-
-
Save peter-avila/c8902fa5eb9602959f5afaed605e0116 to your computer and use it in GitHub Desktop.
Revisions
-
mjnaderi revised this gist
Mar 22, 2025 . 1 changed file with 33 additions and 4 deletions.There are no files selected for viewing
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters. Learn more about bidirectional Unicode charactersOriginal file line number Diff line number Diff line change @@ -327,14 +327,43 @@ The box `Turn on fast startup` should either be disabled or missing. [More info](https://wiki.archlinux.org/title/NTFS-3G#Metadata_kept_in_Windows_cache,_refused_to_mount) ## Entering Your Password Only Once After completing the above steps, you will need to enter two passwords at system startup: one to decrypt the LUKS volume and another to log into GNOME. To enter only one password, you can enable **Automatic Login** in **GNOME Settings** under the **Users** section. With this change, you no longer need to enter a password in GDM, but you will still need to enter the **GNOME Keyring** password after login. If the keyring password (which defaults to your Linux user password) matches the LUKS encryption passphrase, you can configure GDM to unlock the keyring automatically, eliminating the need to enter the password. To achieve this: 1. Switch to systemd-based initramfs. Edit `/etc/mkinitcpio.conf` and replace **busybox** hooks with corresponding **systemd** hooks based on [this table](https://wiki.archlinux.org/title/Mkinitcpio#Common_hooks). Make sure `systemd`, `keyboard`, `sd-vconsole` and `sd-encrypt` hooks are enabled. Example configuration: HOOKS=(base systemd autodetect modconf kms keyboard sd-vconsole block sd-encrypt lvm2 filesystems fsck) Recreate the initramfs after editing `mkinitcpio.conf`: mkinitcpio -P 1. Configure the bootloader. Edit `/etc/default/grub` and modify the `GRUB_CMDLINE_LINUX` line as follows. You can run `blkid /dev/<your-disk-luks>` to get your LUKS partition UUID. GRUB_CMDLINE_LINUX="rd.luks.name=your-luks-partition-uuid=cryptlvm root=/dev/vg0/root" Now generate the main GRUB configuration file: grub-mkconfig -o /boot/grub/grub.cfg For more information, see [this Reddit post](https://www.reddit.com/r/Fedora/comments/jwnqq5/how_does_fedora_grab_the_luks_password_at_boot_to/). # References - https://gist.github.com/mattiaslundberg/8620837 - https://wiki.archlinux.org/index.php/Installation_guide - https://wiki.archlinux.org/title/Dm-crypt/Encrypting_an_entire_system#LVM_on_LUKS - https://wiki.archlinux.org/title/GRUB - https://joshrosso.com/docs/2020/2020-2-16-arch-windows-install/ -
Mar 28, 2024 . 1 changed file with 1 addition and 1 deletion.There are no files selected for viewing
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters. Learn more about bidirectional Unicode charactersOriginal file line number Diff line number Diff line change @@ -27,7 +27,7 @@ Before we dive into the installation process, let's ensure that your system is r Here is an example to give you a clear picture of what the final disk partition structure will look like. If you're not interested in installing Windows, you can simply ignore the green parts.  For better flexibility, I do not reuse the Windows EFI for Linux. Instead, I create a distinct EFI partition dedicated solely to Linux, resulting in the presence of two EFI partitions. -
Feb 13, 2024 . 1 changed file with 2 additions and 2 deletions.There are no files selected for viewing
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters. Learn more about bidirectional Unicode charactersOriginal file line number Diff line number Diff line change @@ -136,9 +136,9 @@ In the context of this guide, I've designated the disk device and Linux partitio 1. Create LVM partitions (logical volumes). (**Update:** I don't create swap volume on disk anymore. Instead, I create a [zram](https://wiki.archlinux.org/title/Zram) device as swap space after finishing the installation process.) We create logical volumes for swap, root (`/`), and home (`/home`). Leave 256MiB of free space in the volume group because the `e2scrub` command requires -
Feb 13, 2024 . 1 changed file with 2 additions and 1 deletion.There are no files selected for viewing
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters. Learn more about bidirectional Unicode charactersOriginal file line number Diff line number Diff line change @@ -137,7 +137,8 @@ In the context of this guide, I've designated the disk device and Linux partitio 1. Create LVM partitions (logical volumes). **Update:** I don't create swap volume on disk anymore. Instead, I create a [zram](https://wiki.archlinux.org/title/Zram) device as swap space after finishing the installation process. We create logical volumes for swap, root (`/`), and home (`/home`). Leave 256MiB of free space in the volume group because the `e2scrub` command requires -
Dec 21, 2023 . 1 changed file with 3 additions and 0 deletions.There are no files selected for viewing
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters. Learn more about bidirectional Unicode charactersOriginal file line number Diff line number Diff line change @@ -136,6 +136,9 @@ In the context of this guide, I've designated the disk device and Linux partitio 1. Create LVM partitions (logical volumes). **Update:** I don't create swap volume on disk anymore. Instead, I create a [zram](https://wiki.archlinux.org/title/Zram) device as swap space. We create logical volumes for swap, root (`/`), and home (`/home`). Leave 256MiB of free space in the volume group because the `e2scrub` command requires the LVM volume group to have at least 256MiB of unallocated space to dedicate -
Nov 15, 2023 . 1 changed file with 1 addition and 1 deletion.There are no files selected for viewing
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters. Learn more about bidirectional Unicode charactersOriginal file line number Diff line number Diff line change @@ -266,7 +266,7 @@ In the context of this guide, I've designated the disk device and Linux partitio umount -R /mnt swapoff -a Arch is now installed 🎉. Reboot. reboot -
Nov 15, 2023 . 1 changed file with 54 additions and 56 deletions.There are no files selected for viewing
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters. Learn more about bidirectional Unicode charactersOriginal file line number Diff line number Diff line change @@ -59,15 +59,15 @@ In the context of this guide, I've designated the disk device and Linux partitio 1. Make sure the system is booted in UEFI mode. The following command should display the directory contents without error. ls /sys/firmware/efi/efivars 1. Connect to the internet. A wired connection is preferred since it's easier to connect. [More info](https://wiki.archlinux.org/index.php/Installation_guide#Connect_to_the_internet) 1. Run `fdisk` to create Linux partitions. fdisk /dev/<your-disk> If you have installed Windows, you already have a GPT partition table. Otherwise, create an empty GPT partition table using the `g` command. @@ -125,14 +125,14 @@ In the context of this guide, I've designated the disk device and Linux partitio 1. Set up the encrypted partition. You can choose any other name instead of `cryptlvm`. cryptsetup --use-random luksFormat /dev/<your-disk-luks> cryptsetup luksOpen /dev/<your-disk-luks> cryptlvm 1. Create an LVM volume group. You can choose any other name instead of `vg0`. pvcreate /dev/mapper/cryptlvm vgcreate vg0 /dev/mapper/cryptlvm 1. Create LVM partitions (logical volumes). @@ -141,83 +141,83 @@ In the context of this guide, I've designated the disk device and Linux partitio the LVM volume group to have at least 256MiB of unallocated space to dedicate to the snapshot. lvcreate --size 8G vg0 --name swap lvcreate --size 100G vg0 --name root lvcreate -l +100%FREE vg0 --name home lvreduce --size -256M vg0/home 1. Format logical volumes. mkswap /dev/vg0/swap mkfs.ext4 /dev/vg0/root mkfs.ext4 /dev/vg0/home 1. Mount new filesystems. mount /dev/vg0/root /mnt mount --mkdir /dev/<your-disk-efi> /mnt/efi mount --mkdir /dev/<your-disk-boot> /mnt/boot mount --mkdir /dev/vg0/home /mnt/home swapon /dev/vg0/swap 1. Install the base system. We also install some useful packages like `git`, `vim`, and `sudo`. pacstrap -K /mnt base linux linux-firmware openssh git vim sudo 1. Generate `/etc/fstab`. This file can be used to define how disk partitions, various other block devices, or remote filesystems should be mounted into the filesystem. genfstab -U /mnt >> /mnt/etc/fstab 1. Enter the new system. arch-chroot /mnt /bin/bash 1. Set TimeZone. # See available timezones: ls /usr/share/zoneinfo/ # Set timezone: ln -s /usr/share/zoneinfo/Asia/Tehran /etc/localtime 1. Run hwclock(8) to generate `/etc/adjtime`. hwclock --systohc 1. Set Locale. vim /etc/locale.gen (uncomment en_US.UTF-8 UTF-8) locale-gen echo LANG=en_US.UTF-8 > /etc/locale.conf 1. Set hostname. echo yourhostname > /etc/hostname 1. Create a user. useradd -m -G wheel --shell /bin/bash yourusername passwd yourusername visudo # ---> Uncomment "%wheel ALL=(ALL) ALL" 1. Configure `mkinitcpio` with modules needed to create the initramfs image. pacman -S lvm2 vim /etc/mkinitcpio.conf # ---> Add 'encrypt' and 'lvm2' to HOOKS before 'filesystems' Recreate the initramfs image: mkinitcpio -P 1. Setup GRUB. pacman -S grub efibootmgr grub-install --target=x86_64-efi --efi-directory=/efi --bootloader-id=GRUB In `/etc/default/grub` edit the line GRUB_CMDLINE_LINUX as follows. Don't forget to replace `/dev/<your-disk-luks>` with the appropriate path. @@ -252,30 +252,28 @@ In the context of this guide, I've designated the disk device and Linux partitio Now generate the main GRUB configuration file: grub-mkconfig -o /boot/grub/grub.cfg 1. Install `networkmanager` package and enable `NetworkManager` service to ensure you have Internet connectivity after rebooting. pacman -S networkmanager systemctl enable NetworkManager 1. Exit new system and unmount all filesystems. exit umount -R /mnt swapoff -a 1. Arch is now installed 🎉. Reboot. reboot 1. Open BIOS settings and set `GRUB` as first boot priority. Save and exit BIOS settings. After booting the system, you should see the GRUB menu. 1. If you have installed Windows, select "Windows 11" in GRUB menu. If you have previously enabled Bitlocker, BitLocker will ask for your recovery key when you try to boot Windows through GRUB for the first time. @@ -285,15 +283,15 @@ In the context of this guide, I've designated the disk device and Linux partitio 1. Check internet connectivity. ping google.com 1. If you want to use Gnome desktop, install `gnome` and `gdm` packages: sudo pacman -S gnome gdm And enable `gdm` service: sudo systemctl enable gdm 1. Reboot! @@ -306,12 +304,12 @@ It is important to make a backup of LUKS header so that you can access your data Create a backup file: sudo cryptsetup luksHeaderBackup /dev/<your-disk-luks> --header-backup-file luks-header-backup-$(date -I) Store the backup file in a safe place, such as a USB drive. If something bad happens, you can restore the backup header: sudo cryptsetup luksHeaderRestore /dev/<your-disk-luks> --header-backup-file /path/to/backup_header_file ## Disable Windows Hibernate and Fast Startup -
Oct 31, 2023 . 1 changed file with 1 addition and 1 deletion.There are no files selected for viewing
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters. Learn more about bidirectional Unicode charactersOriginal file line number Diff line number Diff line change @@ -144,7 +144,7 @@ In the context of this guide, I've designated the disk device and Linux partitio # lvcreate --size 8G vg0 --name swap # lvcreate --size 100G vg0 --name root # lvcreate -l +100%FREE vg0 --name home # lvreduce --size -256M vg0/home 1. Format logical volumes. -
Sep 27, 2023 . 1 changed file with 185 additions and 188 deletions.There are no files selected for viewing
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters. Learn more about bidirectional Unicode charactersOriginal file line number Diff line number Diff line change @@ -1,41 +1,39 @@ # Installing Arch Linux with Full Disk Encryption If you're aiming for a seamless Arch Linux installation in UEFI mode, follow along as this guide will walk you through the process step by step. We'll be using LUKS (Linux Unified Key Setup) and LVM (Logical Volume Manager) partitions on LUKS to achieve full disk encryption. **Note:** I have updated this doc for UEFI mode. For those with BIOS/MBR systems, you can refer to the [previous version](https://gist.github.com/mjnaderi/28264ce68f87f52f2cabb823a503e673/45238d812ecf77b5df52d4466691bdbed9ab6107), but keep in mind that it might be outdated and no longer accurate. If you're only interested in installing Linux and not setting up dual boot with Windows, feel free to skip the Windows-related sections. # Prepare the System Before we dive into the installation process, let's ensure that your system is ready: - **Data Backup:** Make sure you've backed up all your important data. We're about to make significant changes, and it's always wise to have a safety net. - **UEFI Mode:** In your system's BIOS settings, set the boot mode to UEFI. # Prepare the USB Drive - **Ventoy Installation:** Start by installing [Ventoy](https://github.com/ventoy/Ventoy) on your USB drive. Ventoy is a versatile tool that allows you to easily create a multi-boot USB drive. - **Download Arch ISO:** Head to [Arch Linux's official website](https://www.archlinux.org/download/) and download the Arch ISO image. Copy it to your USB drive. - **Optional Windows 11:** If you plan to set up a dual boot with Windows 11, download the Windows 11 ISO image and also copy it to your USB drive. # Disk Partition Structure Here is an example to give you a clear picture of what the final disk partition structure will look like. If you're not interested in installing Windows, you can simply ignore the green parts.  For better flexibility, I do not reuse the Windows EFI for Linux. Instead, I create a distinct EFI partition dedicated solely to Linux, resulting in the presence of two EFI partitions. I also use separate partitions for EFI and Boot. In the context of this guide, I've designated the disk device and Linux partitions with names according to the table below. Please be aware that these names should be substituted with the actual device paths relevant to your system configuration: | Device | In this Doc | Examples | |----------------|-------------------------|-------------------------------| @@ -46,258 +44,258 @@ You should replace them with your own device paths. # Install Windows (Optional) 1. Boot from the Windows 11 ISO and install Windows. If you want to use BitLocker for disk encryption, ensure that you install the Windows Pro version. 1. In Windows, open the start menu and search for "BitLocker". Open the BitLocker settings and enable BitLocker for the `C` drive. 1. **Important:** Store the BitLocker recovery key in a safe place. You will need it later. # Install Arch Linux 1. Connect the USB drive and boot from the Arch Linux ISO. 1. Make sure the system is booted in UEFI mode. The following command should display the directory contents without error. # ls /sys/firmware/efi/efivars 1. Connect to the internet. A wired connection is preferred since it's easier to connect. [More info](https://wiki.archlinux.org/index.php/Installation_guide#Connect_to_the_internet) 1. Run `fdisk` to create Linux partitions. # fdisk /dev/<your-disk> If you have installed Windows, you already have a GPT partition table. Otherwise, create an empty GPT partition table using the `g` command. (**WARNING:** This will erase the entire disk.) # WARNING: This will erase the entire disk. Command (m for help): g Created a new GPT disklabel (GUID: ...). Create the EFI partition (`/dev/<your-disk-efi>`): Command (m for help): n Partition number: <Press Enter> First sector: <Press Enter> Last sector, +/-sectors or +/-size{K,M,G,T,P}: +100M Command (m for help): t Partition type or alias (type L to list all): uefi Create the Boot partition (`/dev/<your-disk-boot>`): Command (m for help): n Partition number: <Press Enter> First sector: <Press Enter> Last sector, +/-sectors or +/-size{K,M,G,T,P}: +512M Command (m for help): t Partition type or alias (type L to list all): linux Create the LUKS partition (`/dev/<your-disk-luks>`): Command (m for help): n Partition number: <Press Enter> First sector: <Press Enter> Last sector, +/-sectors or +/-size{K,M,G,T,P}: <Press Enter> Command (m for help): t Partition type or alias (type L to list all): linux Print the partition table using the `p` command and check that everything is OK: Command (m for help): p Write changes to the disk using the `w` command. (Make sure you know what you're doing before running this command). Command (m for help): w 1. Format the EFI and Boot Partitions. mkfs.fat -F 32 /dev/<your-disk-efi> mkfs.ext4 /dev/<your-disk-boot> 1. Set up the encrypted partition. You can choose any other name instead of `cryptlvm`. # cryptsetup --use-random luksFormat /dev/<your-disk-luks> # cryptsetup luksOpen /dev/<your-disk-luks> cryptlvm 1. Create an LVM volume group. You can choose any other name instead of `vg0`. # pvcreate /dev/mapper/cryptlvm # vgcreate vg0 /dev/mapper/cryptlvm 1. Create LVM partitions (logical volumes). We create logical volumes for swap, root (`/`), and home (`/home`). Leave 256MiB of free space in the volume group because the `e2scrub` command requires the LVM volume group to have at least 256MiB of unallocated space to dedicate to the snapshot. # lvcreate --size 8G vg0 --name swap # lvcreate --size 100G vg0 --name root # lvcreate -l +100%FREE vg0 --name home # vreduce --size -256M vg0/home 1. Format logical volumes. # mkswap /dev/vg0/swap # mkfs.ext4 /dev/vg0/root # mkfs.ext4 /dev/vg0/home 1. Mount new filesystems. # mount /dev/vg0/root /mnt # mount --mkdir /dev/<your-disk-efi> /mnt/efi # mount --mkdir /dev/<your-disk-boot> /mnt/boot # mount --mkdir /dev/vg0/home /mnt/home # swapon /dev/vg0/swap 1. Install the base system. We also install some useful packages like `git`, `vim`, and `sudo`. # pacstrap -K /mnt base linux linux-firmware openssh git vim sudo 1. Generate `/etc/fstab`. This file can be used to define how disk partitions, various other block devices, or remote filesystems should be mounted into the filesystem. # genfstab -U /mnt >> /mnt/etc/fstab 1. Enter the new system. # arch-chroot /mnt /bin/bash 1. Set TimeZone. ---> See available timezones: # ls /usr/share/zoneinfo/ ---> Set timezone: # ln -s /usr/share/zoneinfo/Asia/Tehran /etc/localtime 1. Run hwclock(8) to generate `/etc/adjtime`. # hwclock --systohc 1. Set Locale. # vim /etc/locale.gen (uncomment en_US.UTF-8 UTF-8) # locale-gen # echo LANG=en_US.UTF-8 > /etc/locale.conf 1. Set hostname. # echo yourhostname > /etc/hostname 1. Create a user. # useradd -m -G wheel --shell /bin/bash yourusername # passwd yourusername # visudo ---> Uncomment "%wheel ALL=(ALL) ALL" 1. Configure `mkinitcpio` with modules needed to create the initramfs image. # pacman -S lvm2 # vim /etc/mkinitcpio.conf ---> Add 'encrypt' and 'lvm2' to HOOKS before 'filesystems' Recreate the initramfs image: # mkinitcpio -P 1. Setup GRUB. # pacman -S grub efibootmgr # grub-install --target=x86_64-efi --efi-directory=/efi --bootloader-id=GRUB In `/etc/default/grub` edit the line GRUB_CMDLINE_LINUX as follows. Don't forget to replace `/dev/<your-disk-luks>` with the appropriate path. GRUB_CMDLINE_LINUX="cryptdevice=/dev/<your-disk-luks>:cryptlvm root=/dev/vg0/root" If you have installed Windows and want to add Windows to the GRUB menu, edit `/etc/grub.d/40_custom`: #!/bin/sh exec tail -n +3 $0 # This file provides an easy way to add custom menu entries. Simply type the # menu entries you want to add after this comment. Be careful not to change # the 'exec tail' line above. if [ "${grub_platform}" == "efi" ]; then menuentry "Windows 11" { insmod part_gpt insmod fat insmod search_fs_uuid insmod chain # After --set=root, add the Windows EFI partition's UUID. # (can be found with "blkid" command) search --fs-uuid --set=root $FS_UUID chainloader /EFI/Boot/bootx64.efi } fi In the above script, replace `$FS_UUID` with Windows EFI partition UUID. You can find this UUID using `lsblk` command. It should be something like `8E12-69DD`. Now generate the main GRUB configuration file: # grub-mkconfig -o /boot/grub/grub.cfg 1. Install `networkmanager` package and enable `NetworkManager` service to ensure you have Internet connectivity after rebooting. # pacman -S networkmanager # systemctl enable NetworkManager 1. Exit new system and unmount all filesystems. # exit # umount -R /mnt # swapoff -a 1. Arch is now installed 🎉. Reboot. # reboot 1. Open BIOS settings and set `GRUB` as first boot priority. Save and exit BIOS settings. 1. After booting the system, you should see the GRUB menu. If you have installed Windows, select "Windows 11" in GRUB menu. If you have previously enabled Bitlocker, BitLocker will ask for your recovery key when you try to boot Windows through GRUB for the first time. Enter your BitLocker recovery key. 1. Reboot again and log in to Arch linux with your username and password. 1. Check internet connectivity. $ ping google.com 1. If you want to use Gnome desktop, install `gnome` and `gdm` packages: $ sudo pacman -S gnome gdm And enable `gdm` service: $ sudo systemctl enable gdm 1. Reboot! # Notes @@ -306,12 +304,11 @@ You should replace them with your own device paths. It is important to make a backup of LUKS header so that you can access your data in case of emergency (if your LUKS header somehow gets damaged). Create a backup file: # cryptsetup luksHeaderBackup /dev/<your-disk-luks> --header-backup-file luks-header-backup-$(date -I) Store the backup file in a safe place, such as a USB drive. If something bad happens, you can restore the backup header: # cryptsetup luksHeaderRestore /dev/<your-disk-luks> --header-backup-file /path/to/backup_header_file -
Jul 12, 2023 . 1 changed file with 15 additions and 1 deletion.There are no files selected for viewing
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters. Learn more about bidirectional Unicode charactersOriginal file line number Diff line number Diff line change @@ -299,7 +299,9 @@ You should replace them with your own device paths. 1. Reboot! # Notes ## Backup LUKS Header It is important to make a backup of LUKS header so that you can access your data in case of emergency (if your LUKS header somehow gets damaged). @@ -314,6 +316,18 @@ If something bad happens, you can restore the backup header: # cryptsetup luksHeaderRestore /dev/<your-disk-luks> --header-backup-file /path/to/backup_header_file ## Disable Windows Hibernate and Fast Startup If you want to use the same NTFS drive in both Windows and Linux (for example an NTFS partition on your internal disk or external hard drive), consider disabling "Hibernate" and "Fast Startup" features in Windows. You can check the current settings on `Control Panel > Hardware and Sound > Power Options > System Setting > Choose what the power buttons do`. The box `Turn on fast startup` should either be disabled or missing. [More info](https://wiki.archlinux.org/title/NTFS-3G#Metadata_kept_in_Windows_cache,_refused_to_mount) # References - https://gist.github.com/mattiaslundberg/8620837 -
Jul 11, 2023 . 1 changed file with 50 additions and 49 deletions.There are no files selected for viewing
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters. Learn more about bidirectional Unicode charactersOriginal file line number Diff line number Diff line change @@ -1,40 +1,40 @@ # Install Arch Linux with Full Disk Encryption This is how I install Arch linux in UEFI mode with full disk encryption using LUKS and LVM partitions on LUKS. I also explain how to configure dual boot with Windows, but you can ignore those parts if you just want to install Linux. **Note:** I have updated this doc for UEFI mode. For BIOS/MBR mode, please visit the [previous version](https://gist.github.com/mjnaderi/28264ce68f87f52f2cabb823a503e673/45238d812ecf77b5df52d4466691bdbed9ab6107) (keep in mind that the previous version may be outdated and incorrect.) # Prepare the System - Make sure to back up your important data. - In the BIOS settings, set the boot mode to UEFI. # Prepare the USB Drive - Install [Ventoy](https://github.com/ventoy/Ventoy) on your USB drive. - Download the Arch ISO image from https://www.archlinux.org/download/ and copy it to the USB drive. - [Optional] Download the Windows 11 ISO image and copy it to the USB drive. # Disk Partition Structure This is an example of the final disk partition structure. If you don't want to Install Windows, ignore the green parts.  For better flexibility, I do not reuse the Windows EFI for Linux. Instead, I create a separate EFI partition for Linux, resulting in two EFI partitions. I also use separate partitions for EFI and Boot. In this document, I have named the disk device and Linux partitions according to the following table. You should replace them with your own device paths. | Device | In this Doc | Examples | @@ -46,41 +46,41 @@ You should replace them with your own device paths. # Install Windows (Optional) 1. Boot from Windows 11 ISO and install Windows. If you want to use BitLocker for disk encryption, install the Pro version of Windows. 1. In Windows, open the start menu and search for "BitLocker". Open BitLocker settings and enable BitLocker for the `C` drive. 1. **Important:** Store the BitLocker recovery key in a safe place. You will need it later. # Install Arch Linux 1. Connect the USB drive and boot from the Arch Linux ISO. 1. Make sure the system is booted in UEFI mode. The following command should display the directory contents without error. # ls /sys/firmware/efi/efivars 1. Connect to the internet. A wired connection is preferred since it's easier to connect. [More info](https://wiki.archlinux.org/index.php/Installation_guide#Connect_to_the_internet) 1. Run `fdisk` to create Linux partitions. # fdisk /dev/<your-disk> If you have installed Windows, you already have a GPT partition table. Otherwise, create an empty GPT partition table using the `g` command. (**WARNING:** This will erase the entire disk.) # WARNING: This will erase the entire disk. Command (m for help): g Created a new GPT disklabel (GUID: ...). Create the EFI partition (`/dev/<your-disk-efi>`): Command (m for help): n Partition number: <Press Enter> @@ -90,7 +90,7 @@ You should replace them with your own device paths. Command (m for help): t Partition type or alias (type L to list all): uefi Create the Boot partition (`/dev/<your-disk-boot>`): Command (m for help): n Partition number: <Press Enter> @@ -100,7 +100,7 @@ You should replace them with your own device paths. Command (m for help): t Partition type or alias (type L to list all): linux Create the LUKS partition (`/dev/<your-disk-luks>`): Command (m for help): n Partition number: <Press Enter> @@ -110,27 +110,27 @@ You should replace them with your own device paths. Command (m for help): t Partition type or alias (type L to list all): linux Print the partition table using the `p` command and check that everything is OK: Command (m for help): p Write changes to the disk using the `w` command. (Make sure you know what you're doing before running this command). Command (m for help): w 1. Format the EFI and Boot Partitions. mkfs.fat -F 32 /dev/<your-disk-efi> mkfs.ext4 /dev/<your-disk-boot> 1. Set up the encrypted partition. You can choose any other name instead of `cryptlvm`. # cryptsetup --use-random luksFormat /dev/<your-disk-luks> # cryptsetup luksOpen /dev/<your-disk-luks> cryptlvm 1. Create an LVM volume group. You can choose any other name instead of `vg0`. # pvcreate /dev/mapper/cryptlvm @@ -139,7 +139,7 @@ You should replace them with your own device paths. 1. Create LVM partitions (logical volumes). We create logical volumes for swap, root (`/`), and home (`/home`). Leave 256MiB of free space in the volume group because the `e2scrub` command requires the LVM volume group to have at least 256MiB of unallocated space to dedicate to the snapshot. @@ -163,7 +163,7 @@ You should replace them with your own device paths. # swapon /dev/vg0/swap 1. Install the base system. We also install some useful packages like `git`, `vim`, and `sudo`. # pacstrap -K /mnt base linux linux-firmware openssh git vim sudo @@ -199,14 +199,14 @@ You should replace them with your own device paths. # echo yourhostname > /etc/hostname 1. Create a user. # useradd -m -G wheel --shell /bin/bash yourusername # passwd yourusername # visudo ---> Uncomment "%wheel ALL=(ALL) ALL" 1. Configure `mkinitcpio` with modules needed to create the initramfs image. # pacman -S lvm2 # vim /etc/mkinitcpio.conf @@ -221,12 +221,12 @@ You should replace them with your own device paths. # pacman -S grub efibootmgr # grub-install --target=x86_64-efi --efi-directory=/efi --bootloader-id=GRUB In `/etc/default/grub` edit the line GRUB_CMDLINE_LINUX as follows. Don't forget to replace `/dev/<your-disk-luks>` with the appropriate path. GRUB_CMDLINE_LINUX="cryptdevice=/dev/<your-disk-luks>:cryptlvm root=/dev/vg0/root" If you have installed Windows and want to add Windows to the GRUB menu, edit `/etc/grub.d/40_custom`: #!/bin/sh @@ -257,7 +257,7 @@ You should replace them with your own device paths. # grub-mkconfig -o /boot/grub/grub.cfg 1. Install `networkmanager` package and enable `NetworkManager` service to ensure you have Internet connectivity after rebooting. # pacman -S networkmanager # systemctl enable NetworkManager @@ -272,17 +272,18 @@ You should replace them with your own device paths. # reboot 1. Open BIOS settings and set `GRUB` as first boot priority. Save and exit BIOS settings. 1. After booting the system, you should see the GRUB menu. If you have installed Windows, select "Windows 11" in GRUB menu. If you have previously enabled Bitlocker, BitLocker will ask for your recovery key when you try to boot Windows through GRUB for the first time. Enter your BitLocker recovery key. 1. Reboot again and log in to Arch linux with your username and password. 1. Check internet connectivity. @@ -300,16 +301,16 @@ You should replace them with your own device paths. # Backup LUKS Header It is important to make a backup of LUKS header so that you can access your data in case of emergency (if your LUKS header somehow gets damaged). 1. Create a backup file: # cryptsetup luksHeaderBackup /dev/<your-disk-luks> --header-backup-file luks-header-backup-$(date -I) 2. Store the backup file in a safe place, such as a USB drive. If something bad happens, you can restore the backup header: # cryptsetup luksHeaderRestore /dev/<your-disk-luks> --header-backup-file /path/to/backup_header_file -
Jul 5, 2023 . 1 changed file with 15 additions and 0 deletions.There are no files selected for viewing
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters. Learn more about bidirectional Unicode charactersOriginal file line number Diff line number Diff line change @@ -298,6 +298,21 @@ You should replace them with your own device paths. 1. Reboot! # Backup LUKS Header It is important to make a backup of LUKS header to be able to access your data in case of emergency (if your LUKS header somehow gets damaged). 1. Create the backup file: # cryptsetup luksHeaderBackup /dev/<your-disk-luks> --header-backup-file luks-header-backup-$(date -I) 2. Store the backup file in a safe place. e.g. a USB drive. If bad things happened, you can restore the backup header: # cryptsetup luksHeaderRestore /dev/<your-disk-luks> --header-backup-file /path/to/backup_header_file # References - https://gist.github.com/mattiaslundberg/8620837 -
Jul 4, 2023 . 1 changed file with 1 addition and 1 deletion.There are no files selected for viewing
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters. Learn more about bidirectional Unicode charactersOriginal file line number Diff line number Diff line change @@ -16,7 +16,7 @@ but you can ignore those parts and just install Linux. # Prepare the USB Drive - Install [Ventoy](https://github.com/ventoy/Ventoy) on your USB drive. - Download Arch ISO image from https://www.archlinux.org/download/ and copy to the USB drive. - [Optional] Download Windows 11 ISO image and copy to the USB drive. -
Jul 4, 2023 . 1 changed file with 1 addition and 1 deletion.There are no files selected for viewing
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters. Learn more about bidirectional Unicode charactersOriginal file line number Diff line number Diff line change @@ -6,7 +6,7 @@ I also explain how to dual boot with Windows, but you can ignore those parts and just install Linux. **Note:** I have updated this doc to UEFI mode. For BIOS/MBR mode, visit [previous version](https://gist.github.com/mjnaderi/28264ce68f87f52f2cabb823a503e673/45238d812ecf77b5df52d4466691bdbed9ab6107) (please note that the previous version may be outdated and incorrect.) # Prepare the System -
Jul 4, 2023 . 1 changed file with 266 additions and 189 deletions.There are no files selected for viewing
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters. Learn more about bidirectional Unicode charactersOriginal file line number Diff line number Diff line change @@ -1,234 +1,311 @@ # Install Arch Linux with Full Disk Encryption This is how I install Arch linux in UEFI mode with full disk encryption (using LUKS) and LVM partitions on LUKS. I also explain how to dual boot with Windows, but you can ignore those parts and just install Linux. **Note:** I have updated this doc to UEFI mode. For BIOS/MBR mode, visit [previous version](https://gist.github.com/mjnaderi/28264ce68f87f52f2cabb823a503e673) (please note that the previous version may be outdated and incorrect.) # Prepare the System - Make sure you have a backup of your important data. - In BIOS settings, set boot mode to UEFI. # Prepare the USB Drive - Install [Ventoy](https://github.com/ventoy/Ventoy) to your USB drive. - Download Arch ISO image from https://www.archlinux.org/download/ and copy to the USB drive. - [Optional] Download Windows 11 ISO image and copy to the USB drive. # Disk Partition Structure This is an example of the final disk partition structure. Ignore the green parts if you don't want to Install Windows.  For better flexibility, I do not re-use Windows EFI for Linux. Instead, I create a separate EFI partition for Linux, so there is two EFI partitions. I also use separate partitions for EFI and Boot. In this doc, I have named the disk device and linux partitions according to the following table. You should replace them with your own device paths. | Device | In this Doc | Examples | |----------------|-------------------------|-------------------------------| | Disk Device | `/dev/<your-disk>` | `/dev/sda`, `/dev/nvme0n1` | | EFI Partition | `/dev/<your-disk-efi>` | `/dev/sda5`, `/dev/nvme0n1p5` | | Boot Partition | `/dev/<your-disk-boot>` | `/dev/sda6`, `/dev/nvme0n1p6` | | LUKS Partition | `/dev/<your-disk-luks>` | `/dev/sda7`, `/dev/nvme0n1p7` | # Install Windows (Optional) 1. Boot from Windows ISO and install Windows. If you want to use BitLocker for disk encryption, install the Pro version of Windows. 1. In Windows, open start menu and search for "BitLocker". Open BitLocker settings and enable BitLocker for `C` drive. 1. **Important:** Store BitLocker recovery key in a safe place. You need it later. # Install Arch Linux 1. Connect the USB drive and boot from Arch Linux ISO. 1. Make sure system is booted in UEFI mode. The following command should display the directory contents without error. # ls /sys/firmware/efi/efivars 1. Connect to the internet. Wired connection is preferred since it's easier to connect. [More info](https://wiki.archlinux.org/index.php/Installation_guide#Connect_to_the_internet) 1. Run `fdisk` to create linux partitions. # fdisk /dev/<your-disk> If you have installed Windows, you already have a GPT partition table. Otherwise, create an empty GPT partition table using `g` command. (**WARNING:** This will erase the entire disk.) # WARNING: This will erase the entire disk. Command (m for help): g Created a new GPT disklabel (GUID: ...). Create EFI partition (`/dev/<your-disk-efi>`): Command (m for help): n Partition number: <Press Enter> First sector: <Press Enter> Last sector, +/-sectors or +/-size{K,M,G,T,P}: +100M Command (m for help): t Partition type or alias (type L to list all): uefi Create Boot partition (`/dev/<your-disk-boot>`): Command (m for help): n Partition number: <Press Enter> First sector: <Press Enter> Last sector, +/-sectors or +/-size{K,M,G,T,P}: +512M Command (m for help): t Partition type or alias (type L to list all): linux Create LUKS partition (`/dev/<your-disk-luks>`): Command (m for help): n Partition number: <Press Enter> First sector: <Press Enter> Last sector, +/-sectors or +/-size{K,M,G,T,P}: <Press Enter> Command (m for help): t Partition type or alias (type L to list all): linux Print the partition table using `p` command and check everything is OK: Command (m for help): p Write changes to disk using `w` command. (Make sure you know what you're doing before running this command). Command (m for help): w 1. Format EFI and Boot Partitions. mkfs.fat -F 32 /dev/<your-disk-efi> mkfs.ext4 /dev/<your-disk-boot> 1. Setup encrypted partition. You can choose any other name instead of `cryptlvm`. # cryptsetup --use-random luksFormat /dev/<your-disk-luks> # cryptsetup luksOpen /dev/<your-disk-luks> cryptlvm 1. Create LVM volume group. You can choose any other name instead of `vg0`. # pvcreate /dev/mapper/cryptlvm # vgcreate vg0 /dev/mapper/cryptlvm 1. Create LVM partitions (logical volumes). We create logical volumes for swap, root (`/`), and home (`/home`). Leave 256MiB free space in volume group because `e2scrub` command requires the LVM volume group to have at least 256MiB of unallocated space to dedicate to the snapshot. # lvcreate --size 8G vg0 --name swap # lvcreate --size 100G vg0 --name root # lvcreate -l +100%FREE vg0 --name home # vreduce --size -256M vg0/home 1. Format logical volumes. # mkswap /dev/vg0/swap # mkfs.ext4 /dev/vg0/root # mkfs.ext4 /dev/vg0/home 1. Mount new filesystems. # mount /dev/vg0/root /mnt # mount --mkdir /dev/<your-disk-efi> /mnt/efi # mount --mkdir /dev/<your-disk-boot> /mnt/boot # mount --mkdir /dev/vg0/home /mnt/home # swapon /dev/vg0/swap 1. Install the base system. We also install some useful packages like `git`, `vim`, `sudo`. # pacstrap -K /mnt base linux linux-firmware openssh git vim sudo 1. Generate `/etc/fstab`. This file can be used to define how disk partitions, various other block devices, or remote filesystems should be mounted into the filesystem. # genfstab -U /mnt >> /mnt/etc/fstab 1. Enter the new system. # arch-chroot /mnt /bin/bash 1. Set TimeZone. ---> See available timezones: # ls /usr/share/zoneinfo/ ---> Set timezone: # ln -s /usr/share/zoneinfo/Asia/Tehran /etc/localtime 1. Run hwclock(8) to generate `/etc/adjtime`. # hwclock --systohc 1. Set Locale. # vim /etc/locale.gen (uncomment en_US.UTF-8 UTF-8) # locale-gen # echo LANG=en_US.UTF-8 > /etc/locale.conf 1. Set hostname. # echo yourhostname > /etc/hostname 1. Create user. # useradd -m -G wheel --shell /bin/bash yourusername # passwd yourusername # visudo ---> Uncomment "%wheel ALL=(ALL) ALL" 1. Configure `mkinitcpio` with modules needed to create initramfs image. # pacman -S lvm2 # vim /etc/mkinitcpio.conf ---> Add 'encrypt' and 'lvm2' to HOOKS before 'filesystems' Recreate the initramfs image: # mkinitcpio -P 1. Setup GRUB. # pacman -S grub efibootmgr # grub-install --target=x86_64-efi --efi-directory=/efi --bootloader-id=GRUB In `/etc/default/grub` edit the line GRUB_CMDLINE_LINUX to the following. Don't forget to replace `/dev/<your-disk-luks>` with appropriate path. GRUB_CMDLINE_LINUX="cryptdevice=/dev/<your-disk-luks>:cryptlvm root=/dev/vg0/root" If you have installed Windows and want to add Windows to GRUB menu, edit `/etc/grub.d/40_custom`: #!/bin/sh exec tail -n +3 $0 # This file provides an easy way to add custom menu entries. Simply type the # menu entries you want to add after this comment. Be careful not to change # the 'exec tail' line above. if [ "${grub_platform}" == "efi" ]; then menuentry "Windows 11" { insmod part_gpt insmod fat insmod search_fs_uuid insmod chain # After --set=root, add the Windows EFI partition's UUID. # (can be found with "blkid" command) search --fs-uuid --set=root $FS_UUID chainloader /EFI/Boot/bootx64.efi } fi In the above script, replace `$FS_UUID` with Windows EFI partition UUID. You can find this UUID using `lsblk` command. It should be something like `8E12-69DD`. Now generate the main GRUB configuration file: # grub-mkconfig -o /boot/grub/grub.cfg 1. Install `networkmanager` package and enable `NetworkManager` service to ensure you have Internet connectivity after reboot. # pacman -S networkmanager # systemctl enable NetworkManager 1. Exit new system and unmount all filesystems. # exit # umount -R /mnt # swapoff -a 1. Arch is now installed 🎉. Reboot. # reboot 1. Open BIOS settings and set `GRUB` as the first boot priority. Save and exit BIOS settings. 1. After booting the system, you should see the GRUB menu. If you have installed Windows, select "Windows 11" in GRUB menu. If you have previously enabled Bitlocker, the first time you try to boot Windows through GRUB, BitLocker asks for your recovery key. Enter your BitLocker recovery key. 1. Reboot again and login to Arch linux with your username and password. 1. Check internet connectivity. $ ping google.com 1. If you want to use Gnome desktop, install `gnome` and `gdm` packages: $ sudo pacman -S gnome gdm And enable `gdm` service: $ sudo systemctl enable gdm 1. Reboot! # References - https://gist.github.com/mattiaslundberg/8620837 - https://wiki.archlinux.org/index.php/Installation_guide - https://wiki.archlinux.org/title/Dm-crypt/Encrypting_an_entire_system#LVM_on_LUKS - https://wiki.archlinux.org/title/GRUB - https://joshrosso.com/docs/2020/2020-2-16-arch-windows-install/ --- Take a look at my [dotfiles repo](https://github.com/mjnaderi/dotfiles). -
Jul 4, 2023 . 1 changed file with 7 additions and 7 deletions.There are no files selected for viewing
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters. Learn more about bidirectional Unicode charactersOriginal file line number Diff line number Diff line change @@ -38,13 +38,13 @@ I assume that `/dev/sda` is the system's disk, and `/dev/sdb` is USB drive. We are going to create 2 main partitions (/dev/sda1 and /dev/sda2): Device Boot Start End Sectors Size Type /dev/sda1 2048 526335 524288 256M Linux /boot /dev/sda2 526336 765986815 765460480 365G Linux Encrypted with LUKS, 3 LVM partitions: swap vg0 -wi-ao---- 8.00g swap root vg0 -wi-ao---- 80.00g / anbar vg0 -wi-ao---- 277.00g /dev/sda3 765986816 976773167 210786352 100.5G Linux (Optional) Other partitions if you need... You can encrypt them separately with another password Create partitions: @@ -54,23 +54,23 @@ I assume that `/dev/sda` is the system's disk, and `/dev/sdb` is USB drive. (fdisk) <Enter> (fdisk) +256M (fdisk) t (fdisk) linux (fdisk) n (fdisk) p (fdisk) 2 (fdisk) <Enter> (fdisk) +365G (fdisk) t (fdisk) linux (fdisk) n (fdisk) p (fdisk) 3 (fdisk) <Enter> (fdisk) <Enter> (fdisk) t (fdisk) linux (fdisk) w (Write Changes) -
Oct 29, 2020 . 1 changed file with 1 addition and 2 deletions.There are no files selected for viewing
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters. Learn more about bidirectional Unicode charactersOriginal file line number Diff line number Diff line change @@ -224,8 +224,7 @@ I assume that `/dev/sda` is the system's disk, and `/dev/sdb` is USB drive. 25. Install Gnome Display Manager and Gnome Desktop. # pacman -S gnome gdm # pacman -S gnome-extra gnome-system-tools (Optional) 26. Enable GDM service -
Oct 29, 2020 . 1 changed file with 37 additions and 27 deletions.There are no files selected for viewing
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters. Learn more about bidirectional Unicode charactersOriginal file line number Diff line number Diff line change @@ -1,4 +1,4 @@ References: - https://gist.github.com/mattiaslundberg/8620837 - https://wiki.archlinux.org/index.php/Installation_guide - `http://www.muktware.io/arch-linux-guide-the-always-up-to-date-arch-linux-tutorial/` (Link is broken) @@ -17,16 +17,13 @@ I assume that `/dev/sda` is the system's disk, and `/dev/sdb` is USB drive. # Steps 1. Download arch iso image from https://www.archlinux.org/download/ and copy to a USB drive. # dd if=arch.iso of=/dev/sdb 2. Set boot mode to "Legacy" in BIOS configuration, and boot from USB. 3. Connect to internet. Wired connection is preferred since it's easier to connect. See [arch wiki](https://wiki.archlinux.org/index.php/Installation_guide#Connect_to_the_internet). 4. Partitioning @@ -110,7 +107,7 @@ I assume that `/dev/sda` is the system's disk, and `/dev/sdb` is USB drive. 9. Install the base system # pacstrap -i /mnt base base-devel linux linux-firmware openssh git vim 10. Generate `/etc/fstab`. This file can be used to define how disk partitions, various other block devices, or remote filesystems should be mounted into the filesystem. @@ -142,15 +139,17 @@ I assume that `/dev/sda` is the system's disk, and `/dev/sdb` is USB drive. 14. Set the hardware clock mode uniformly between your operating systems. Otherwise, they may overwrite the hardware clock and cause time shifts. # hwclock --systohc --utc 15. Set hostname # echo myhostname > /etc/hostname Add it to /etc/hosts: 127.0.0.1 localhost ::1 localhost 127.0.1.1 myhostname.localdomain myhostname 16. Create User @@ -195,31 +194,42 @@ I assume that `/dev/sda` is the system's disk, and `/dev/sdb` is USB drive. # reboot 21. Connect to internet. Configure [systemd-networkd](https://wiki.archlinux.org/index.php/Systemd-networkd). Create file `/etc/systemd/network/20-wired.network`: [Match] Name=en* Name=eth* [Network] DHCP=yes Restart `systemd-networkd` and `systemd-resolved`: # systemctl restart systemd-networkd systemd-resolved # ping archlinux.org Restart `systemd-networkd` and `systemd-resolved` again if required. 22. System is installed now. If you want to install Gnome desktop, perform following steps. 23. Install Xorg server # pacman -S xorg-server xorg-server-utils 24. Install graphics driver ([Arch wiki](https://wiki.archlinux.org/index.php/xorg#Driver_installation)). For my laptop, graphics driver is `xf86-video-intel`. # pacman -S xf86-video-intel 25. Install Gnome Display Manager and Gnome Desktop. # pacman -S gdm # pacman -S gnome # pacman -S gnome-extra gnome-system-tools (Optional) 26. Enable GDM service # systemctl enable gdm 27. Reboot! -
Feb 12, 2020 . 1 changed file with 1 addition and 1 deletion.There are no files selected for viewing
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters. Learn more about bidirectional Unicode charactersOriginal file line number Diff line number Diff line change @@ -1,7 +1,7 @@ Based on: - https://gist.github.com/mattiaslundberg/8620837 - https://wiki.archlinux.org/index.php/Installation_guide - `http://www.muktware.io/arch-linux-guide-the-always-up-to-date-arch-linux-tutorial/` (Link is broken) There are 2 choices: - UEFI/GPT mode: UEFI boot mode / GPT partition table -
Dec 16, 2019 . 1 changed file with 2 additions and 2 deletions.There are no files selected for viewing
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters. Learn more about bidirectional Unicode charactersOriginal file line number Diff line number Diff line change @@ -10,12 +10,12 @@ There are 2 choices: I tried to install in UEFI mode, but my laptop (Acer E5-475-336H) had problems with it, and didn't boot after installation. This is how I installed arch linux in BIOS/MBR mode with full disk encryption (using LUKS), and LVM on LUKS. # Assumptions I assume that `/dev/sda` is the system's disk, and `/dev/sdb` is USB drive. # Steps 1. Download arch iso image from https://www.archlinux.org/ and copy to a USB drive. -
Aug 16, 2019 . 1 changed file with 11 additions and 9 deletions.There are no files selected for viewing
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters. Learn more about bidirectional Unicode charactersOriginal file line number Diff line number Diff line change @@ -12,7 +12,7 @@ This is how I installed arch linux in BIOS/MBR mode with full disk encryption (u # [IMPORTANT] ASSUMPTIONS I assume that `/dev/sda` is the system's disk, and `/dev/sdb` is USB drive. # STEPS @@ -112,8 +112,7 @@ I assume that /dev/sda is the system's disk, and /dev/sdb is USB drive. # pacstrap -i /mnt base base-devel openssh git vim 10. Generate `/etc/fstab`. This file can be used to define how disk partitions, various other block devices, or remote filesystems should be mounted into the filesystem. # genfstab -pU /mnt >> /mnt/etc/fstab @@ -127,8 +126,11 @@ I assume that /dev/sda is the system's disk, and /dev/sdb is USB drive. # arch-chroot /mnt /bin/bash 12. Set TimeZone See available timezones: # ls /usr/share/zoneinfo/ Set timezone: # ln -s /usr/share/zoneinfo/Asia/Tehran /etc/localtime 13. Set Locale @@ -156,7 +158,7 @@ I assume that /dev/sda is the system's disk, and /dev/sdb is USB drive. # useradd -m -g users -G wheel -s myusername # passwd myusername # visudo uncomment %wheel ALL=(ALL) ALL 17. Configure mkinitcpio with modules needed for the initrd image @@ -171,7 +173,7 @@ I assume that /dev/sda is the system's disk, and /dev/sdb is USB drive. 18. Setup grub # pacman -S grub # grub-install --target=i386-pc --recheck /dev/sda In /etc/default/grub edit the line GRUB_CMDLINE_LINUX to: @@ -189,7 +191,7 @@ I assume that /dev/sda is the system's disk, and /dev/sdb is USB drive. # swapoff -a 20. Reboot into the new system. Don't forget to remove the CD/USB. # reboot @@ -214,7 +216,7 @@ I assume that /dev/sda is the system's disk, and /dev/sdb is USB drive. 24. Install Gnome # pacman -S gnome # pacman -S gnome-extra gnome-system-tools (Optional) 25. Enable GDM service -
Aug 16, 2019 . 1 changed file with 7 additions and 11 deletions.There are no files selected for viewing
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters. Learn more about bidirectional Unicode charactersOriginal file line number Diff line number Diff line change @@ -1,10 +1,6 @@ Based on: - https://gist.github.com/mattiaslundberg/8620837 - http://www.muktware.io/arch-linux-guide-the-always-up-to-date-arch-linux-tutorial/ - https://wiki.archlinux.org/index.php/Installation_guide There are 2 choices: @@ -16,16 +12,16 @@ This is how I installed arch linux in BIOS/MBR mode with full disk encryption (u # [IMPORTANT] ASSUMPTIONS I assume that /dev/sda is the system's disk, and /dev/sdb is USB drive. # STEPS 1. Download arch iso image from https://www.archlinux.org/ and copy to a USB drive. # dd if=arch.iso of=/dev/sdb 2. Set boot mode to "Legacy" in BIOS configuration, and boot from USB. 3. Connect to internet. Useful commands: @@ -34,12 +30,12 @@ I assume that /dev/sda is the system's disk, and /dev/sdb is usb drive. 4. Partitioning A drive should first be **partitioned** and afterwards the partitions should be **formatted** with a file system. Use fdisk to create MBR partitions. # fdisk /dev/sda First, create an empty MBR partition table (**WARNING:** This will erase entire disk) (fdisk) o @@ -193,7 +189,7 @@ I assume that /dev/sda is the system's disk, and /dev/sdb is usb drive. # swapoff -a 20. Reboot into the new system, don't forget to remove the CD/USB. # reboot -
Nov 15, 2016 . No changes.There are no files selected for viewing
-
Nov 15, 2016 . 1 changed file with 1 addition and 1 deletion.There are no files selected for viewing
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters. Learn more about bidirectional Unicode charactersOriginal file line number Diff line number Diff line change @@ -210,7 +210,7 @@ I assume that /dev/sda is the system's disk, and /dev/sdb is usb drive. # pacman -S xorg-server # pacman -S xorg-xinit # pacman -S xorg-server-utils # INSTALL GRAPHICS DRIVER (e.g. xf86-video-intel) # pacman -S xterm # startx # exit -
Nov 15, 2016 . 1 changed file with 7 additions and 5 deletions.There are no files selected for viewing
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters. Learn more about bidirectional Unicode charactersOriginal file line number Diff line number Diff line change @@ -200,9 +200,11 @@ I assume that /dev/sda is the system's disk, and /dev/sdb is usb drive. 21. Start network and check internet # systemctl enable dhcpcd.service # systemctl start dhcpcd.service 22. System is installed now. If you want to install Gnome desktop, perform following steps. 23. Install gdm # pacman -S gdm # pacman -S xorg-server @@ -213,13 +215,13 @@ I assume that /dev/sda is the system's disk, and /dev/sdb is usb drive. # startx # exit 24. Install Gnome # pacman -S gnome (Optional) # gnome-extra gnome-system-tools 25. Enable GDM service # systemctl enable gdm 26. Reboot! -
Nov 15, 2016 . 1 changed file with 2 additions and 0 deletions.There are no files selected for viewing
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters. Learn more about bidirectional Unicode charactersOriginal file line number Diff line number Diff line change @@ -1,7 +1,9 @@ Parent Tutorial: - https://gist.github.com/mattiaslundberg/8620837 Muktware Tutorial: - http://www.muktware.io/arch-linux-guide-the-always-up-to-date-arch-linux-tutorial/ Arch Linux Installation Guide: - https://wiki.archlinux.org/index.php/Installation_guide -
Nov 15, 2016 . 1 changed file with 99 additions and 48 deletions.There are no files selected for viewing
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters. Learn more about bidirectional Unicode charactersOriginal file line number Diff line number Diff line change @@ -12,7 +12,7 @@ There are 2 choices: I tried to install in UEFI mode, but my laptop (Acer E5-475-336H) had problems with it, and didn't boot after installation. This is how I installed arch linux in BIOS/MBR mode with full disk encryption (using LUKS), and LVM on LUKS. # [IMPORTANT] ASSUMPTIONS I assume that /dev/sda is the system's disk, and /dev/sdb is usb drive. @@ -97,76 +97,127 @@ I assume that /dev/sda is the system's disk, and /dev/sdb is usb drive. # lvcreate --size 80G vg0 --name root # lvcreate -l +100%FREE vg0 --name anbar 7. Format LVM partitions # mkfs.ext4 /dev/mapper/vg0-root # mkfs.ext4 /dev/mapper/vg0-anbar # mkswap /dev/mapper/vg0-swap 8. Mount the new system # mount /dev/mapper/vg0-root /mnt # mkdir /mnt/boot # mount /dev/sda1 /mnt/boot # swapon /dev/mapper/vg0-swap 9. Install the base system # pacstrap -i /mnt base base-devel openssh git vim 10. Generate /etc/fstab The /etc/fstab file can be used to define how disk partitions, various other block devices, or remote filesystems should be mounted into the filesystem. # genfstab -pU /mnt >> /mnt/etc/fstab (Optional) For making /tmp a ramdisk, add following line to /mnt/etc/fstab: tmpfs /tmp tmpfs defaults,noatime,mode=1777 0 0 11. Enter the new system # arch-chroot /mnt /bin/bash 12. Set TimeZone See available timezones: ls /usr/share/zoneinfo/ # ln -s /usr/share/zoneinfo/Asia/Tehran /etc/localtime 13. Set Locale # vim /etc/locale.gen (uncomment en_US.UTF-8 UTF-8) # locale-gen # echo LANG=en_US.UTF-8 > /etc/locale.conf # export LANG=en_US.UTF-8 14. Set the hardware clock mode uniformly between your operating systems. Otherwise, they may overwrite the hardware clock and cause time shifts. # hwclock --systohc --utc 15. Set hostname # echo myhostname >/etc/hostname Add it to /etc/hosts: 127.0.1.1 myhostname.localdomain myhostname 16. Create User # useradd -m -g users -G wheel -s myusername # passwd myusername # visudo uncomment %wheel ALL=(ALL) ALL 17. Configure mkinitcpio with modules needed for the initrd image # vim /etc/mkinitcpio.conf Add 'ext4' to MODULES Add 'encrypt' and 'lvm2' to HOOKS before 'filesystems' Regenerate initrd image # mkinitcpio -p linux 18. Setup grub # pacman -S grub # grub-install --target=i386-pc --recheck /dev/sda In /etc/default/grub edit the line GRUB_CMDLINE_LINUX to: GRUB_CMDLINE_LINUX="cryptdevice=/dev/sda2:luks:allow-discards" [Tip] To automatically search for other operating systems on your computer, install os-prober (pacman -S os-prober) before running the next command. # grub-mkconfig -o /boot/grub/grub.cfg 19. Exit new system and unmount all partitions # exit # umount -R /mnt # swapoff -a 20. Reboot into the new system, don't forget to remove the cd/usb # reboot 21. Start network and check internet # systemctl enable dhcpcd.service # systemctl start dhcpcd.service 22. Install gdm # pacman -S gdm # pacman -S xorg-server # pacman -S xorg-xinit # pacman -S xorg-server-utils # INSTALL GRAPHICS DRIVER # pacman -S xterm # startx # exit 23. Install Gnome # pacman -S gnome (Optional) # gnome-extra gnome-system-tools 24. Enable GDM service # systemctl enable gdm 25. Reboot! -
Nov 14, 2016 . 2 changed files with 172 additions and 101 deletions.There are no files selected for viewing
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters. Learn more about bidirectional Unicode charactersOriginal file line number Diff line number Diff line change @@ -1,101 +0,0 @@ This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters. Learn more about bidirectional Unicode charactersOriginal file line number Diff line number Diff line change @@ -0,0 +1,172 @@ Parent Tutorial: - https://gist.github.com/mattiaslundberg/8620837 Muktware Tutorial: - http://www.muktware.io/arch-linux-guide-the-always-up-to-date-arch-linux-tutorial/ Arch Linux Installation Guide: - https://wiki.archlinux.org/index.php/Installation_guide There are 2 choices: - UEFI/GPT mode: UEFI boot mode / GPT partition table - BIOS/MBR mode: Legacy boot mode / MBR partition table I tried to install in UEFI mode, but my laptop (Acer E5-475-336H) had problems with it, and didn't boot after installation. This is how I installed arch linux in BIOS/MBR mode with full disk encryption (using LUKS), and LVM on LUKS. # IMPORTANT NOTE I assume that /dev/sda is the system's disk, and /dev/sdb is usb drive. # STEPS 1. Download arch iso image from https://www.archlinux.org/ and copy to a usb drive. # dd if=arch.iso of=/dev/sdb 2. Set boot mode to "Legacy" in BIOS configuration, and boot from usb. 3. Connect to internet. Useful commands: # supervisorctl restart dhcpcd # wifi-menu 4. Partitioning A drive should first be **partitioned** and afterwards the partitions should be formatted with a **file system**. Use fdisk to create MBR partitions. # fdisk /dev/sda First, create an empty MBR partition table (WARNING: This will erase entire disk) (fdisk) o We are going to create 2 main partitions (/dev/sda1 and /dev/sda2): Device Boot Start End Sectors Size Id Type /dev/sda1 2048 526335 524288 256M 83 Linux /boot /dev/sda2 526336 765986815 765460480 365G 83 Linux Encrypted with LUKS, 3 LVM partitions: swap vg0 -wi-ao---- 8.00g swap root vg0 -wi-ao---- 80.00g / anbar vg0 -wi-ao---- 277.00g /dev/sda3 765986816 976773167 210786352 100.5G 83 Linux (Optional) Other partitions if you need... You can encrypt them separately with another password Create partitions: (fdisk) n (fdisk) p (fdisk) 1 (fdisk) <Enter> (fdisk) +256M (fdisk) t (fdisk) 83 (fdisk) n (fdisk) p (fdisk) 2 (fdisk) <Enter> (fdisk) +365G (fdisk) t (fdisk) 83 (fdisk) n (fdisk) p (fdisk) 3 (fdisk) <Enter> (fdisk) <Enter> (fdisk) t (fdisk) 83 (fdisk) w (Write Changes) Format Partitions: mkfs.ext2 /dev/sda1 5. Setup encryption # cryptsetup -c aes-xts-plain64 -y --use-random luksFormat /dev/sda2 # cryptsetup luksOpen /dev/sda2 luks 6. Create LVM Partitions This creates one partions for root, modify if /home or other partitions should be on separate partitions # pvcreate /dev/mapper/luks # vgcreate vg0 /dev/mapper/luks # lvcreate --size 8G vg0 --name swap # lvcreate --size 80G vg0 --name root # lvcreate -l +100%FREE vg0 --name anbar 7. Format LVM partitions # mkfs.ext4 /dev/mapper/vg0-root # mkfs.ext4 /dev/mapper/vg0-anbar # mkswap /dev/mapper/vg0-swap 8. Mount the new system # mount /dev/mapper/vg0-root /mnt # mount /dev/sda1 /mnt/boot # swapon /dev/mapper/vg0-swap mkdir /mnt/boot mount /dev/sdX2 /mnt/boot mkdir /mnt/boot/efi mount /dev/sdX1 /mnt/boot/efi # Install the system also includes stuff needed for starting wifi when first booting into the newly installed system # Unless vim and zsh are desired these can be removed from the command pacstrap /mnt base base-devel grub-efi-x86_64 zsh vim git efibootmgr dialog wpa_supplicant # 'install' fstab genfstab -pU /mnt >> /mnt/etc/fstab # Make /tmp a ramdisk (add the following line to /mnt/etc/fstab) tmpfs /tmp tmpfs defaults,noatime,mode=1777 0 0 # Change relatime on all non-boot partitions to noatime (reduces wear if using an SSD) # Enter the new system arch-chroot /mnt /bin/bash # Setup system clock ln -s /usr/share/zoneinfo/Europe/Stockholm /etc/localtime hwclock --systohc --utc # Set the hostname echo MYHOSTNAME > /etc/hostname # Update locale echo LANG=en_US.UTF-8 >> /etc/locale.conf echo LANGUAGE=en_US >> /etc/locale.conf echo LC_ALL=C >> /etc/locale.conf # Set password for root passwd # Add real user remove -s flag if you don't whish to use zsh # useradd -m -g users -G wheel -s /bin/zsh MYUSERNAME # passwd MYUSERNAME # Configure mkinitcpio with modules needed for the initrd image vim /etc/mkinitcpio.conf # Add 'ext4' to MODULES # Add 'encrypt' and 'lvm2' to HOOKS before filesystems # Regenerate initrd image mkinitcpio -p linux # Setup grub grub-install In /etc/default/grub edit the line GRUB_CMDLINE_LINUX to GRUB_CMDLINE_LINUX="cryptdevice=/dev/sdX3:luks:allow-discards" then run: grub-mkconfig -o /boot/grub/grub.cfg # Exit new system and go into the cd shell exit # Unmount all partitions umount -R /mnt swapoff -a # Reboot into the new system, don't forget to remove the cd/usb reboot -
mattiaslundberg revised this gist
Aug 21, 2016 . 1 changed file with 1 addition and 1 deletion.There are no files selected for viewing
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters. Learn more about bidirectional Unicode charactersOriginal file line number Diff line number Diff line change @@ -74,7 +74,7 @@ echo LC_ALL=C >> /etc/locale.conf passwd # Add real user remove -s flag if you don't whish to use zsh # useradd -m -g users -G wheel -s /bin/zsh MYUSERNAME # passwd MYUSERNAME # Configure mkinitcpio with modules needed for the initrd image -
Jan 7, 2016 . 1 changed file with 3 additions and 3 deletions.There are no files selected for viewing
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters. Learn more about bidirectional Unicode charactersOriginal file line number Diff line number Diff line change @@ -66,9 +66,9 @@ hwclock --systohc --utc echo MYHOSTNAME > /etc/hostname # Update locale echo LANG=en_US.UTF-8 >> /etc/locale.conf echo LANGUAGE=en_US >> /etc/locale.conf echo LC_ALL=C >> /etc/locale.conf # Set password for root passwd
NewerOlder