configure UEFI bootloader
- `bootctl install` - Prepare bootloader
- `ls -l /dev/disk/by-uuid` - find out the UUID of your root partition.
- `ls -l /dev/disk/by-uuid` - find out the UUID of your root partition
- `vim /boot/loader/entries/arch.conf` - Create configuration
- Change the config to look similar to this:
@ -168,18 +158,11 @@ en_US.UTF-8 UTF-8
options cryptdevice=UUID=<enter your uuid here>:lvm:allow-discards root=/dev/mapper/main-root resume=/dev/mapper/main-swap rw quiet
```
- `cp /boot/loader/entries/arch.conf /boot/loader/entries/arch-fallback.conf` - create a fallback.
Change it to the following.
- `cp /boot/loader/entries/arch.conf /boot/loader/entries/arch-fallback.conf` -
create a fallback
- `vim /boot/loader/loader.conf` - Create loader configuration
```txt
title Arch Linux Fallback
linux /vmlinuz-linux
initrd /initramfs-linux-fallback.img
options cryptdevice=UUID=<enter your uuid here>:lvm:allow-discards root=/dev/mapper/main-root resume=/dev/mapper/main-swap rw quiet
```
- `vim /boot/loader/loader.conf` - Create loader configuration.
Insert the following text
- Insert the following text
```txt
timeout 0
@ -205,7 +188,7 @@ UEFI, don't forget to enable the EFI option, otherwise the system won't boot.
## 12. Further steps and graphical environment
Now you can follow the recommended larbs installation script of this wiki
(`curl -LO larbs.sh https://raw.githubusercontent.com/tiyn/larbs/master/larbs.sh`)
(`curl -o larbs.sh https://raw.githubusercontent.com/tiyn/larbs/master/larbs.sh`)
this will install a bunch of useful base software including
[a graphical environment](../x_window_system.md) and
[a window manager](../suckless.md#programs).