Skip to content

Instantly share code, notes, and snippets.

Show Gist options
  • Save thecatwasnot/ad9fc24ce1e5e44018ed8389b1f29016 to your computer and use it in GitHub Desktop.
Save thecatwasnot/ad9fc24ce1e5e44018ed8389b1f29016 to your computer and use it in GitHub Desktop.
LVM on LUKS Arch installation with systemd-boot

Arch Linux Installation

LVM on LUKS Arch installation with systemd-boot

USB

Download Arch Linux

Find out the name of your USB drive with lsblk. Make sure that it is not mounted.

To mount the Arch ISO run the following command, replacing /dev/sdx with your drive, e.g. /dev/sdb. (do not append a partition number, so do not use something like /dev/sdb1):

dd bs=4M if=/path/to/archlinux.iso of=/dev/sdx status=progress && sync

Preparation

Boot from USB disk

Change default font:

setfont sun12x22

Check if running in UEFI mode:

ls /sys/firmware/efi

If there is any content in this folder then you are in UEFI mode.

Check that there is a connection:

ping archlinux.org

Update the system clock:

timedatectl set-ntp true

Lastly to enable mirrors, edit /etc/pacman.d/mirrorlist and locate your geographic region. Uncomment mirrors you would like to use.

Partitioning

Get the name of the disk to format/partition:

lsblk

The name should be something like /dev/sda

First shred the disk using the shred tool:

shred -v -n1 /dev/sdX

Now partition the disk using gdisk:

gdisk /dev/sda

Partition 1 should be an EFI boot partition (code: ef00) of 512MB. Partition 2 should be a Linux LVM partition (8e00). The 2nd partition can take up the full disk or only a part of it. Remember to write the partition table changes to the disk on configuration completion.

Once partitioned you can format the boot partition (the LVM partition needs to be encrypted before it gets formatted)

mkfs.fat -F32 /dev/sda1

Encryption

First modprobe for dm-crypt

modprobe dm-crypt

Now, encrypt the disk:

cryptsetup luksFormat /dev/sda2

Open the disk with the password set above:

cryptsetup open --type luks /dev/sda2 archlv

Check the lvm disk exists:

ls /dev/mapper/archlv

Create a physical volume:

pvcreate /dev/mapper/archlv

Create a volume group:

vgcreate archvg /dev/mapper/archlv

Create logical partitions:

lvcreate -L16G archvg -n swap
lvcreate -L30G archvg -n root
lvcreate -l 100%FREE archvg -n home

Format file system on logical partitions:

mkfs.ext4 /dev/mapper/archvg-root
mkfs.ext4 /dev/mapper/archvg-home
mkswap /dev/mapper/archvg-swap

Mount the volumes and file systems:

mount /dev/mapper/archvg-root /mnt
mkdir /mnt/home
mount /mnt/boot
mount /dev/mapper/archvg-home /mnt/home
mount /dev/sda1 /mnt/boot
swapon /dev/mapper/archvg-swap

Installation

Create mirrorlist:

pacman -Sy reflector
reflector -c "United States" -f 12 -l 12 --verbose --save /etc/pacman.d/mirrorlist

Bootstrap base system onto disk using pacstrap:

pacstrap /mnt base linux linux-firmware lvm2 sudo vim

Generate fstab:

genfstab -p /mnt >> /mnt/etc/fstab

chroot into system:

arch-chroot /mnt

Set time locale:

ln -sf /usr/share/zoneinfo/America/Chicago /etc/localtime

Set clock:

hwclock --systohc

Uncomment en_US.UTF-8 UTF-8 en_US ISO-8859-1 and other needed localizations in /etc/locale.gen. Now run:

locale-gen

Create locale config file:

locale > /etc/locale.conf

Set keymap for sd-vconsole:

echo "KEYMAP=us" > /etc/vconsole.conf

Add an hostname:

echo "myhostname" > /etc/hostname

Update /etc/hosts to contain::

127.0.1.1   myhostname.localdomain  myhostname

Because we are using disk encryption we have to change the initramfs.

Edit the /etc/mkinitcpio.conf. Look for the HOOKS variable and move keyboard to before the filesystems and add encrypt and lvm2 after keyboard. Like:

HOOKS=(base systemd autodetect keyboard sd-vconsole modconf block sd-encrypt sd-lvm2 filesystems fsck)

Regenerate the initramfs:

mkinitcpio -p linux

Install a bootloader:

bootctl --path=/boot/ install

Create bootloader. Edit /boot/loader/loader.conf. Replace the file's contents with:

default arch
timeout 3
editor 0

The editor 0 ensures the configuration can't be changed on boot.

Next create a bootloader entry in /boot/loader/entries/arch.conf

title Arch Linux (Encrypted)
linux /vmlinuz-linux
initrd /initramfs-linux.img
options rd.luks.name={UUID}=archlv root=/dev/mapper/archvg-root quiet rw

In order to get the UUID run the following command in vim:

:read ! blkid /dev/sda2

Complete

exit chroot:

exit

unmount everything:

umount -R /mnt

and reboot

reboot
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment