Hey everyone. I decided to make this install guide because I found most other guides out there now either out of date, or not quite what I needed for my particular system.
I have an encrypted install of Arch Linux now running using LUKS, LVM, a GPT table, on an SSD. Another part to this is that, instead of just using different partitions for different operating systems, I actually fully install various OSes on separate drives entirely. Right now, I have:
- Arch Linux on a 1TB SSD (Main System)
- Windows 10 on a 2TB Hybrid Drive (Gaming only)
- Spare blank 1.5TB drive for backups/data dump
Most guides that I found had advice for dual-booting but only if the OSes were on the same disk, just different partitions, or were using old MBR partitioning, or didn’t have a full disk encrypt setup.
This guide also assumes you’ll be using wifi. If you need setup for a wired connection, check Arch Linux Beginner Guide.
This guide will show you how to do a step by step install of Arch Linux, using UEFI boot, GPT, and encrypting your entire disk with LUKS and LMV.
To jump ahead slightly, at the end I’m using
bootctl as the boot manager which will also automatically detect my Windows 10 install as long as Windows Fast Boot is disabled (applicable for Win 8 and 10).
However, this setup will work just as well if you’re not dual booting at all.
This guide will use the ENTIRE DISK to install Arch Linux! If this is NOT what you want, tweak the partitioning portion of this guide to be what you need/want.
I got the bulk of my info from the these two sources:
Big thanks to the Arch Community in general and to SuddenKernelPanic for the disk encryption information.
Boot into UEFI USB
Connect to wifi
# ping -c 2 google.com
# timedatectl set-ntp true
Check to see what disk you want to install
NOTE: Most of the time, if you’re installing on your main disk, you’ll be using
/dev/sda as your disk. However, if this is a secondary or tertiary disk, you may be using
/dev/sdc. After this point, I use
/dev/sdX, so fill in the
X variable with whatever you need.
Partition your disk
# gdisk /dev/sdX
Print current table
New GPT table
Create new partitions NOTE: I just give the commands you’ll enter next. Be sure to read the output to make sure this paritioning will work for you!
What the following commands do: Create a new 200M partition to be used as
/boot Then, create another partition using the rest of the disk space. This will later become your LVM partition where we break it out into logical volumes.
#new partition n #partition number 1 #accept default [enter] #200M for /boot +200M #EFI system partition type ef00 #new partition n #accept default [enter] #accept default [enter] #accept default [enter] #accept default [enter] #write partition table w #Confirm y
Create LUKS encryption. This option will prompt you twice for a password to encrypt the disk with. (For more info on the setting’s I’ve chosen, check out this Arch Linux page)
# cryptsetup -c aes-xts-plain64 -s 512 -h sha512 -i 5000 -y luksFormat /dev/sdX2
Check to make sure the encryption was successful/sanity check
# cryptsetup luksDump /dev/sdX2
Open encrypted partition to set up LVM NOTE: You can use any name instead of
lvmpool below. I chose those based on the SuddenKernelPanic blog and didn’t feel like coming up with different names.
# cryptsetup luksOpen /dev/sdX2 crypt
Create physical volume mapper and logical volume.
# lvm pvcreate /dev/mapper/crypt
# lvm vgcreate lvmpool /dev/mapper/crypt
Create logical partitions for LVM. I have 35GB for
root (probably more than necessary, but I had 1TB to play with so why not), 8GB for
swap (half my RAM), and the rest of the disk to
# lvcreate -L 35GB -n root lvmpool # lvcreate -L 8GB -n swap lvmpool # lvcreate -l 100%FREE -n home lvmpool
Check logical partitions for accuracy/sanity check
All good so far? Cool, let’s continue
bootctl requires that the boot partition be in FAT32. The rest will be in ext4.
# mkfs.fat -F32 /dev/sdX1 # mkfs.ext4 /dev/mapper/lvmpool-root # mkfs.ext4 /dev/mapper/lvmpool-home # mkswap /dev/mapper/lvmpool-swap # swapon /dev/mapper/lvmpool-swap
Make mount points and mount partitions
# mount /dev/mapper/lvmpool-root /mnt # mkdir -p /mnt/boot # mount /dev/sdX1 /mnt/boot # mkdir -p /mnt/home # mount /dev/mapper/lvmpool-home /mnt/home
Sanity check (check bottom of output)
Install the base system
# pacstrap -i /mnt base base-devel
Go grab some tea or coffee, this will take a few minutes based on your Internet connection and speed of your disk.
Generate fstab and sanity check
# genfstab -U /mnt > /mnt/etc/fstab
# cat /mnt/etc/fstab (You should see 4 entries: root, boot, home, and swap)
“Log” into the system for configuration
# arch-chroot /mnt /bin/bash
Set location. Uncomment
en_US-UTF.8 UTF-8 for US
# vi /etc/locale.gen
(If you don’t know vi basics, Arch may be out of your league right now.
But that’s ok! Everyone needs to learn and start somewhere.)
Set language. American English will be
# vi /etc/locale.conf
Select timezone. Just follow the on screen prompts for your location.
# ln -s /usr/share/zoneinfo/Zone/SubZone /etc/localtime
mkinitpcio hooks to include
lvm2 in between
filesystems. IMPORTANT! If you don’t do this, the system won’t be able to see your encrypted install!
# vi /etc/mkinitpcio.conf
# mkinitcpio -p linux
Other options include
syslinux, but you’d need to go research those to see how to configure them to properly boot your encrypted install.
# bootctl install
Edit boot loader entry. IMPORTANT! This is another step that if skipped, the system won’t be able to access them encrypted system.
# vi /boot/loader/entries/arch.conf
Insert the following, editing where necessary (for disk number, naming, etc.)
title Arch Linux linux /vmlinuz-linux initrd /initramfs-linux.img options cryptdevice=/dev/sdX2:crypt ro root=/dev/mapper/lvmpool-root rw
Change the host name of your system. Remember to have this unique to your network.
# vi /etc/hostname
Install necessary wifi software
# pacman -S iw wpa_supplicant dialog
Change root password
Logout and unmount partitions, reboot
# umount -R /mnt
Did it work?! Hopefully if you followed all the above steps, you were greeted with a prompt to enter your disk encryption password, then a login shell. If so, congratulations! You now have Arch Linux installed and encrypted on your computer!
That’s all the hard part. REMEMBER! If something didn’t work right, you can always boot back into the live USB and edit any of the work we did without losing your progress. For example, did you forget to edit the boot config? Just boot back into the system with a live USB, mount the drives to the system again, log into Arch
# arch-chroot /mnt /bin/bash,
# cryptsetup luksOpen /dev/sdX2 crypt, and change the configurations you need.
Assuming you got your login shell, you can stop here and customize your setup as you wish. However, I’ve also included some of the things I did to get my system set up with GNOME, set my local user account, and install some basics. You can use this as a guide so you’re up and running with a GUI and non-root admin account.
Start installing some basics. All of these steps are OPTIONAL. You do not have to install any of the things I have listed below. This is just what I did on my system. I have them here as a guide in case you’re not sure where you want to go from here.
NOTE: I have an NVIDIA graphics card, so I’m installing packages for NVIDIA.
If you have AMD or Intel, check Arch Linux General Recommendations for help on what packages to install for your particular system.
Install Xorg and NVIDIA drivers
pacman -S xorg-server xorg-server-utils nvidia nvidia-libgl
Add non-root user
# useradd -m -G wheel -s /bin/bash [name]
Edit sudoers file to give your non-root account sudo access. Uncomment line to allow users in
wheel group sudo access
Log out of root and log in as your new admin user
Install GNOME. NOTE: Now, GNOME wants to install a lot of bloatware by default. I, personally, wanted my system to have as little extra crap as possible, so I only selected the packages I wanted to have installed. You can check all the default packages here and select which you want to install:
$ sudo pacman -S gnome gnome-extra
Enable GNOME display manager so on reboot you can boot directly into GNOME.
$ sudo systemctl enable gdm.service
Install some additional software packages (vim text editor, networkmanager for wifi, Firefox web browser, nmap network mapper, ufw firewall)
$ sudo pacman -S vim networkmanager firefox nmap ufw
Enable networkmanager daemon so that you can connect to your wifi automatically each time your reboot.
$ sudo systemctl enable NetworkManager.service
Enable ufw (Uncomplicated FireWall) as daemon.
$ sudo systemctl enable ufw.service
$ sudo ufw enable
Reboot your system. You should now be presented with the GNOME login for your non-root user. Log in, and start using your new system!