Skip to content

Instantly share code, notes, and snippets.

Forked from mattiaslundberg/arch-linux-install
Last active April 2, 2021 23:43
Show Gist options
  • Save dust321/035a568e47e7e575aaa5529e2a5973bd to your computer and use it in GitHub Desktop.
Save dust321/035a568e47e7e575aaa5529e2a5973bd to your computer and use it in GitHub Desktop.
Minimal instructions for installing Arch Linux on an DOS/BIOS system with full system encryption using dm-crypt and luks
# Install ARCH Linux with encrypted file-system, for BIOS. Dustin dut n ex 5 a t g ma il
# The official installation guide ( contains a more verbose description.
# Download the archiso image from
# Copy to a usb-drive
dd if=archlinux.img of=/dev/sdX # on linux
# Boot from the usb. If the usb fails to boot, make sure that secure boot is disabled in the BIOS configuration.
# This assumes a wifi only system...
#Use FDISK or you can use cfdisk but select dos.
make 2 partitions in fdisk, a small boot around 500mb and use the rest as a single linux partition.
#Format your boot drive with ext2, you can use ext4 its not a big deal, ext2 should be faster.
mkfs.ext2 /dev/sdX1
# Setup the encryption of the system
#cryptsetup -c aes-xts-plain64 -y --use-random luksFormat /dev/sdX2
cryptsetup --verbose --cipher aes-xts-plain64 --key-size 512 --hash sha512 --iter-time 5000 --use-random luksFormat /dev/sda2
cryptsetup luksOpen /dev/sdX2 luks
# Create encrypted partitions
# This creates one partions for root, modify if /home or other partitions should be on separate partitions
pvcreate /dev/mapper/luks
vgcreate vg0 /dev/mapper/luks
lvcreate --size 5G vg0 --name swap #Change this depending on your ram
lvcreate -l +100%FREE vg0 --name root
# Create filesystems on encrypted partitions
mkfs.ext4 /dev/mapper/vg0-root
mkswap /dev/mapper/vg0-swap
# Mount the new system
mount /dev/mapper/vg0-root /mnt # /mnt is the installed system
swapon /dev/mapper/vg0-swap # Not needed but a good thing to test
mkdir /mnt/boot
mount /dev/sdX1 /mnt/boot
# Install the system also includes stuff needed for starting wifi when first booting into the newly installed system
# Unless vim and zsh are desired these can be removed from the command
pacstrap /mnt base base-devel
# 'install' fstab
genfstab -pU /mnt >> /mnt/etc/fstab
# Make /tmp a ramdisk (add the following line to /mnt/etc/fstab)
tmpfs /tmp tmpfs defaults,noatime,mode=1777 0 0
# Change relatime on all non-boot partitions to noatime (reduces wear if using an SSD)
# Enter the new system
arch-chroot /mnt /bin/bash
# Setup system clock
ln -s /usr/share/zoneinfo/America/New_York /etc/localtime
hwclock --systohc --utc
# Set the hostname
echo MYHOSTNAME > /etc/hostname
# Update locale
edit the /etc/locale.conf
# Set password for root
# Add real user remove -s flag if you don't whish to use zsh
useradd -m -g users -G wheel,storage,power -s /bin/bash MYUSERNAME
# Configure mkinitcpio with modules needed for the initrd image
vim/nano /etc/mkinitcpio.conf
# Add 'ext4' to MODULES
# Add 'encrypt' and 'lvm2' to HOOKS before filesystems
# Regenerate initrd image
mkinitcpio -p linux
# Setup grub
pacman -S grub
grub-install --target=i386-pc --recheck /dev/sdX
In /etc/default/grub edit the line GRUB_CMDLINE_LINUX to GRUB_CMDLINE_LINUX="cryptdevice=/dev/sdX2:luks:allow-discards" then run:
grub-mkconfig -o /boot/grub/grub.cfg
#Enable dhcp for a wired connection
systemcl enable dhcpcd@NameOfWiredDevice
#Add user to sudo
EDITOR=nano visudo
# Exit new system and go into the cd shell
# Reboot into the new system, don't forget to remove the cd/usb
Copy link

dust321 commented Apr 17, 2016

Just a note I turned off compression in etc/mkinitcpio read the comments in the file on how to do it and it is way faster on my ssd...

Copy link

tirk182 commented Aug 30, 2016

line 87 should read systemctl enable dhcpcd@NameOfWiredDevice
Small typo I think.

Copy link

dust321 commented Sep 28, 2016

Thanks Tirk

Copy link

pascalpoitras commented Nov 15, 2016

thanks a lot for this!

but I think you miss to add GRUB_ENABLE_CRYPTODISK=y to /etc/default/grub

Copy link

no it is my mistake sorry

Copy link

Thanks heaps dust321. This was very helpful. I was bogged down bad, but this guide got me out.
PS : This works in Oct 2020, albeit with a few mods.
1/ While running pacstrap, you will need to install linux, linux-firmware and mkinitcpio.
2/ Edit the locale.gen file, and un-comment locales of interest to you, run locale-gen.
3/ I had to run pacman -S lvm2, as mkinitcpio was reporting that it couldnt find lvm2 when building the hook.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment