Skip to content

Instantly share code, notes, and snippets.

@jcstr

jcstr/arch-uefi-lvm-luks.md

Last active September 10, 2021 22:48
Show Gist options
  • Save jcstr/cbdf86ae606bf1c8a20ecd22237dccb9 to your computer and use it in GitHub Desktop.
Save jcstr/cbdf86ae606bf1c8a20ecd22237dccb9 to your computer and use it in GitHub Desktop.
Download ZIP
Install an Encrypted Arch Linux
Raw
arch-uefi-lvm-luks.md

Install an Encrypted Arch Linux (LVM-LUKS) 🔒

As always and for everything, read the wiki.

Boot the live environment

Load keyboard layout (latin-america)

# loadkeys la-latin1

Connect to the internet

# iwctl

Verify the boot mode

Assuming the case for UEFI mode.

# ls /sys/firmware/efi/efivars

Check disk properties

# fdisk -l

Prepare the boot partition

# gdisk /dev/sda
o
y
n
enter
+512MIB
ef00

n
enter
8e00
w
y

Format boot partition

# mkfs.fat -F32 /dev/sda1

LVM-LUKS

Encryption configuration (cryptsetup)

# cryptsetup luksFormat /dev/sda2

Open the encrypted partition and create group and volumes (root, hoome, swap)

Unlock the partition

# cryptsetup open --type luks /dev/sda2 lvm

Create respective groups

# pvcreate /dev/mapper/lvm

# vgcreate volume /dev/mapper/lvm

# lvcreate -L2G volume -n swap

# lvcreate -L50G volume -n root

# lvcreate -l 100%FREE volume -n home

Formating partitions

root

# mkfs.ext4 /dev/mapper/volume-root

home

# mkfs.ext4 /dev/mapper/volume-home

swap

# mkswap /dev/mapper/volume-swap

Create boot and home directories under /mnt

# mkdir /mnt/home
# mkdir /mnt/boot

Mount partitions

# mount /dev/mapper/volume-root /mnt
# mount /dev/sda1 /mnt/boot
# mount /dev/mapper/volume-home /mnt/home

Activate swap

# swapon /dev/mapper/volume-swap

Core installation

# pacstrap /mnt base base-devel linux linux-firmware vim networkmanager mkinitcpio lvm2 cryptsetup

Generate fstab

# genfstab -U /mnt >> /mnt/etc/fstab

Change root into the new system

# arch-chroot /mnt

Local Time settings

# ln -s /usr/share/zoneinfo/America/Mexico_city /etc/localtime
# hwclock --systohc --utc

Localization

# vim /etc/locale.gen

es_MX.UTF-8 UTF-8

Generate Locale

# locale-gen

Save to config file

# locale > /etc/locale.conf

Network configuration

Hostname

# vim /etc/hostname

Add entries to hosts

# vim /etc/hosts
127.0.0.1	  localhost
::1		      localhost
127.0.1.1	  myhostname.localdomain	  myhostname

Read carefuly the HOOKS named and its order, specially for this encrypted system

# vim /etc/mkinitcpio.conf 

HOOKS=(base udev autodetect modconf block keyboard encrypt lvm2 filesystems fsck)

Recreate initramfs

# mkinitcpio -P

Establish root password

# passwd

Install bootloader

bootctl --path=/boot install

Configure boot loaders

# vim /boot/loader/loader.conf

default arch 
timeout 3 
editor 0

# vim /boot/loader/entries/arch.conf

title Arch Linux
linux /vmlinuz-linux
initrd /initramfs-linux.img
options cryptdevice=UUID=86a872ee-b133-4e13-8283-d99024361d79:volume root=/dev/mapper/volume-root quiet rw

Obtain the cryptdevice UUID under vim with:

:read ! blkid /dev/sda2

Logout from arch-chroot, umount partitions and reboot

Ctrl+D

# umount -R /mnt 
# reboot

Customization

login as root and add a new user

# useradd -m -G wheel your_username 
# passwd youruser_name

Install sudo

# sudo pacman -S sudo

Activate sudo for users

# vim /etc/sudoers
%wheel ALL=(ALL) ALL

Configure pacman at /etc/pacman.conf

# vim /etc/pacman.conf

ILoveCandy

Update system and reboot

# sudo pacman -Syu && reboot

Login as a regular user

$ sudo pacman-key init

Congrats! Now go to General Recommendations to set up Arch Linux according to your needs.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment