-
-
Save buhman/4164842 to your computer and use it in GitHub Desktop.
Arch Linux UEFI Setup
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
# Gist is stupid and doesn't seem to allow manual selection of syntax highlighting; .sh extension is used for increased readability. | |
# This is only a guide to show the required steps for successful UEFI + GRUB2 installation | |
# Many of the choices are examples or assumptions; don't blindly type shit into your machine | |
# until/unless you at least read the comments around each command | |
# | |
# These steps assume you've booted in UEFI mode by preparing your USB stick per these instructions: | |
# https://wiki.archlinux.org/index.php/UEFI#Archiso | |
# | |
# If you're using an actual CD burned from the official Arch ISO, just make sure you've booted it in UEFI mode | |
# before we even begin... | |
modprobe efivars | |
stat /proc/efi/vars > /dev/null || systemctl reboot | |
# Assuming /dev/sda is the target disk | |
gdisk /dev/sda | |
# Make a partition of type EF00 (EFI System Partition) | |
# Minimum size I can get without complaints from mkfs.vfat is 64M--unless you plan on putting your kernel in the efi-system partition, this should be far more than sufficient. | |
# Then make a second partition spanning the remainder of the drive | |
# Create EFI System Partition (EF00) filesystem | |
mkfs.vfat -F32 -n efi /dev/sda1 | |
# this might not possibly work as-is | |
curl https://aur.archlinux.org/packages/fr/frandom/frandom.tar.gz | tar xz && cd frandom && makepkg && pacman -U frandom*.tar.xz && modprobe frandom | |
# frandomize that shiznit | |
dd if=/dev/frandom of=/dev/sda2 bs=1M | |
# I have yet to conclusively determine the optimal bs; 1M works well for rotational media; not sure about SSD's (320k-ish is best for DRAM, might be similar for NAND). | |
# because we can | |
cryptsetup --cipher aes-xts-plain64 --key-size 512 --hash sha512 --iter-time 5000 --use-random --verify-passphrase luksFormat /dev/sda2 | |
dd if=/dev/random of=/tmp/key bs=512 count=4 | |
cryptsetup luksAddKey /dev/sda2 /tmp/key | |
cryptsetup luksOpen /dev/sda2 crypt -d /tmp/key | |
# In this example, I'm using btrfs | |
mkfs.btrfs -KL root /dev/mapper/crypt | |
# Mount the needful -- note the btrfs-specific sexyness | |
mount -o ssd,discard,noatime,compress=lzo /dev/mapper/crypt /mnt | |
# Networking stuff | |
dhcpcd eth0 | |
# if you need more than that, go read the fscking wiki | |
# Install as per usual, but snag grub-efi | |
pacstrap /mnt base base-devel grub-efi-x86_64 cryptsetup vim | |
# make sure cryptsetup is manually selected, and vim because fuck nano | |
mv /tmp/key /mnt/root/luks-key | |
# even though systemd mount units are better, util-linux hasn't been merged yet. | |
genfstab -pU /mnt >> /mnt/etc/fstab | |
# Chroot, and gimme some bash plox | |
arch-chroot /mnt /bin/bash | |
# Bootloader install; | |
mkdir -p /boot/efi && mount /dev/sda1 /boot/efi | |
GRUB_CRYPTODISK_ENABLE=y grub-install --target=x86_64-efi --efi-directory=/boot/efi --bootloader-id=arch_grub --recheck --debug | |
# if "efibootmgr" isn't somewhere near the end of the output, you fscked up somewhere | |
# doesn't hurt to make sure it actually exists either | |
efibootmgr | |
curl https://bugs.archlinux.org/task/31877?getfile=9445 | patch -o /usr/lib/initcpio/hooks/encrypt_keyfile /usr/lib/initcpio/hooks/encrypt | |
# a ln -s would be better, but mkinitcpio seems to think that indicates that the install hook is "deprecated" | |
cp /usr/lib/initcpio/install/encrypt /usr/lib/initcpio/install/encrypt_keyfile | |
# my turn to be lazy | |
vim /etc/mkinitcpio.conf | |
# use the encrypt-keyfile hook at the appropriate place, and make sure your modules array looks ok, and FILES="/root/luks-key" | |
# regenerate initramfs | |
mkinitcpio -p linux | |
# erm you'll want cryptdevice=UUID=blahblah:crypt cryptkey=.:/root/luks-key | |
vim /etc/default/grub | |
# Generate grub.cfg | |
grub-mkconfig -o /boot/grub/grub.cfg | |
curl http://sprunge.us/CgOV > /etc/systemd/system/kexec-load.service | |
systemctl enable kexec-load | |
# Oh, and read https://wiki.archlinux.org/index.php/Systemd#Native_configuration | |
# Exit chroot; or not, because fsck the installation media | |
# systemd-sysvcompat can go to hell | |
systemctl reboot |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment