Skip to content

Instantly share code, notes, and snippets.

@michaelmcandrew

michaelmcandrew/README.md

Last active May 2, 2017 09:08
Show Gist options
  • Star 0 You must be signed in to star a gist
  • Fork 0 You must be signed in to fork a gist
  • Save michaelmcandrew/06e875873399675d7584087c4cbbf99a to your computer and use it in GitHub Desktop.
Save michaelmcandrew/06e875873399675d7584087c4cbbf99a to your computer and use it in GitHub Desktop.
Download ZIP
Michael's encrypted UEFI Arch Linux on UK Lenovo X220 install script
Raw
README.md

This gist serves as an installation guide for Arch Linux on Michael's UK X220 with the following characteristics

  • GPT partition table
  • UEFI booting

Usage

Creating the installation media

Download the latest archlinux ISO and create a bootable USB stick

dd if=archlinux.img of=/dev/sdX bs=16M && sync

See https://www.archlinux.org/download/ and https://wiki.archlinux.org/index.php/USB_flash_installation_media

Boot from the USB stick in UEFI mode.

Pre-installation

A few steps to carry out before running the installation script...

Connect to the internet

An ethernet cable connection should be detected automatically. If not ethernet connection is available, you can connect to a wifi network with wifi-menu.

Partition the hard-drive

We create three partitions as follows:

Purpose Size Hex code
ESP 512MB EF00
boot partition (unencrypted) 512MB 8300
Encrypted drive The rest 8300

For more information on ESP, see https://wiki.archlinux.org/index.php/EFI_System_Partition

For more information on the boot partition, see https://wiki.archlinux.org/index.php/Dm-crypt/Encrypting_an_entire_system#Simple_partition_layout_with_LUKS.

We can use gdisk to create a GPT partition table. Launch gdisk with the appropriate device filename, e.g. gdisk /dev/sda.

The following gdisk commands are useful:

  • p print the partition table
  • 'o' create a new partition table
  • n create a new partition (use + when specifying the last sector)
  • w write table to disk and exit
  • q quit without saving changes

Run the install script

First download the install script with something like

wget https://git.io/v9WkH -O install.sh

or

wget https://gist.githubusercontent.com/michaelmcandrew/06e875873399675d7584087c4cbbf99a/raw/install.sh

Once it has downloaded successfully, run it with bash install.sh.

Credits

Based on, inspired by, and written with the help of:

Raw
install.sh
# See README.md for more info
# From https://wiki.archlinux.org/index.php/installation_guide
loadkeys uk
timedatectl set-ntp true
# Format the EFI system partition
mkfs.fat -F32 /dev/sda1
# Format the boot partition
mkfs.ext4 /dev/sda2
# Format the encrypted partition
cryptsetup -y -v luksFormat /dev/sda3
cryptsetup open /dev/sda3 cryptroot
mkfs.ext4 /dev/mapper/cryptroot
# Mount the partitions
mount /dev/mapper/cryptroot /mnt
mkdir /mnt/boot
mount /dev/sda2 /mnt/boot
mkdir /mnt/boot/efi
mount /dev/sda1 /mnt/boot/efi
# Create fstab
genfstab -U /mnt >> /mnt/etc/fstab
pacstrap /mnt base
arch-chroot /mnt
ln -sf /usr/share/zoneinfo/Region/City /etc/localtime
hwclock --systohc
echo "LANG=en_GB.UTF-8" > /etc/locale.conf
echo "KEYMAP=uk" > /etc/vconsole.conf
echo "thinkpad" > /etc/hostname
echo "127.0.1.1 thinkpad.localdomain thinkpad" >> /etc/hosts
bootctl --path=/boot/efi install
pacman -S iw wpa_supplicant dialog
echo "-> Add the keyboard, keymap and encrypt hooks to mkinitcpio.conf and then rerun 'mkinitcpio -p linux' See https://wiki.archlinux.org/index.php/Dm-crypt/Encrypting_an_entire_system#Configuring_mkinitcpio"
echo "-> Uncomment en_US.UTF-8 UTF-8 and en_GB.UTF-8 UTF-8 in /etc/locale.gen, and generate them with 'locale-gen'"
cryptdevice=UUID=<device-UUID>:cryptroot root=/dev/mapper/cryptroot
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment