Installing Arch with GPT, LUKS, LVM and systemd-boot

Create bootable USB

dd bs=4M if=/path/to/archlinux.iso of=/dev/sdx status=progress && sync

Boot from USB and set prepare system

loadkeys <your-keymap>
timedatectl set-ntp true

Connect to wifi


Partition the disk with gdisk

We will create 2 partitions, one for boot partition and one for LUKS encrypted partition

gdisk /dev/sda
GPT fdisk (gdisk) version 1.0.1

Partition table scan:
  MBR: protective
  BSD: not present
  APM: not present
  GPT: present

Found valid GPT with protective MBR; using GPT.

Command (? for help): o
This option deletes all partitions and creates a new protective MBR.
Proceed? (Y/N): Y

Command (? for help): n
Partition number (1-128, default 1): 
First sector (34-242187466, default = 2048) or {+-}size{KMGTP}: 
Last sector (2048-242187466, default = 242187466) or {+-}size{KMGTP}: +512M
Current type is 'Linux filesystem'
Hex code or GUID (L to show codes, Enter = 8300): EF00
Changed type of partition to 'EFI System'

Command (? for help): n
Partition number (2-128, default 2): 
First sector (34-242187466, default = 1050624) or {+-}size{KMGTP}: 
Last sector (1050624-242187466, default = 242187466) or {+-}size{KMGTP}: 
Current type is 'Linux filesystem'
Hex code or GUID (L to show codes, Enter = 8300): 
Changed type of partition to 'Linux filesystem'

Command (? for help): p
Disk /dev/sda: 242187500 sectors, 115.5 GiB
Logical sector size: 512 bytes
Disk identifier (GUID): 9FB9AC2C-8F29-41AE-8D61-21EA9E0B4C2A
Partition table holds up to 128 entries
First usable sector is 34, last usable sector is 242187466
Partitions will be aligned on 2048-sector boundaries
Total free space is 2014 sectors (1007.0 KiB)

Number  Start (sector)    End (sector)  Size       Code  Name
   1            2048         1050623   512.0 MiB   EF00  EFI System
   2         1050624       242187466   115.0 GiB   8300  Linux filesystem

Command (? for help): w

Format, encrypt and mount partitions

creating boot and alongside it root and a separate home partition inside encrypted container on /dev/sda2

mkfs.vfat -F32 /dev/sda1

cryptsetup -v luksFormat /dev/sda2
cryptsetup luksOpen /dev/sda2 luks

pvcreate /dev/mapper/luks
vgcreate vg0 /dev/mapper/luks
lvcreate -L 4G vg0 -n swap
lvcreate -L 46G vg0 -n root
lvcreate -l +100%FREE vg0 -n home

mkfs.ext4 /dev/mapper/vg0-root
mkfs.ext4 /dev/mapper/vg0-home
mkswap /dev/mapper/vg0-swap

mkdir -p /mnt/home

mount /dev/mapper/vg0-root /mnt
mount /dev/mapper/vg0-home /mnt/home
swapon /dev/mapper/vg0-swap

mkdir /mnt/boot
mount /dev/sdX1 /mnt/boot


sda              8:0    0 298.1G  0 disk  
|-sda1           8:1    0   500M  0 part  /boot
`-sda2           8:2    0 297.6G  0 part  
  `-lvm        254:0    0 297.6G  0 crypt 
    |-vg0-swap 254:1    0     4G  0 lvm   [SWAP]
    |-vg0-root 254:2    0    46G  0 lvm   /
    `-vg0-home 254:3    0 247.6G  0 lvm   /home

Install base system

pacstrap /mnt base base-devel

Generate fstab

genfstab -pU /mnt >> /mnt/etc/fstab

cat /mnt/etc/fstab
# <file system> <dir> <type> <options> <dump> <pass>
# /dev/mapper/vg0-root
UUID=feba4787-6d91-45a4-b8b5-2e44d4e628b9	/         	ext4      	rw,relatime,data=ordered	0 1

# /dev/mapper/vg0-home
UUID=35fe4b57-42ed-4505-b453-19bd7fa49fa2	/home     	ext4      	rw,relatime,data=ordered	0 2

# /dev/sda1
UUID=885D-C3E0      	/boot     	vfat      	rw,relatime,fmask=0022,dmask=0022,codepage=437,iocharset=iso8859-1,shortname=mixed,utf8,errors=remount-ro	0 2

# /dev/mapper/vg0-swap
UUID=7e324b74-4a41-4084-828d-1b508ecc98c7	none      	swap      	defaults,pri=-2	0 0

If you have SSD change relatime on all non-boot partitions to noatime.

chroot into new system and prepare it

arch-chroot /mnt

ln -s /usr/share/zoneinfo/Europe/Paris /etc/localtime
hwclock --systohc

echo <your-hostname> > /etc/hostname

pacman -S dialog wpa_supplicant

useradd -m -G wheel -s /bin/bash <username>
passwd <username>

Set locales

Uncomment de_DE.UTF-8 UTF-8 and other needed localizations in /etc/locale.gen

echo LANG=de_DE.UTF-8 > /etc/locale.conf
echo KEYMAP=de > /etc/vconsole.conf


bootctl --path=/boot install

Edit /etc/mkinitcpio.conf

HOOKS="base udev autodetect modconf block keymap encrypt lvm2 resume filesystems keyboard fsck"

Configure bootloader

Create /boot/loader/entries/arch.conf

cryptdevice= will point to our second partition /dev/sda2 where we created the lvm find out the device's uuid end echo it to arch.conf to help you edit it

blkid |grep /dev/sda2 >> /boot/loader/entries/arch.conf
vim /boot/loader/entries/arch.conf
title	Arch Linux
linux	/vmlinuz-linux
initrd	/initramfs-linux.img
options	cryptdevice=UUID=338a87cb-ec34-4162-8cf5-93538c12ec40:lvm:allow-discards resume=/dev/mapper/vg0-swap home=/dev/mapper/vg0-home root=/dev/mapper/vg0-root rw quiet

Edit /boot/loader/loader.conf

timeout 3
default arch

Edit the sudoers

allow your user to do sudo commands



## Uncomment to allow members of group wheel to execute any command
%wheel ALL=(ALL) ALL

Finish installation and boot to new system

mkinitcpio -p linux
umount -R /mnt


