Menu Sluiten

Install Arch Linux with luks

Install ARCH Linux with encrypted file-system and UEFI

The official installation guide can be found here:

Download the archiso image from and copy to a usb-drive (on linux)
$ dd if=archlinux.img of=/dev/sdX bs=16M && sync

Boot from the usb. If the usb fails to boot, make sure that secure boot is disabled in the BIOS configuration.

This assumes a wifi only system, otherwise use dhcpcd
$ wifi-menu

Create partitions
$ cgdisk /dev/sdX
1st 256MB EFI partition with hex code ef00
2nd 512MB Boot partition with hex code 8300
3rd 100% size partiton (to be encrypted) with hex code 8300

Create filesystems
$ mkfs.vfat -F32 /dev/sdX1
$ mkfs.ext2 /dev/sdX2

Setup the encryption of the system
$ cryptsetup -c aes-xts-plain64 -y – -use-random luksFormat /dev/sdX3
$ cryptsetup luksOpen /dev/sdX3 luks

Create encrypted partitions
This creates one partions for root, modify if /home or other partitions should be on separate partitions
$ pvcreate /dev/mapper/luks
$ vgcreate vg0 /dev/mapper/luks
$ lvcreate – -size 8G vg0 – -name swap
$ lvcreate -l +100%FREE vg0 – -name root

Create filesystems on encrypted partitions
$ mkfs.ext4 /dev/mapper/vg0-root
$ mkswap /dev/mapper/vg0-swap

Mount the new system
$ mount /dev/mapper/vg0-root /mnt
$ swapon /dev/mapper/vg0-swap

$ mkdir /mnt/boot
$ mount /dev/sdX2 /mnt/boot
$ mkdir /mnt/boot/efi
$ mount /dev/sdX1 /mnt/boot/efi

Install the system, a text editor, wpa_supplicant for wifi and some other stuff
$ pacstrap /mnt base base-devel linux linux-firmware lvm2 grub-efi-x86_64 nano git efibootmgr dialog wpa_supplicant net-tools

Generate fstab
$ genfstab -pU /mnt >> /mnt/etc/fstab

Make /tmp a ramdisk (add the following line to /mnt/etc/fstab) and change relatime on all non-boot partitions to noatime (reduces wear if using an SSD)
tmpfs /tmp tmpfs defaults,noatime,mode=1777 0 0

Enter the new system
$ arch-chroot /mnt /bin/bash

Setup system clock
$ ln -s /usr/share/zoneinfo/Europe/Amsterdam /etc/localtime
$ hwclock – -systohc – -utc

Set the hostname
$ echo MYHOSTNAME > /etc/hostname

Update locale
$ echo LANG=en_US.UTF-8 >> /etc/locale.conf
$ echo LANGUAGE=en_US >> /etc/locale.conf
$ echo LC_ALL=C >> /etc/locale.conf

Set password for root
$ passwd

Add real user remove -s flag if you don’t whish to use zsh
$ useradd -m -g users -G wheel -s /bin/zsh USERNAME
$ passwd USERNAME

Configure mkinitcpio with modules needed for the initrd image
$ vim /etc/mkinitcpio.conf
Add ‘ext4’ to MODULES
Add HOOKS so it looks like this:
HOOKS=(base udev autodetect keyboard keymap consolefont modconf block lvm2 encrypt filesystems fsck)

Regenerate initrd image
$ mkinitcpio -p linux

Setup grub
$ grub-install

In /etc/default/grub edit the line GRUB_CMDLINE_LINUX to GRUB_CMDLINE_LINUX=”cryptdevice=/dev/sdX3:luks:allow-discards”
Now run:
$ grub-mkconfig -o /boot/grub/grub.cfg

It is safer to use the UUID in GRUB, alternatively you can use that instead of /dev/sdX3
Look up the UUID from /dev/sdX3
$ blkid
Use that in /etc/default/grub: GRUB_CMDLINE_LINUX=”cryptdevice=UUID=UUIDofdevice:vg0 root=/dev/mapper/vg0-root” and run:
$ grub-mkconfig -o /boot/grub/grub.cfg

OPTIONAL (but recommend) SETTINGS – you can skip this and go to ‘finish the installation’

Install a LTS kernel for more stability
$ pacman -Syu linux-headers linux-lts

Install Advanced Linux Sound Architecture (ALSA)
$ pacman -Syu alsa-utils pulseaudio
$ pacman -Syu alsa-oss alsa-lib

ALSA by default has all channels muted, all of which will need to be unmuted manually. This can be done using amixer:
$ amixer sset Master unmute

To check and make sure your speakers are working, just run:
$ speaker-test -c 2

Install graphical driver

First of all, we’ll install “xorg” and “mesa” packages utilities.
$ pacman -Syu mesa mesa-libgl
$ pacman -Syu xorg xorg-server

Install the driver you need

Install Radeon Drivers – or
$ pacman -Syu xf86-video-ati

Install Nvidia Drivers – or
$ pacman -Syu nvidia nvidia-utils nvidia-settings opencl-nvidia

Install Intel Drivers – or
$ pacman -Syu xf86-video-intel

Install Default Drivers
$ pacman -Syu xf86-video-vesa

Install a Desktop Environment

Install Gnome Desktop
$ pacman -Syu gnome gnome-extra
$ systemctl enable gdm.service

Install KDE Desktop
$ pacman -Syu plasma-meta plasma-wayland-session kde-applications-meta
$ systemctl enable sddm.service

Install XFCE Desktop
$ pacman -Syu xfce4 xfce4-goodies lightdm lightdm-gtk-greeter
$ systemctl enable lightdm.service

Install Mate Desktop
$ pacman -Syu mate mate-extra lightdm lightdm-gtk-greeter
$ systemctl enable lightdm.service

Install Cinnamon Desktop
$ pacman -Syu cinnamon lightdm lightdm-gtk-greeter
$ systemctl enable lightdm.service

Install LXDE Desktop
$ pacman -Syu lxde lxdm
$ systemctl enable lxdm.service


Exit new system and go into the cd shell
$ exit

Unmount all partitions
$ umount -R /mnt
$ swapoff -a

Reboot into the new system, don’t forget to remove the cd/usb
$ reboot


Geef een reactie

Het e-mailadres wordt niet gepubliceerd. Vereiste velden zijn gemarkeerd met *