Skip to content

Instantly share code, notes, and snippets.

What would you like to do?
Arch Linux installation procedure for LVM on LUKS: UEFI EFISTUB boot with gumiboot on a Samsung Series 9 laptop.
# Notes for installing on Samsung Series 9
# UEFI boot: LVM on LUKS
# See the full blog post:
# check you are booted in uefi
modprobe efivars
ls /sys/firmware/efi/vars
# zero the drive
dd if=/dev/urandom of=/dev/sda
# Create partition table: GPT
install gptfdisk
sgdisk -Z /dev/sda
sgdisk -a 2048 -o /dev/sda
sgdisk -n 1:0:+200M /dev/sda
sgdisk -n 2:0:0 /dev/sda
sgdisk -t 1:ef00 /dev/sda
sgdisk -t 2:8300 /dev/sda
sgdisk -c 1:bootefi /dev/sda
sgdisk -c 2:root /dev/sda
# encrypt sda2
modprobe dm-crypt
cryptsetup --cipher aes-xts-plain64 --key-size 512 --hash sha512\
--iter-time 5000 --use-random --verify-passphrase luksFormat /dev/sda2
cryptsetup luksOpen /dev/sda2 cryptdisk
# setup logical volumes
pvcreate /dev/mapper/cryptdisk
vgcreate vgroup /dev/mapper/cryptdisk
lvcreate --size 30G --name lvroot vgroup
lvcreate --extents +100%FREE --name lvhome vgroup
# create filesystem
mkfs.vfat -F32 /dev/sda1
mkfs.ext4 /dev/mapper/vgroup-lvroot
mkfs.ext4 /dev/mapper/vgroup-lvhome
# Mount the partitions
mnt /dev/mapper/vgroup-lvroot /mnt
mkdir -p /mnt/boot/efi
mount -t vfat /dev/sda1 /mnt/boot/efi
mkdir /mnt/home
mount /dev/mapper/vgroup-lvhome /mnt/home
### install base system ###
select a mirror
pacstrap -i /mnt base base-devel
genfstab -U -p /mnt >> /mnt/etc/fstab
vi /mnt/etc/fstab
# chroot time…
arch-chroot /mnt
# other modifications
# vi /etc/mkinitcpio.conf
# hooks
…encrypt lvm2 filesystems… shutdown…
# modules
vfat ext4 dm_mod dm_crypt aes_x86_64 i915
# add options to /etc/lvm/lvm.conf
issue_discards 1
# blacklist samsung module to prevent kernel panics
# bug:
# /etc/modprobe.d/samsung_module.conf
blacklist samsung_laptop
### bootloader ###
pacman -S gummiboot-efi
mkdir -p /boot/efi/EFI/gummiboot
cp /usr/lib/gummiboot/gummibootx64.efi /boot/efi/EFI/gummiboot/gummiboot.efi
efibootmgr -c -d /dev/sda -p 1 -w -L "Gummiboot" -l '\EFI\gummiboot\gummiboot.efi'
# copy files across
mkdir /boot/efi/arch
cp /boot/vmlinuz-linux /boot/efi/EFI/arch/vmlinuz-linux.efi
cp /boot/initramfs-linux.img /boot/efi/EFI/arch/initramfs-linux.img
cp /boot/initramfs-linux-fallback.img /boot/efi/EFI/arch/initramfs-linux-fallback.img
# create conf
# /boot/efi/loader/loader.conf
default arch
timeout 5
# create /boot/efi/loader/entries/arch.conf
title Arch Linux
efi \EFI\arch\vmlinuz-linux.efi
options initrd=\EFI\arch\initramfs-linux.img cryptdevice=/dev/sda2:vgroup root=/dev/mapper/vgroup-lvroot ro
# after successfully rebooting, create service files to update gummiboot path
Copy link

yuvadm commented Jul 28, 2013

Line 53 should be mount instead of mnt. Should be obvious, but... you know :)

Also line 92 should be mkdir /boot/efi/EFI/arch

And one more pitfall, after line 74, make sure to actually run mkinitcpio to generate new images.

Copy link

sjoqvist commented Jul 2, 2014

As @jasonwryan informed me in the Arch Linux Forums, Gummiboot now allows /boot to be used as the mountpoint. It's simpler and safer, since the kernel doesn't need to be moved.

Copy link

Ge0 commented Jul 17, 2014

In case you get the following error:

efibootmgr: command not found

A pacman -S efibootmgr should fix the issue.

Copy link

Ge0 commented Jul 17, 2014

Also mkdir /boot/efi/arch becomes mkdir /boot/efi/EFI/arch

Copy link

2bdkid commented Oct 4, 2014

Thanks for the guide! Exactly what I was looking for. Is there anything else needed for swap and hibernation/suspend to disk? I think the Arch wiki mentioned something about it in the page for dm-crypt.

Copy link

chmduquesne commented Apr 12, 2015

For some reason, mkinitcpio was failing for me because the build directory of the modules was messed up. To fix it, I just reinstalled the kernel with pacman, it has the same effect and fixed everything.

Copy link

CjStaal commented Jun 1, 2015

I'm getting a "File system /boot is not a FAT EFI System partition" I know for a fact that I made it i mkfs.vfat -F32 /dev/sda1 and I just quit chroot, unmounted /mnt/boot/efi redid the format, remounted, went back in to chroot, and its still crying.

Copy link

CjStaal commented Jun 1, 2015

I fixed that, the gummiboot needs to be installed as gummiboot --path=/boot/efi/ install
but now I'm getting "cannot create regular file "......." :no such file or directory for these commands

mkdir /boot/efi/arch
cp /boot/vmlinuz-linux /boot/efi/EFI/arch/vmlinuz-linux.efi
cp /boot/initramfs-linux.img /boot/efi/EFI/arch/initramfs-linux.img
cp /boot/initramfs-linux-fallback.img /boot/efi/EFI/arch/initramfs-linux-fallback.img

Copy link

CjStaal commented Jun 1, 2015

Got those also, your mkdir was wrong.

Copy link

CjStaal commented Jun 1, 2015

What do you mean with the periods in
…encrypt lvm2 filesystems… shutdown…

Also, if I'm also using a /usr partition, where should I put usr in the hooks?

Copy link

gpdd commented Aug 26, 2015

Proper change of alignment:
sgdisk -a 2048 -n 1:0:+200M /dev/sda
2048 is default, though.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment