Skip to content

Instantly share code, notes, and snippets.

Embed
What would you like to do?
Arch Linux installation procedure for LVM on LUKS: UEFI EFISTUB boot with gumiboot on a Samsung Series 9 laptop.
# Notes for installing on Samsung Series 9
# UEFI boot: LVM on LUKS
#
# See the full blog post:
# http://jasonwryan.com/blog/2013/01/25/uefi/
# check you are booted in uefi
modprobe efivars
ls /sys/firmware/efi/vars
# zero the drive
dd if=/dev/urandom of=/dev/sda
# Create partition table: GPT
install gptfdisk
sgdisk -Z /dev/sda
sgdisk -a 2048 -o /dev/sda
sgdisk -n 1:0:+200M /dev/sda
sgdisk -n 2:0:0 /dev/sda
sgdisk -t 1:ef00 /dev/sda
sgdisk -t 2:8300 /dev/sda
sgdisk -c 1:bootefi /dev/sda
sgdisk -c 2:root /dev/sda
# encrypt sda2
modprobe dm-crypt
cryptsetup --cipher aes-xts-plain64 --key-size 512 --hash sha512\
--iter-time 5000 --use-random --verify-passphrase luksFormat /dev/sda2
cryptsetup luksOpen /dev/sda2 cryptdisk
# setup logical volumes
pvcreate /dev/mapper/cryptdisk
pvdisplay
vgcreate vgroup /dev/mapper/cryptdisk
vgdisplay
lvcreate --size 30G --name lvroot vgroup
lvcreate --extents +100%FREE --name lvhome vgroup
lvdisplay
# create filesystem
mkfs.vfat -F32 /dev/sda1
mkfs.ext4 /dev/mapper/vgroup-lvroot
mkfs.ext4 /dev/mapper/vgroup-lvhome
# Mount the partitions
mnt /dev/mapper/vgroup-lvroot /mnt
mkdir -p /mnt/boot/efi
mount -t vfat /dev/sda1 /mnt/boot/efi
mkdir /mnt/home
mount /dev/mapper/vgroup-lvhome /mnt/home
### install base system ###
select a mirror
pacstrap -i /mnt base base-devel
genfstab -U -p /mnt >> /mnt/etc/fstab
vi /mnt/etc/fstab
# chroot time…
arch-chroot /mnt
# other modifications
# vi /etc/mkinitcpio.conf
# hooks
…encrypt lvm2 filesystems… shutdown…
# modules
vfat ext4 dm_mod dm_crypt aes_x86_64 i915
# add options to /etc/lvm/lvm.conf
issue_discards 1
# blacklist samsung module to prevent kernel panics
# bug: https://bugzilla.kernel.org/show_bug.cgi?id=47121
# /etc/modprobe.d/samsung_module.conf
blacklist samsung_laptop
### bootloader ###
pacman -S gummiboot-efi
mkdir -p /boot/efi/EFI/gummiboot
cp /usr/lib/gummiboot/gummibootx64.efi /boot/efi/EFI/gummiboot/gummiboot.efi
efibootmgr -c -d /dev/sda -p 1 -w -L "Gummiboot" -l '\EFI\gummiboot\gummiboot.efi'
# copy files across
mkdir /boot/efi/arch
cp /boot/vmlinuz-linux /boot/efi/EFI/arch/vmlinuz-linux.efi
cp /boot/initramfs-linux.img /boot/efi/EFI/arch/initramfs-linux.img
cp /boot/initramfs-linux-fallback.img /boot/efi/EFI/arch/initramfs-linux-fallback.img
# create conf
# /boot/efi/loader/loader.conf
default arch
timeout 5
# create /boot/efi/loader/entries/arch.conf
title Arch Linux
efi \EFI\arch\vmlinuz-linux.efi
options initrd=\EFI\arch\initramfs-linux.img cryptdevice=/dev/sda2:vgroup root=/dev/mapper/vgroup-lvroot ro
# after successfully rebooting, create service files to update gummiboot path
https://wiki.archlinux.org/index.php/Gummiboot#Automatic_copy_on_update
@yuvadm

This comment has been minimized.

Copy link

@yuvadm yuvadm commented Jul 28, 2013

Line 53 should be mount instead of mnt. Should be obvious, but... you know :)

Also line 92 should be mkdir /boot/efi/EFI/arch

And one more pitfall, after line 74, make sure to actually run mkinitcpio to generate new images.

@sjoqvist

This comment has been minimized.

Copy link

@sjoqvist sjoqvist commented Jul 2, 2014

As @jasonwryan informed me in the Arch Linux Forums, Gummiboot now allows /boot to be used as the mountpoint. It's simpler and safer, since the kernel doesn't need to be moved.

@Ge0

This comment has been minimized.

Copy link

@Ge0 Ge0 commented Jul 17, 2014

In case you get the following error:

efibootmgr: command not found

A pacman -S efibootmgr should fix the issue.

@Ge0

This comment has been minimized.

Copy link

@Ge0 Ge0 commented Jul 17, 2014

Also mkdir /boot/efi/arch becomes mkdir /boot/efi/EFI/arch

@2bdkid

This comment has been minimized.

Copy link

@2bdkid 2bdkid commented Oct 4, 2014

Thanks for the guide! Exactly what I was looking for. Is there anything else needed for swap and hibernation/suspend to disk? I think the Arch wiki mentioned something about it in the page for dm-crypt.

@chmduquesne

This comment has been minimized.

Copy link

@chmduquesne chmduquesne commented Apr 12, 2015

For some reason, mkinitcpio was failing for me because the build directory of the modules was messed up. To fix it, I just reinstalled the kernel with pacman, it has the same effect and fixed everything.

@CjStaal

This comment has been minimized.

Copy link

@CjStaal CjStaal commented Jun 1, 2015

I'm getting a "File system /boot is not a FAT EFI System partition" I know for a fact that I made it i mkfs.vfat -F32 /dev/sda1 and I just quit chroot, unmounted /mnt/boot/efi redid the format, remounted, went back in to chroot, and its still crying.

@CjStaal

This comment has been minimized.

Copy link

@CjStaal CjStaal commented Jun 1, 2015

I fixed that, the gummiboot needs to be installed as gummiboot --path=/boot/efi/ install
but now I'm getting "cannot create regular file "......." :no such file or directory for these commands

mkdir /boot/efi/arch
cp /boot/vmlinuz-linux /boot/efi/EFI/arch/vmlinuz-linux.efi
cp /boot/initramfs-linux.img /boot/efi/EFI/arch/initramfs-linux.img
cp /boot/initramfs-linux-fallback.img /boot/efi/EFI/arch/initramfs-linux-fallback.img

@CjStaal

This comment has been minimized.

Copy link

@CjStaal CjStaal commented Jun 1, 2015

Got those also, your mkdir was wrong.

@CjStaal

This comment has been minimized.

Copy link

@CjStaal CjStaal commented Jun 1, 2015

What do you mean with the periods in
…encrypt lvm2 filesystems… shutdown…

Also, if I'm also using a /usr partition, where should I put usr in the hooks?

@gpdd

This comment has been minimized.

Copy link

@gpdd gpdd commented Aug 26, 2015

Proper change of alignment:
sgdisk -a 2048 -n 1:0:+200M /dev/sda
2048 is default, though.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment