User:ToxygeneB/Installing base system

These are the steps I follow to install Arch Linux on my systems. At present this just covers the most common setup which utilises UEFI, GPT, and LUKS and GRUB for disc encryption including boot partition, using LVM and Btrfs on x86-64.

Installation is usually on either single drive systems (SSD or HDD as sda), or dual drive systems (SSD as sda, HDD as sdb).

I use an Anker USB 3.0 to Gigabit Ethernet Adapter which utilises the Realtek RTL8153, supported by the default kernel module (avoids wireless chipset woes) for all my base installs.

Installation media

Download ISO image.
Write to USB stick.

# dd bs=4M if=/home/toxygeneb/Installers/archlinux.iso of=/dev/sdc status=progress && sync

Reboot from USB.

Establish environment

Set keymap and console font.

# loadkeys uk
# setfont Lat2-Terminus16

Check network connection.

# ping -c3 www.google.co.uk

Synchronise clock.

# timedatectl set-ntp true
# hwclock --systohc

Partition drives

Using cgdisk create partitions.

Partition	Type	Size	Label
sda1	ef00 EFI System	256MB	ESP
sda2	8300 Linux filesystem	512MB	Boot
sda3	8e00 Linux LVM	+100%	System
sdb1 ¹	8e00 Linux LVM	100%	Store

¹ Only applicable on dual drive systems eg. SSD and HDD.

Drive encryption

Load kernel module.

# modprobe dm-crypt

Generate keyfile for automatic unlocking.

# dd if=/dev/urandom of=/crypto_keyfile.bin bs=1024 count=20
# chmod 400 /crypto_keyfile.bin

Warning: Backup keyfile and keep it safe!

LUKS format /dev/sda2 for boot partition.

# cryptsetup -c aes-xts-plain64 -s 512 -h sha512 -i 5000 -y luksFormat /dev/sda2
# cryptsetup luksAddKey /dev/sda2 /crypto_keyfile.bin

LUKS format /dev/sda3 for Arch Linux system and, if necessary, /dev/sdb1 for storage.

# cryptsetup -c aes-xts-plain64 -s 512 -h sha512 -i 5000 --key-file /crypto_keyfile.bin keyfile luksFormat /dev/sda3
# cryptsetup -c aes-xts-plain64 -s 512 -h sha512 -i 5000 --key-file /crypto_keyfile.bin keyfile luksFormat /dev/sdb1

Open LUKS containers.

# cryptsetup luksOpen /dev/sda2 cryptboot 
# cryptsetup --key-file /crypto_keyfile.bin luksOpen /dev/sda3 arch

And only if created:

# cryptsetup --key-file /crypto_keyfile.bin luksOpen /dev/sdb1 store

Setup LVM

Single drive systems

For a 500GB drive, which actually holds 465GB, I am for 400GB for user storage. Adjust accordingly.

Create physical volume.

# lvm pvcreate /dev/mapper/arch

Create volume group.

# lvm vgcreate arch /dev/mapper/arch

Create logical volumes.

# lvm lvcreate -L 8GB -n swap arch
# lvm lvcreate -L 20GB -n tmp arch
# lvm lvcreate -L 37GB -n root arch
# lvm lvcreate -L 100%FREE -n home arch

Dual drive systems

For a 120GB SSD for the system and HDD for user storage. Adjust accordingly.

Create physical volumes.

# lvm pvcreate /dev/mapper/arch
# lvm pvcreate /dev/mapper/store

Create volume groups.

# lvm vgcreate arch /dev/mapper/arch
# lvm vgcreate store /dev/mapper/store

Create logical volumes.

# lvm lvcreate -L 8GB -n swap arch
# lvm lvcreate -L 20GB -n tmp arch
# lvm lvcreate -l 100%FREE -n root arch
# lvm lvcreate -l 100%FREE -n home store

Create and mount filesystems

Create filesystems.

# mkfs.vfat -n EFI /dev/sda1
# mkfs.ext2 -L boot /dev/mapper/cryptboot
# mkfs.btrfs -L tmp /dev/arch/tmp
# mkfs.btrfs -L root /dev/arch/root
# mkswap -L swap /dev/arch/swap

For single drive systems only:

# mkfs.btrfs -L home /dev/arch/home

For dual drive systems only:

# mkfs.btrfs -L home /dev/store/home

Mount filesystems, creating necessary mount points.

# mount /dev/arch/root /mnt
# mkdir -p /mnt/{boot,tmp,home}
# mount /dev/mapper/cryptboot /mnt/boot
# mount /dev/arch/tmp /mnt/tmp
# mkdir /mnt/boot/efi
# mount /dev/sda1 /mnt/boot/efi
# swapon /dev/arch/swap

For single drive systems only:

# mount /dev/arch/home /mnt/home

For dual drive systems only:

# mount /dev/store/home /mnt/home

Install Arch Linux

Copy nearest mirror to top of list.

/etc/pacman.d/mirrorlist

Server = http://www.mirrorservice.org/sites/ftp.archlinux.org/$repo/os/$arch

Use pacstrap to install packages.

# pacstrap /mnt base base-devel btrfs-progs

Generate fstab using UUIDs.

# genfstab -U /mnt > /mnt/etc/fstab

Copy encryption keyfile.

# cp /crypto_keyfile.bin /mnt/
# cp /crypto_keyfile.bin /mnt/boot

Configure the new installation

Chroot into /mnt.

# arch-chroot /mnt

Set timezone and clock.

# ln -sf /usr/share/zoneinfo/Europe/London /etc/localtime
# hwclock --systohc
# timedatectl set-ntp true

Generate and set locale.

/etc/locale.gen

en_GB.UTF-8

# locale-gen

/etc/locale.conf

LANG=en_GB-UTF-8

Configure virtual consoles.

/etc/vconsole.conf

KEYMAP=uk
FONT=Lat2-Terminus16

Set hostname.

# echo caprica > /etc/hostname

/etc/hosts

127.0.0.1       localhost.local         localhost
::1             localhost.local         localhost
127.0.0.1       caprica.local           caprica
::1             caprica.local           caprica

Configure pacman.

Select mirror:

/etc/pacman.d/mirrorlist

Server = http://www.mirrorservice.org/sites/ftp.archlinux.org/$repo/os/$arch

Pacman options:

/etc/pacman.conf

# Misc options

Color
CheckSpace
VerbosePkgLists

# Repositories

[testing]
Include = /etc/pacman.d/mirrorlist

[core]
Include = /etc/pacman.d/mirrorlist

[extra]
Include = /etc/pacman.d/mirrorlist

[community-testing]
Include = /etc/pacman.d/mirrorlist

[community]
Include = /etc/pacman.d/mirrorlist

[multilib-testing]
Include = /etc/pacman.d/mirrorlist

[multilib]
Include = /etc/pacman.d/mirrorlist

[archlinuxfr]
SigLevel = Never
Server = https://repo.archlinux.fr/$arch

Create Linux image for booting

/etc/mkinitcpio.conf

MODULES=(i915 vfat)
BINARIES=(/usr/bin/btrfs)
FILES=(/crypto_keyfile.bin)
HOOKS=(base consolefont udev autodetect modconf block keymap encrypt lvm2 filesystems keyboard fsck)

# mkinitcpio -p linux

GRUB Bootloader

Install and configure GRUB and dependencies

# pacman -S grub dosfstools mtools efibootmgr

/etc/gdefault/grub

GRUB_TIMEOUT=2
# UUID for /dev/sda3
GRUB_CMDLINE_LINUX="acpi_backlight=vendor cryptdevice=UUID=xxxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxxxx:arch"
GRUB_ENABLE_CRYPTODISK=y

# grub-mkconfig -o /boot/grub/grub.cfg
# grub-install --target=x86_64-efi --efi-directory=/boot/efi --bootloader-id=GRUB --recheck

Partition mounting

Add compress=lzo to mount options on Btrfs filesystems in /etc/fstab.

Chain decryption in /etc/crypttab

/etc/crypttab

# UUID for /dev/sda2
cryptboot      UUID=xxxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxxxx    /crypto_keyfile.bin     luks
# Dual drive systems only: UUID for /dev/sdb1
store          UUID=xxxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxxxx    /crypto_keyfile.bin     luks

Chroot completion

Set root password.

# passwd

Leave chroot.

# exit

Tidy up and reboot

Compress Btrfs root partition.

# btrfs filesystem defragment -r -v -clzo /mnt

Unmount partitions.

# umount -R /mnt

Reboot. Remember to remove install USB stick.

# reboot

Additional References

Arch Linux: Encryption and multiple hard drives by Michael Schätzlein