Encrypted Arch Linux installation
What’s Arch Linux?
Arch Linux is a free and open source linux distribution based on the rule Keep it Simple.
Installation
Arch Linux has no graphical installer. You have to install using CLI.
Installation media creation
Go to Downloads page and select a nearby mirror. Download the iso file. If you’re on Windows, you can use rufus to create a bootable media.
On linux, you can use dd:
|
|
where X is your USB device’s ID. Don’t use a single partition. Use the whole device.
Boot the media
Insert the USB device and reboot the computer. Press the button configured to come boot options up. Choose your USB device from boot options.
Connect to internet
If you have ethernet, Arch linux iso will detect it. If you have a wireless connection, you have to connect it manually.
|
|
where wifi APN is the access point name you get when you scan for your wifi. And wifi interface you can get using iwconfig. It might be wlp3s0 or wlan0. Or you can use wifi-menu.
Now ping some website abdullah.today to check if you’re connected to internet or not.
Partitioning
There are multiple ways to encrypt the installation. One of them in LUKS on lvm. It’s straightforward.
Assuming you have a UEFI system and sda is your drive where you wanna install archlinux.
|
|
|
|
Type o and then Y.
Type n to create a new partition. Select 1 to create a very first partition for EFI. Hit enter and then type +512M to create a 512 Mbs partition. Enter ef00 as partition type.
Again type n to create a new partition. Select 2. Hit enter and again enter to give it rest of the storage if you don’t wanna install some other operating system. Hex code for LUKS is 8309 but you can go without it. By default it will be 8300 (linux filesystem).
Type p to check if everything is fine. And once satisfied, type w and hit enter to save the work.
Create file systems
First, create a filesystem for EFI.
|
|
Now create a LUKS container.
|
|
It will ask you to confirm. Type YES in all uppercase. Then choose a good passphrase. Write it if you can’t memorize it. Once forgotten, you can’t recover it.
Now open the new container.
|
|
Create a physical volume in this LUKS container.
|
|
Create a volume group. I’ll name it nix.
|
|
Create logical volumes on volume group. I’m creating three, one for encrypted swap and another for home and last one for root.
|
|
Now create filesystems.
|
|
Mount them.
|
|
Turn the swap partition on.
|
|
Install the base system
|
|
Generate fstab
|
|
NOTE: If you’re using an SSD, replace relatime with noatime in /mnt/etc/fstab except boot partition.
chroot into new system.
|
|
Set the timezone.
|
|
Replace Asia with your continent and Karachi with city.
Set hostname
|
|
Replace nix with name you wanna give your machine to.
Set locales
|
|
Uncomment en_US.UTF-8 UTF-8 . (remove # from the beginning)
|
|
Install some necessary software.
|
|
Create a user.
|
|
Create root password
|
|
mkinitcpio configuration
Edit the file /etc/mkinitcpio.conf. Copy this line or write in order in hooks line. Order matters so don’t ignore or you will get un-bootable system.
|
|
Generate mkinitcpio
|
|
Install bootloader
|
|
Create entries.
Create a file /boot/loader/entries/arch.conf.
|
|
Where UUID you can get using blkid. It would be in /dev/sda2.
Un-mount and reboot
|
|
Remove the USB device. And enjoy your new archlinux encrypted installation.