The official installation guide (https://wiki.archlinux.org/index.php/Installation_Guide) contains a more verbose description.
- Image from https://www.archlinux.org/
dd if=archlinux.img of=/dev/sdX bs=16M && sync # on linux
If the usb fails to boot, make sure that secure boot is disabled in the BIOS configuration.
wifi-menu
cgdisk /dev/nvme0n1
1 512MB EFI partition # Hex code ef00
2 100% size partiton # (to be encrypted) Hex code 8300
You might have to use hexcode: 8e00
8300 causes errors sometimes.
mkfs.vfat -F32 -n EFI /dev/nvme0n1p1
Note: Many NVMe drives can exceed 2GB/s, consider your crypto algorithm wisely, review cryptsetup benchmark, the defaults are viewable end of cryptsetup --help, defaults are commonly the fastest with good security from my experience with cryptsetup (AES 256, sha256, 2000ms)
cryptsetup --use-random luksFormat /dev/nvme0n1p2
or if you want better encryption like me:
cryptsetup -c aes-xts-plain64 -s 512 -h sha384 -i 2500 --use-random luksFormat /dev/nvme0n1p2
cryptsetup luksOpen /dev/nvme0n1p2 luks
Also when it asks "are you sure, make sure you type captial yes. example: YES
This creates one partions for root, modify if /home or other partitions should be on separate partitions
pvcreate /dev/mapper/luks
vgcreate vg0 /dev/mapper/luks
lvcreate --size 16G vg0 --name swap
lvcreate -l +100%FREE vg0 --name root
mkfs.ext4 -L root /dev/mapper/vg0-root
mkswap /dev/mapper/vg0-swap
mount /dev/mapper/vg0-root /mnt # /mnt is the installed system
swapon /dev/mapper/vg0-swap # Not needed but a good thing to test
mkdir /mnt/boot
mount /dev/nvme0n1p1 /mnt/boot
Also includes stuff needed for starting wifi when first booting into the newly installed system Unless vim and zsh are desired these can be removed from the command. Dialog is needed by wifi-menu. Change intel-ucode for amd-ucode vice-versa depending on CPU. If you have an nvidia GPU add nvidia below as I did. I removed dialog and wpa_supplicant since my PC lacks a WiFi NIC. Added gnome but you could do KDE instead or whatever you prefer.
pacstrap /mnt base linux linux-firmware git sudo efibootmgr tmux amd-ucode networkmanager net-tools gnome base-devel nvidia zsh firefox keepassxc nano
Note: I removed "zsh" and "neovim", because I like 'bash' and 'vi'. I also added networkmanager so ethernet will work on boot. May 27 EDIT: Added net-tools so you can use ifconfig on boot to find your IPv4 for SSH. April 3, 2021 - Added ZSH and several other things such as GNOME and nano.
genfstab -pU /mnt | tee -a /mnt/etc/fstab
nano /mnt/etc/fstab
tmpfs /tmp tmpfs defaults,noatime,mode=1777 0 0
Also change relatime on all non-boot partitions to noatime (reduces wear if using an SSD)
add no in front of realtime for the vfo-root partition.
arch-chroot /mnt /bin/bash
ln -s /usr/share/zoneinfo/America/Chicago /etc/localtime
hwclock --systohc --utc
echo MYHOSTNAME > /etc/hostname
Uncomment wanted locales in /etc/locale.gen
vim /etc/locale.gen
locale-gen
localectl set-locale LANG=en_US.UTF-8
To avoid problems with gnome-terminal set locale system wide Do NOT set LC_ALL=C. It overrides all the locale vars and messes up special characters Pay attention to the UTF-8. Capital letters !
echo LANG=en_US.UTF-8 >> /etc/locale.conf
echo LC_ALL= >> /etc/locale.conf
passwd
groupadd MYUSERNAME
useradd -m -g MYUSERNAME -G wheel,storage,power,network,uucp -s /bin/bash MYUSERNAME
passwd MYUSERNAME
or
useradd -m -G wheel -s /bin/bash <username>
passwd <username>
EDITOR=nano visudo
###Inside visudo, find the line that says "## Uncomment to allow members of group wheel to execute any command".###
###Remove the comment from #%wheel ALL=(ALL) ALL. It should now look like this:###
%wheel ALL=(ALL) ALL
###Then CTRL + X, now it should prompt you if you want to save, press Y. Now wheel has proper perms.
###"sudo pacman -Syu" will now work properly when you run it to update with your wheel grouped username.###
vim /etc/mkinitcpio.conf
- Add 'ext4 amdgpu' to MODULES - Substitute amdgpu for i915 if Intel graphics. This helps ensure gnome starts on boot.
- Add 'encrypt' and 'lvm2' to HOOKS before filesystems
- Add 'resume' after 'lvm2' (also has to be after 'udev')
mkinitcpio -p linux
bootctl --path=/boot install
echo default arch >> /boot/loader/loader.conf
echo timeout 5 >> /boot/loader/loader.conf
nvim /boot/loader/entries/arch.conf
Add the following content to arch.conf - Change intel-ucode.img to amd-ucode.img and vice-versa for your CPU.
<UUID> is the the one of the raw encrypted device (/dev/nvme0n1p2). It can be found with the blkid command
title Arch Linux
linux /vmlinuz-linux
initrd /amd-ucode.img
initrd /initramfs-linux.img
options cryptdevice=UUID=<UUID>:vg0 root=/dev/mapper/vg0-root resume=/dev/mapper/vg0-swap rw intel_pstate=no_hwp
Do ' systemctl enable gdm ' without quotations, that way on boot it loads up gdm so you can login to gnome like normal.
Do 'systemctl enable NetworkManager.service' without quotations, otherwise on boot you won't have internet :D.
exit
umount -R /mnt
swapoff -a
reboot
#If you get intel-ucode or amd-ucode missing on boot, hit e then change it. For mine it was set to intel-ucode when I have an AMD CPU and installed only AMD-ucode. So I had to change that line.