This installation provides the following settings:
- disk-setup
- unsecure boot-partion
- LVM on LUKS (ArchWiki)
- encrypted root-partition
- encrypted home-partition
- initial system setup
- mkinitcpio hooks
- gummiboot/systemd-boot (EFI has to be enabled)
- basic setup
- TRIM
- Powermanagement (ArchWiki)
The following actions are applied during the installation from the Arch Linux ISO. To get wifi running easily,
wifi-menu
should do the trick. Don't forget to load your keymap (loadkeys uk
). The following also assumes,
the disk/drive in question is /dev/sda
. Change your commands accordingly!
- Clear and check disk with
badblocks
. THIS ERASES THE DISK! Make sure, you select the right one.
live# badblocks -c 1024 -s -w -v -t random /dev/sda
- Create partitions on disk.
live# cgdisk /dev/sda
Make sure to select gpt
for the table-format.
partition | size | fs type | notes |
---|---|---|---|
1 | 100 MB | vfat/EFI SYSTEM | /boot |
2 | ~335.3GB | - | will be encrypted |
Apply the filesystem for /boot
live# mkfs.vfat -F32 /dev/sda1
- Setup the second partition to be encrypted and contain two virtual partitions.
# formatting partition
live# cryptsetup -c aes-xts-plain64 -y --use-random luksFormat /dev/sda2
# open luks-container and map it to 'luks'
live# crytpsetup luksOpen /dev/sda2 luks
Now setting up the relevant virtual group/partitions
# initialize luks-partition
live# pvcreate /dev/mapper/luks
# create virtual-group 'vgcrypt'
live# vgcreate vgcrypt /dev/mapper/luks
# creating root partition (150GB)
live# lvcreate --size 150G vgcrypt --name root
# creating home partition (rest ~185GB)
live# lvcreate -l +100%FREE vgcrypt --name home
Apply filesystems
live# mkfs.ext4 /dev/mapper/vgcrypt-root
live# mkfs.ext4 /dev/mapper/vgcrypt-home
- Mount those partitions for further installation.
live# mount /dev/mapper/vgcrypt-root /mnt
live# mkdir /mnt/boot
live# mkdir /mnt/home
live# mount /dev/sda1 /mnt/boot
live# mount /dev/mapper/vgcrypt-home /mnt/home
- Default installation via
pacstrap
.
# wpa_supplicant is recommended to get wifi working...
live# pacstrap /mnt base base-devel wpa_supplicant # sudo vim-python3 bash-completion
- Generate fstab. Check the result afterwards, as it might be incorrect.
live# genfstab -pU /mnt > /mnt/etc/fstab
live# cat /mnt/etc/fstab
#
# /etc/fstab: static file system information
#
# <file system> <dir> <type> <options> <dump> <pass>
/dev/vgcrypt/root / ext4 rw,discard,relatime,data=ordered 0 1
/dev/sda1 /boot vfat rw,discard,relatime,fmask=0022,dmask=0022 0 0
/dev/vgcrypt/home /home ext4 rw,discard,relatime,data=ordered 0 2
- Chroot into the new system to adjust more stuff.
live# arch-chroot /mnt /bin/bash
- Set the clock
```Shell
# user your timezone :P
chroot# ln -s /usr/share/zoneinfo/Europe/London /etc/localtime
chroot# hwclock --systohc --utc
```
- Set your hostname
```Shell
chroot# echo T450s > /etc/hostname
```
- Don't forget your locales (especially git seems to need them):
```Shell
chroot# echo 'en_GB.UTF-8 UTF-8' > /etc/locale.gen
chroot# locale-gen
```
Some more, regarding this
```Shell
chroot# echo 'LANG=en_GB.UTF-8' > /etc/locale.conf
# this might prevent some issues during installation
chroot# export LANG=en_GB.UTF-8
chroot# echo 'KEYMAP=uk' > /etc/vconsole.conf
```
- Password!
```Shell
chroot# passwd
```
Optionally add a user now
```Shell
chroot# useradd -m -g users -G wheel -s /bin/bash USER
chroot# passwd USER
```
Adjust `/etc/sudoers` aswell
```Shell
chroot# sed -i "s/# \(%wheel ALL=(ALL)\)/\1/" /etc/sudoers
```
- Configure mktinitcpio to include the hooks
keymap encrypt lvm2
beforefilesystems
.
```Shell
chroot# grep ^HOOKS /etc/mkinitcpio.conf
HOOKS="base udev autodetect modconf block keymap encrypt lvm2 filesystems keyboard fsck shutdown"
```
```Shell
chroot# mkinitcpio -p linux
```
- Setup the bootmanager (
systemd-boot
).
```Shell
chroot# bootctl install
```
Add the boot entry and set it as default
```Shell
# boot entry for the system (incl. backlight fix)
chroot# cat /boot/loader/entries/arch.conf
title Arch Linux
linux /vmlinuz-linux
initrd /initramfs-linux.img
options cryptdevice=/dev/sda2:vgcrypt:allow-discards root=/dev/vgcrypt/root rw acpi_backlight=vendor
# setting that boot entry as default (and one-and-only)
chroot# cat /boot/loader/loader.conf
#timeout 3
default arch
```
To see, if it installed correctly, compare to the following
```Shell
chroot# bootctl status
# /dev/sda1 might be substituted by something of /dev/disk/by-partuuid/...
System:
Firmware: UEFI 2.31 (Lenovo 0.4368)
Secure Boot: disabled
Setup Mode: user
Loader:
Product: systemd-boot 221
Partition: /dev/sda1
File: └─/EFI/systemd/systemd-bootx64.efi
Boot Loader Binaries:
ESP: /dev/sda1
File: └─/EFI/systemd/systemd-bootx64.efi (systemd-boot 221)
File: └─/EFI/Boot/BOOTX64.EFI (systemd-boot 221)
Boot Loader Entries in EFI Variables:
Title: Linux Boot Manager
ID: 0x0013
Status: active, boot-order
Partition: /dev/sda1
File: └─/EFI/systemd/systemd-bootx64.efi
```
- Leave the chroot-environment.
```Shell
chroot# exit # alternatively Ctrl+D
```
Leave the Live-CD/USB by unmounting everything and afterwards restarting the machine. If everything is done correctly, the oncoming steps should work without problemsTM.
live# umount -R /mnt
live# reboot
This part is partly subjective. So if you do not use those programs, install your equivalent or just ignore it.
**TODO continue **
TODO
- packages:
- wpa_actiond
- ifplugd
- how to force monospace in rendered md for
<pre>
?!
Category | Value |
---|---|
Model | Lenovo T450s 20BWS03F00 |
BIOS | Lenovo JBET46WW (1.11) |
CPU | Intel i7-5600U (3200 MHz) |
Graphics | Intel Broadwell-U Integrated Graphics |
Network | Intel Ethernet Connection (3) I218-LM |
Intel Wireless 7265 | |
Drive | INTEL_SSDSC2BF36 (360GB) |
Memory | 11895 MB (4GB + 8GB) |