Arch install

The following is based on this blog entry. This installation method was tested Lenovo’s X200s and T420.

We assume a working ethernet connection. After booting into the Arch linux USB stick, we enable network time synchronisation:

# timedatectl set-ntp true

Then, we create an MSDOS partitioning table with two partitions: the first one will be boot while the second one will be encrypted and contain root and home. We leave 1MB free before the boot partition.1 Since we will use a swap file, no swap partition will be necessary for us.

For simplicity, we will assume installation on /dev/sda. Using parted, the commands are

# parted /dev/sda
(parted) select /dev/sdX
(parted) mklabel msdos
(parted) mkpart primary ext2 1MB 512MB
(parted) mkpart primary ext4 512MB 100%
(parted) set 1 boot on
(parted) quit

Then, we encrypt the second partition and give it the name “crypt”:

# cryptsetup luksFormat /dev/sda2
# cryptsetup open /dev/sda2 crypt

We initialise a physical volume with a volume group “vg”:

# pvcreate /dev/mapper/crypt
# vgcreate vg /dev/mapper/crypt

On the volume group, we create the root and home partitions as logical volumes:

# lvcreate -L 60G vg -n root
# lvcreate -l 100%FREE vg -n home

These logical volumes shall again have the filesystem ext4:

# mkfs.ext4 /dev/mapper/vg-root
# mkfs.ext4 /dev/mapper/vg-home

Then, we can perform the mounting:

# mount /dev/mapper/vg-root /mnt
# mount -m /dev/mapper/vg-home /mnt/home
# mount -m /dev/sda1 /mnt/boot

We download the necessary (and useful) packages

# pacstrap /mnt base base-devel linux linux-firmware lvm2 vim man networkmanager grub

and generate the file system table with

# genfstab -U /mnt >> /mnt/etc/fstab

Finally, we dive into the new system:

# arch-chroot /mnt

We link our timezone and set the clock:

# ln -s /usr/share/timezone/Europe/Zurich /etc/localtime
# hwclock --systohc

Inside /etc/locale.gen, uncomment the regional settings you prefer, e.g. de_CH.UTF-8. After saving, execute

# locale-gen

In /etc.locale.conf, set LANG to your prefered language, e.g. LANG=en_US.UTF-8. Then, write your prefered host name into /etc/hostname.

Now comes a crucial part: inside the file /etc/mkinitcpio.conf, make sure the line defining the hooks is of the form (ordering matters!)

Hooks=(base udev autodetect keyboard keymap consolefont modconf block lvm2 encrypt filesystem fsck)

Install grub with

# grub-install /dev/sda

Next, we need to tell grub which partition to decrypt and use as root. For this, you can use the command lsblk -f >> /etc/default/grub, pasting a list of devices into the grub config file. Inside /etc/default/grub, ensure that the argument of GRUB_CMDLINE_LINUX is defined as

GRUB_CMDLINE_LINUX="cryptdevice=UUID=yourUUID:x root=/dev/mapper/vg-root"

where yourUUID is the UUID of the device that shall be decrypted, i.e., here, /dev/sda2. Also, uncomment the line

GRUB_ENABLE_CRYPTODISK="y"

We create the grub config file with

# grub-mkconfig -o /boot/grub/grub.cfg

and generate an initial RAM disk for the boot process:

# mkinitcpio -P

Finally, we set a root password, create a new user part of group wheel and give him a password, too.

# passwd
# useradd -m -G wheel julian
# passwd julian

Optionally, we can asign root privileges to all members of wheel by entering

# visudo

and uncommenting the line

%wheel ALL=(ALL) ALL

Then, it is time for a reboot and some luck :-)

  1. According to the ArchWiki, neither the 1MB nor a separate boot partition seems to be necessary(?). I have not tested this and simply present a setup that worked for me.↩︎