Skip to content

Instantly share code, notes, and snippets.

What would you like to do?
Install Arch
# This guide is based on
# compare for more details on each step. It's a great guide and seems to get frequent updates.
# This guide has a few changes that helped me to get thew bootloader running
# Start up the Live USB/CD and enable SSH:
# set a password for root to enable ssh login
# *
systemctl start sshd.service
# then login to your machine from another device with ssh
# if you're reinstalling a machine and you have a static ip
# you may want to ignore the hosts file:
ssh -o GlobalKnownHostsFile=/dev/null -o UserKnownHostsFile=/dev/null root@LIVE_USB
# then go on with these instructions via SSH
# create an ENV variable for your drive. For example, mine was: /dev/sda
# You need to edit this line!!!
# clean drive. This deletes everything for good. Be careful
sgdisk --zap-all $DRIVE
# partition with partition labels
sgdisk --clear \
--new=1:0:+550MiB --typecode=1:ef00 --change-name=1:EFI \
--new=2:0:+8GiB --typecode=2:8200 --change-name=2:cryptswap \
--new=3:0:0 --typecode=2:8200 --change-name=3:cryptsystem \
# format the EFI partition with fat-32
mkfs.fat -F32 -n EFI /dev/disk/by-partlabel/EFI
# create the encrypted system partition
cryptsetup luksFormat --align-payload=8192 -s 256 -c aes-xts-plain64 /dev/disk/by-partlabel/cryptsystem
# open the encrypted partition with label system
# If something fails and you need to restart your system this is the line you need to open your partition again later on.
# I'l mark those commands with an asterisk should you need to reboot and start over with eg. the boot option.
# *
cryptsetup open /dev/disk/by-partlabel/cryptsystem system
# open the swap partition with a random key
cryptsetup open --type plain --key-file /dev/urandom /dev/disk/by-partlabel/cryptswap swap
# create the swap partition
mkswap -L swap /dev/mapper/swap
swapon -L swap
# format the system partition with btrfs. Inside we will use subvolumes
mkfs.btrfs --force --label system /dev/mapper/system
# create some useful ENV vars
# *
# mount the newly created partition
mount -t btrfs LABEL=system /mnt
# and create the neccessary subvolumes
btrfs subvolume create /mnt/root
btrfs subvolume create /mnt/home
btrfs subvolume create /mnt/snapshots
# then unmount to mount again with subvolumes
umount -R /mnt
# *
mount -t btrfs -o subvol=root,$o_btrfs LABEL=system /mnt
mount -t btrfs -o subvol=home,$o_btrfs LABEL=system /mnt/home
mount -t btrfs -o subvol=snapshots,$o_btrfs LABEL=system /mnt/.snapshots
# create a boot partition and mount as well
mkdir /mnt/boot
# *
mount LABEL=EFI /mnt/boot;
# then install the base system
pacstrap /mnt base
# You will notice some errors related to fsck.btrfs. We will fix that in a minute
genfstab -L -p /mnt >> /mnt/etc/fstab
# fix fstab so swap partition can be found again
sed -i "s+LABEL=swap+/dev/mapper/swap+" /mnt/etc/fstab
# tell crypttab which partition to mount
echo "swap /dev/disk/by-partlabel/cryptswap /dev/urandom swap,cipher=aes-cbc-essiv:sha256,size=256" >> /mnt/etc/crypttab
# boot into new system to continue with install
# *
systemd-nspawn -bD /mnt
# basic settings
echo "en_US.UTF-8 UTF-8" >> /etc/locale.gen
localectl set-locale LANG=en_US.UTF-8
timedatectl set-ntp 1
timedatectl set-timezone Europe/Berlin
# You need to edit this line
hostnamectl set-hostname A_HOSTNAME
echo "KEYMAP=de-latin1" > /etc/vconsole.conf
# install some more basic stuff otherwise you can't boot into new system
pacman -Syu base-devel btrfs-progs
# you need to change hooks to decrypt your drive
# I also changed MODULES so that I can have early KMS start with my Intel graphics card: MODULES="i915"
sed -i "s+HOOKS=\"base udev autodetect modconf block filesystems keyboard fsck\"+HOOKS=\"base udev autodetect modconf block keyboard keymap encrypt filesystems btrfs\"+" /etc/mkinitcpio.conf
# This line didn't quite work on my second PC. I had to use this here instead in my mkinitio.conf file:
# MODULES=(atkbd)
# HOOKS=(base udev autodetect modconf block keyboard keymap encrypt filesystems btrfs)
# The atkbd module was necessary because I couldn't use the keyboard from systemd 241 on. Some bug maybe?
# then rerun to get a new initramfs image
mkinitcpio -p linux
# * or if you're repairing you can pacman -Syu
# change password
# get back to the LIVE USB/CD to finish up
# I used efibootmgr to boot. You may need GRUB or whatever here I had to use sda3 as device
# usually this line is a point of failure if Arch doesn't boot again
efibootmgr -d /dev/sda -p 1 -c -L "Arch Linux" -l \vmlinuz-linux -u "cryptdevice=/dev/sda3:cryptsystem root=/dev/mapper/cryptsystem rw rootflags=subvol=root initrd=\initramfs-linux.img"
# to list all boot options in case of trouble: efibootmgr
# to remove an entry, e.g. Boot0000 you have to efibootmgr -b 0 -B and then run above line again to make it the new first boot entry.
# this method didn't work on my DELL optiplex 7050. Apparently its UEFI doesn't support boot options so I can't decrypt.
# Instead I used refind:
pacman -S refind-efi
# Then edit the /boot/refind_linux.conf file:
"Boot with standard options" "cryptdevice=/dev/sda3:cryptsystem root=/dev/mapper/cryptsystem rw rootflags=subvol=root initrd=/initramfs-linux.img"
# Make sure you're using your partition here. Mine was sda3
# then reboot and see if it works. Good luck
# if it doesn't work boot from your pen drive again and run the commands with the asterisk again to get into your newly installed system.
# note that your system is not the same as the one on your pendrive. You will have to reinstall everything that you need.
Copy link

burningTyger commented Jul 21, 2018

So I messed up my mkinitcpio.conf file wit a pacnew merge and was left with an unbootable device. Anyway, here's how to fix that:

Download and dd an arch iso on a pen drive and start it up.

open the encrypted device with above command, mount it with the next command and also the mount the boot dir but not into /mnt/boot but /boot
arch-chroot /mnt/root the whole thing and
then edit the mkinitcpio.conf file to fix it, and run mkinitcpio -p linux to create the initramfs again.

Copy link

burningTyger commented Aug 9, 2020

Recently, probably with some kernel 5.x version booting failed and it seems that the initrd boot option requires backslashes. I have corrected that for efibootbgr but not for refind since I don't use it anymore.

Copy link

hmt commented Mar 15, 2022

For some reason my PC sometimes "forgets" the boot option it is supposed to boot and starts the EFI shell. After trying to repair the boot image it turned out I had to just set the right boot option again. So before you manually enter all these commands just look at efibootmgr first and reset that.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment