4.5 KiB
title, date, lastmod, categories, tags
| title | date | lastmod | categories | tags | ||
|---|---|---|---|---|---|---|
| Installing ArchLinux with Full Disk Encryption (LUKS) | 2018-12-19 | 2019-01-29 |
|
|
This is a guide written on how to install Arch Linux using LUKS for disk encryption, and Systemd-boot as the bootloader.
It is assumed that the reader has basic linux knowledge and understands that examples are given via output commands. The reader may always consult manpages, the Arch Wiki, or other documentation to build a better understanding of the tools and methods used.
Partitioning
- Create a partition scheme using partitioner of choice (e.g.
gdisk,fdisk,cgdisk).- First partition should be EFI/boot partition at around 256MB+ (type:
ef00) - Second partition should be Linux LVM partition using rest of disk space (type:
8e00)
- First partition should be EFI/boot partition at around 256MB+ (type:
- Make the the EFI/boot partition FAT32 via
mkfs.fat -F32
Encryption
- Format the Linux LVM partition:
Note: Remember your passphrase! You will need this every time you boot your computer
# cryptsetup luksFormat /dev/sdaN Enter passphrase: - Create a mapping for your Linux LVM (LUKS):
Use whatever name you want. Ex.
# cryptsetup open --type luks /dev/sdaN <map_name>lvm,volume, etc. - Create the physical volume, volume group, and logical volumes for
<map_name>specified in the previous step:Use whatever volume name you want. Ex.# pvcreate /dev/mapper/<map_name> # vgcreate <volume_name> /dev/mapper/<map_name>volume,main,linux, etc.Select size for swap, if desired. Here we use# lvcreate -L2G <volume_name> -n swap2Gfor 2Gb.# lvcreate -L16G <volume_name> -n root # lvcreate -l 100%FREE <volume_name> -n home - Specify and write the desired filesystems:
# mkfs.ext4 /dev/mapper/<volume_name>-root # mkfs.ext4 /dev/mapper/<volume_name>-home # mkswap /dev/mapper/<volume_name>-swap
Install Linux
-
Mount the boot partition and logical volumes for installation:
# mount /dev/mapper/<volume_name>-root /mnt # mkdir /mnt/home # mkdir /mnt/boot # mount /dev/mapper/<volume_name>-home /mnt/home # mount /dev/sdaN /mnt/boot # swapon /dev/mapper/<volume_name>-swap -
Install the base system (Assuming you have internet connectivity. Use
wifi-menu, or other, to connect to the internet at this point.):# pacstrap /mnt base base-devel
Set-up Linux Installation
-
Generate the
fstab:# genfstab -p /mnt >> /mnt/etc/fstab -
Move into the installation:
# arch-chroot /mnt -
Configure
initramfs:-
Edit
HOOKSin/etc/mkinitcpio.confusing text editor of your choice (e.g.vi,nano, etc.). Move thekeyboardhook beforefilesystems, and addencryptandlvm2hooks beforefilesystems:# egrep '^HOOKS' /etc/mkinitcpio.conf HOOKS=(base udev autodetect modconf block keyboard encrypt lvm2 filesystems fsck)Read the comment documentation on
HOOKSin the document to find out more. -
Generate
initramfs:# mkinitcpio -p linux
-
-
Install a bootloader (e.g.
systemd-boot,grub,syslinux, etc.):-
I will be using
systemd-boot# bootctl --path=/boot/ install -
Edit the loader configuration using a text editor of your choice:
# cat /boot/loader/loader.conf default arch timeout 3 editor 0 -
Create the loader entry for the default
archentry specified above (You can edit this name if desired.). Useblkid /dev/sdaNto find the UUID of your crypt device, and recall the volume name you gave your device above (mainin example below):# cat /boot/loader/entries/arch.conf title Arch Linux linux /vmlinuz-linux.img initrd /initramfs-linux.img options cryptdevice=UUID=9f1fc119-b1dc-49d8-9a5a-686ad9e2fd2e:volume root=/dev/mapper/main-root quiet rw
-
-
Create a root password using
passwd. -
Set a hostname:
# echo "<your_hostname>" > /etc/hostname -
Set up the time:
# ln -fs /usr/share/zoneinfo/<continent>/<city/place> /etc/localtime # hwclock --systohc --utc -
Set the locale to
en_US:# sed -i 's/^\#en_US/en_US/' /etc/locale.gen # locale-gen # locale > /etc/locale.conf -
Done!
# exit # unmount -R /mnt # reboot