How to Install Arch Linux on Encrypted LVM

From Wiki
Jump to navigation Jump to search


In this video, the viewer is shown how to create a custom installation of Arch Linux with EFI, LVM, and Encryption.

Relevant Links
Original Video
Arch Linux Download Page

Installation Steps

Download latest Arch linux ISO

Check if there is an Internet connection (if on wired)
 ip addr show
For WiFi, you can use wifi-menu
If you do have a network connection but no IP address use:
Edit the mirrorlist (optional)
 nano /etc/pacman.d/mirrorlist
Update repository index
 pacman -Syyy
See partitions/drives on the system (find the name of your hard drive)
 fdisk -l
Start the partitioner (fdisk)
 fdisk /dev/<DEVICE> (substitute <DEVICE> for your device name, example: /dev/sda or /dev/nvme0n1)
Show current partitions
Create EFI partition
 g (to create an empty GPT partition table)
 1 (For EFI)
Create boot partition
Create LVM partition
Show current partitions again
Finalize partition changes
Format the EFI partition
 mkfs.fat -F32 /dev/<DEVICE PARTITION 1> (for example: /dev/sda1)
Format the boot partition
 mkfs.ext4 /dev/<DEVICE PARTITION 2> (for example: /dev/sda2)
Set up encryption
 cryptsetup luksFormat /dev/<DEVICE PARTITION 3>
 cryptsetup open --type luks /dev/<DEVICE PARTITION 3> lvm
Set up lvm
 pvcreate --dataalignment 1m /dev/mapper/lvm
 vgcreate volgroup0 /dev/mapper/lvm
 lvcreate -L 30GB volgroup0 -n lv_root
 lvcreate -L 250GB volgroup0 -n lv_home (or instead of "-L 250GB", use "-l 100%FREE" to use all the remaining space).
 modprobe dm_mod
 vgchange -ay
Format the root partition
 mkfs.ext4 /dev/volgroup0/lv_root
Mount the root partition
 mount /dev/volgroup0/lv_root /mnt
Create the boot partition mount directory
 mkdir /mnt/boot
Mount the boot partition
 mount /dev/<DEVICE PARTITION 2> /mnt/boot
Format the home partition
 mkfs.ext4 /dev/volgroup0/lv_home
Create the home partition mount point
 mkdir /mnt/home
Mount the home volume
 mount /dev/volgroup0/lv_home /mnt/home
Create the /etc dirctory
 mkdir /mnt/etc
Create the /etc/fstab file
 genfstab -U -p /mnt >> /mnt/etc/fstab
Check the /etc/fstab file
 cat /mnt/etc/fstab
Install Arch Linux base packages
 pacstrap -i /mnt base
Access the in-progress Arch installation
 arch-chroot /mnt
Install a kernel and headers
 pacman -S linux linux-headers

For LTS:

 pacman -S linux-lts linux-lts-headers

Or both:

 pacman -S linux linux-lts linux-headers linux-lts-headers 
Install a text editor
 pacman -S nano
Install optional packages
 pacman -S base-devel openssh
Enable OpenSSH if you've installed it
 systemctl enable sshd
Install packages for networking
 pacman -S networkmanager wpa_supplicant wireless_tools netctl
Install dialog (required for wifi-menu)
 pacman -S dialog
Enable networkmanager
 systemctl enable NetworkManager
Install LVM support
 pacman -S lvm2
Edit /etc/mkinitcpio.conf
 nano /etc/mkinitcpio.conf

On the "HOOKS" line (line #52 or thereabouts), add "encrypt lvm2" in between "block" and "filesystems"

It should look similar to the following (don't copy this line in case they change it, but just add the two new items):

 HOOKS=(base udev autodetect modconf block encrypt lvm2 filesystems keyboard fsck)
Create the initial ramdisk for the main kernel
 mkinitcpio -p linux
Create the initial ramdisk for the LTS kernel (if you installed it)
 mkinitcpio -p linux-lts
Uncomment the line from the /etc/locale.gen file that corresponds to your locale
 nano /etc/locale.gen (uncomment en_US.UTF-8)
Generate the locale
Set the root password
Create a user for yourself
 useradd -m -g users -G wheel <username>
Set your password
 passwd <username>
Install sudo (may already be installed)
 pacman -S sudo
Allow users in the 'wheel' group to use sudo
 EDITOR=nano visudo


 %wheel ALL=(ALL) ALL
Install packages for GRUB
 pacman -S grub efibootmgr dosfstools os-prober mtools
Edit /etc/default/grub
 nano /etc/default/grub



Add cryptdevice=<PARTUUID>:volgroup0 to the GRUB_CMDLINE_LINUX_DEFAULT line If using standard device naming, the option will look like this:

 cryptdevice=/dev/sda3:volgroup0:allow-discards quiet
Create the directory for EFI boot
 mkdir /boot/EFI
Mount the EFI partition
 mount /dev/<DEVICE PARTITION 1> /boot/EFI
Install GRUB
 grub-install --target=x86_64-efi --bootloader-id=grub_uefi --recheck
Create the locale directory for GRUB
 mkdir /boot/grub/locale
Copy the locale file to locale directory
 cp /usr/share/locale/en\@quot/LC_MESSAGES/ /boot/grub/locale/
Generate GRUB's config file
 grub-mkconfig -o /boot/grub/grub.cfg
Create swap file
 fallocate -l 2G /swapfile
 chmod 600 /swapfile
 mkswap /swapfile
Back up the /etc/fstab file
 cp /etc/fstab /etc/fstab.bak
Add the swap file to the /etc/fstab file
 echo '/swapfile none swap sw 0 0' | tee -a /etc/fstab
Check the /etc/fstab file to make sure it includes all the right partitions
 cat /etc/fstab

You should have a mountpoint for the root filesystem, boot partition, home partition, and swap file

Wrapping Up, Optional Considerations

Install CPU Microde files (AMD CPU)
 pacman -S amd-ucode
Install CPU Microde files (Intel CPU)
 pacman -S intel-ucode
Install Xorg if you plan on having a GUI
 pacman -S xorg-server
Install 3D support for Intel or AMD graphics

If you have an Intel or AMD GPU, install the mesa package:

 pacman -S mesa
Install Nvidia Driver packages if you have an Nvidia GPU
 pacman -S nvidia nvidia-utils

Note: Install nvidia-lts if you've installed the LTS kernel:

 pacman -S nvidia-lts
Optional: Install Virtualbox guest packages

If you're installing Arch inside a Virtualbox virtual machine, install these packages:

 pacman -S virtualbox-guest-utils xf86-video-vmware

Moment of truth: Reboot your machine

Exit the chroot environment
Unmount everything (some errors are okay here)
 umount -a
Reboot the machine