GPT LUKS LVM Arch Install Guide 2016

Intro

Hey everyone. I decided to make this install guide because I found most other guides out there now either out of date, or not quite what I needed for my particular system.

I have an encrypted install of Arch Linux now running using LUKS, LVM, a GPT table, on an SSD. Another part to this is that, instead of just using different partitions for different operating systems, I actually fully install various OSes on separate drives entirely. Right now, I have:

• Arch Linux on a 1TB SSD (Main System)
• Windows 10 on a 2TB Hybrid Drive (Gaming only)
• Spare blank 1.5TB drive for backups/data dump

Most guides that I found had advice for dual-booting but only if the OSes were on the same disk, just different partitions, or were using old MBR partitioning, or didn’t have a full disk encrypt setup.

This guide also assumes you’ll be using wifi. If you need setup for a wired connection, check Arch Linux Beginner Guide.

What you can do with this guide

This guide will show you how to do a step by step install of Arch Linux, using UEFI boot, GPT, and encrypting your entire disk with LUKS and LMV.

To jump ahead slightly, at the end I’m using bootctl as the boot manager which will also automatically detect my Windows 10 install as long as Windows Fast Boot is disabled (applicable for Win 8 and 10).

However, this setup will work just as well if you’re not dual booting at all.

REMINDER

This guide will use the ENTIRE DISK to install Arch Linux! If this is NOT what you want, tweak the partitioning portion of this guide to be what you need/want.

Resources

I got the bulk of my info from the these two sources:

• Arch Linux Beginner Guide
• SuddenKernelPanic blog

Big thanks to the Arch Community in general and to SuddenKernelPanic for the disk encryption information.

Install Guide

System/Disk Prep

Boot into UEFI USB

Connect to wifi

# wifi-menu

Test connection

# ping -c 2 google.com

Set NTP

# timedatectl set-ntp true

Check to see what disk you want to install

# lsblk

NOTE: Most of the time, if you’re installing on your main disk, you’ll be using /dev/sda as your disk. However, if this is a secondary or tertiary disk, you may be using /dev/sdb or /dev/sdc. After this point, I use /dev/sdX, so fill in the X variable with whatever you need.

Partition your disk

# gdisk /dev/sdX

Print current table

# p

New GPT table

# o

Confirm

# y

Create new partitions NOTE: I just give the commands you’ll enter next. Be sure to read the output to make sure this paritioning will work for you!

What the following commands do: Create a new 200M partition to be used as /boot Then, create another partition using the rest of the disk space. This will later become your LVM partition where we break it out into logical volumes.

#new partition
n
#partition number
1
#accept default
[enter]
#200M for /boot
+200M
#EFI system partition type
ef00
#new partition
n
#accept default
[enter]
#accept default
[enter]
#accept default
[enter]
#accept default
[enter]
#write partition table
w
#Confirm
y

Create LUKS encryption. This option will prompt you twice for a password to encrypt the disk with. (For more info on the setting’s I’ve chosen, check out this Arch Linux page)

# cryptsetup -c aes-xts-plain64 -s 512 -h sha512 -i 5000 -y luksFormat /dev/sdX2

Check to make sure the encryption was successful/sanity check

# cryptsetup luksDump /dev/sdX2

Open encrypted partition to set up LVM NOTE: You can use any name instead of crypt and lvmpool below. I chose those based on the SuddenKernelPanic blog and didn’t feel like coming up with different names.

# cryptsetup luksOpen /dev/sdX2 crypt

Create physical volume mapper and logical volume.

# lvm pvcreate /dev/mapper/crypt

# lvm vgcreate lvmpool /dev/mapper/crypt

Create logical partitions for LVM. I have 35GB for root (probably more than necessary, but I had 1TB to play with so why not), 8GB for swap (half my RAM), and the rest of the disk to home.

# lvcreate -L 35GB -n root lvmpool
# lvcreate -L 8GB -n swap lvmpool
# lvcreate -l 100%FREE -n home lvmpool

Check logical partitions for accuracy/sanity check

lvs

All good so far? Cool, let’s continue

Format partitions. bootctl requires that the boot partition be in FAT32. The rest will be in ext4.

# mkfs.fat -F32 /dev/sdX1

# mkfs.ext4 /dev/mapper/lvmpool-root

# mkfs.ext4 /dev/mapper/lvmpool-home

# mkswap /dev/mapper/lvmpool-swap

# swapon /dev/mapper/lvmpool-swap

Make mount points and mount partitions

# mount /dev/mapper/lvmpool-root /mnt

# mkdir -p /mnt/boot
# mount /dev/sdX1 /mnt/boot

# mkdir -p /mnt/home
# mount /dev/mapper/lvmpool-home /mnt/home

Sanity check (check bottom of output) mount -l

Alright, now you’re all setup. On to installing Arch!

Install the base system

# pacstrap -i /mnt base base-devel

Go grab some tea or coffee, this will take a few minutes based on your Internet connection and speed of your disk.

Generate fstab and sanity check

# genfstab -U /mnt > /mnt/etc/fstab

# cat /mnt/etc/fstab (You should see 4 entries: root, boot, home, and swap)

“Log” into the system for configuration

# arch-chroot /mnt /bin/bash

Set location. Uncomment en_US-UTF.8 UTF-8 for US

# vi /etc/locale.gen

(If you don’t know vi basics, Arch may be out of your league right now.
But that’s ok! Everyone needs to learn and start somewhere.)

# locale-gen

Set language. American English will be LANG=en_US.UTF-8

# vi /etc/locale.conf

Select timezone. Just follow the on screen prompts for your location.

# tzselect

# ln -s /usr/share/zoneinfo/Zone/SubZone /etc/localtime

Edit mkinitpcio hooks to include encrypt and lvm2 in between block and filesystems. IMPORTANT! If you don’t do this, the system won’t be able to see your encrypted install!

# vi /etc/mkinitpcio.conf

Regenerate initramfs.

# mkinitcpio -p linux

Install bootctl bootloader.
Other options include GRUB or syslinux, but you’d need to go research those to see how to configure them to properly boot your encrypted install.

# bootctl install

Edit boot loader entry. IMPORTANT! This is another step that if skipped, the system won’t be able to access them encrypted system.

# vi /boot/loader/entries/arch.conf

Insert the following, editing where necessary (for disk number, naming, etc.)

title          Arch Linux

linux          /vmlinuz-linux
initrd         /initramfs-linux.img
options        cryptdevice=/dev/sdX2:crypt ro root=/dev/mapper/lvmpool-root rw

Change the host name of your system. Remember to have this unique to your network.

# vi /etc/hostname

Install necessary wifi software

# pacman -S iw wpa_supplicant dialog

Change root password

# passwd

Logout and unmount partitions, reboot

ctrl-d

# umount -R /mnt

# reboot

Did it work?! Hopefully if you followed all the above steps, you were greeted with a prompt to enter your disk encryption password, then a login shell. If so, congratulations! You now have Arch Linux installed and encrypted on your computer!

That’s all the hard part. REMEMBER! If something didn’t work right, you can always boot back into the live USB and edit any of the work we did without losing your progress. For example, did you forget to edit the boot config? Just boot back into the system with a live USB, mount the drives to the system again, log into Arch # arch-chroot /mnt /bin/bash, # cryptsetup luksOpen /dev/sdX2 crypt, and change the configurations you need.

Further Setup

Assuming you got your login shell, you can stop here and customize your setup as you wish. However, I’ve also included some of the things I did to get my system set up with GNOME, set my local user account, and install some basics. You can use this as a guide so you’re up and running with a GUI and non-root admin account.

Post-install Setup

Start installing some basics. All of these steps are OPTIONAL. You do not have to install any of the things I have listed below. This is just what I did on my system. I have them here as a guide in case you’re not sure where you want to go from here.

NOTE: I have an NVIDIA graphics card, so I’m installing packages for NVIDIA.
If you have AMD or Intel, check Arch Linux General Recommendations for help on what packages to install for your particular system.

Install Xorg and NVIDIA drivers

pacman -S xorg-server xorg-server-utils nvidia nvidia-libgl

Add non-root user

# useradd -m -G wheel -s /bin/bash [name]

Edit sudoers file to give your non-root account sudo access. Uncomment line to allow users in wheel group sudo access

# visudo

Log out of root and log in as your new admin user

ctrl-d

Install GNOME. NOTE: Now, GNOME wants to install a lot of bloatware by default. I, personally, wanted my system to have as little extra crap as possible, so I only selected the packages I wanted to have installed. You can check all the default packages here and select which you want to install:

• https://wiki.gnome.org/Apps
• https://www.archlinux.org/groups/i686/gnome-extra/

$ sudo pacman -S gnome gnome-extra

Enable GNOME display manager so on reboot you can boot directly into GNOME.

$ sudo systemctl enable gdm.service

Install some additional software packages (vim text editor, networkmanager for wifi, Firefox web browser, nmap network mapper, ufw firewall)

$ sudo pacman -S vim networkmanager firefox nmap ufw

Enable networkmanager daemon so that you can connect to your wifi automatically each time your reboot.

$ sudo systemctl enable NetworkManager.service

Enable ufw (Uncomplicated FireWall) as daemon.

$ sudo systemctl enable ufw.service

$ sudo ufw enable

Reboot your system. You should now be presented with the GNOME login for your non-root user. Log in, and start using your new system!