User:Rdeckard/Installation guide

From ArchWiki
Warning: This is my personal guide for installing an Arch Linux system. Use it only as a guide as you follow along with the official Installation Guide.

A guide for installing a minimal booting system. It gives several options along the way, depending on your system.

  • For UEFI, EFISTUB is used to boot the kernel directly.
  • For systems needing BIOS, syslinux is used.
  • Gives options for encrypting the system if desired.
  • Gives notes on using btrfs subvolumes if desired.

You may need additional packages for video drivers, etc.


Download the Arch ISO and GnuPG signature.

Verify signature

If you have GnuPG installed on your current system, verify the download:

$ gpg --keyserver-options auto-key-retrieve --verify archlinux-version-dual.iso.sig

Create bootable disk

Create a bootable USB drive by doing the following on an existing Linux installation:

# dd bs=4M if=/path/to/archlinux-version-x86_64.iso of=/dev/sdx status=progress && sync

where /dev/sdx is the USB drive.

Boot the live environment

Now boot from the USB drive.

Set the keyboard layout

If using a keymap other than US, temporarily set the keyboard layout by doing:

# loadkeys de-latin1

Change de-latin1 to a layout found in /usr/share/kbd/keymaps/**/*.map.gz

Verify the boot mode

Verify that you have booted with UEFI mode by checking that /sys/firmware/efi/efivars exists. If you're not booted in the UEFI, you should setup your motherboard to do so to follow this installation guide. If you are not able to use UEFI, this guide has an option to boot from BIOS using syslinux.

Connect to the internet

If you have a wired connection, it should connect automatically.

If you have a wireless connection, first stop the wired connection to prevent conflicts:

# systemctl stop dhcpcd@interface.service

A list of interfaces can be found with:

# ip link

Then connect to a wifi network with wpa_supplicant:

# wpa_supplicant -B -i interface -C/run/wpa_supplicant
# wpa_cli -i interface
> scan
> scan_results
> add_network
> set_network 0 ssid "SSID"
> set_network 0 psk "passphrase"
> enable_network 0
> quit

Get an ip address with dhcpcd:

# dhcpcd

For both wired and wireless connections, check your connection with:

# ping

Update the system clock

# timedatectl set-ntp true

Partition the disk

Warning: All data on your disk will be erased. Backup any data you wish to keep.
Note: This guide assumes your disk is at /dev/sda. Change if needed.

Use lsblk to identify existing file systems.

Here is the layout this guide is using. Modify to your needs.

Example partition layout
Mount point Partition Partition type Suggested size
/mnt/boot /dev/sda1 550 MiB
  • /dev/sda2 for regular or
  • /dev/mapper/cryptroot for encrypted
Linux x86-64 root (/) Remainder of the device

Use GPT fdisk to format the disk:

# gdisk /dev/sda
  1. Create a new empty GUID partition table by typing o at the prompt.
  2. Create a new partition by typing n at the prompt. Hit Enter when prompted for the partition number, keeping the default of 1. Hit Enter again for the first section, keeping the default. For the last sector, type in +550M and hit Enter.
    • For an EFI system, type in EF00 to indicate it is an EFI system partition for the partition type. Otherwise, use the default.
  3. Now create at least one more partition for the installation. To create just one more partition to fill the rest of the disk, type n at the prompt and use the defaults for the partition number, first sector, last sector, and hex code.
    • If setting up a BIOS system with syslinux, enter expert mode by entering x. Then enter a and then 1 to set an attribute for partition 1. Then enter 2 to set it as a legacy BIOS partition and then Enter to exit the set attribute menu.
  4. Finally, write the table to the disk and exit by entering w at the prompt.
Tip: Here are one-liners for the above layout.

For EFI:

# sgdisk /dev/sda -o -n 1::+550M -n 2 -t 2:EF00


# sgdisk /dev/sda -o -n 1::+550M -n 2 -A 1:set:2

Create LUKS container

If encrypting your system with dm-crypt/LUKS, do:

# cryptsetup lukFormat --type luks2 /dev/sda2
# cryptsetup open /dev/sda2 cryptroot

Othwerwise, skip this step.

Format the partitions

Format your ESP as FAT32:

# mkfs.fat -F32 /dev/sda1

Replace ext4 with the file system you are using in all of the following.

To format the LUKS container on an encrypted system do:

# mkfs.ext4 /dev/mapper/cryptroot

To format a regular (not encrypted) system, do:

# mkfs.ext4 /dev/sda2

Mount the file systems

For the encrypted setup mount the LUKS container:

# mount /dev/mapper/cryptroot /mnt

For the regular setup mount the root partition:

# mount /dev/sda2 /mnt

In both cases make a mount point for the boot partition and mount it:

# mkdir -p /mnt/boot
# mount /dev/sda1 /mnt/boot
Tip: If using btrfs, create any subvolumes you wish to use as mount points now. Then unmount /mnt and remount your subvolumes to the appropriate mount points. For example, for the encrypted setup:
# mount /dev/mapper/cryptroot /mnt
# btrfs subvolume create /mnt/@
# btrfs subvolume create /mnt/@home
# umount /mnt
# mount -o compress=zstd,subvol=@ /dev/mapper/cryptroot /mnt
# mkdir -p /mnt/home
# mount -o compress=zstd,subvol=@home /dev/mapper/cryptroot /mnt/home
# mkdir -p /mnt/boot
# mount /dev/sda1 /mnt/boot


Select the mirrors

If you desire, edit /etc/pacman.d/mirrorlist to select which mirrors have priority. Higher in the file means higher priority. This file will be copied to the new installation.

Install packages

# pacstrap /mnt base btrfs-progs linux man-db man-pages texinfo vim which

Append additional packages you wish to install to the line. You will have the opportunity to install more packages in the chroot environment and when you boot into the new system.

If you have an AMD or Intel processor, you will want to go ahead and install the amd-ucode or intel-ucode packages, respectively to enable microcode updates later in the guide.

Configure the system


Generate the fstab for your new installation:

# genfstab -U /mnt > /mnt/etc/fstab


chroot into the new installation:

# arch-chroot /mnt

Time zone

Set the time zone:

# ln -sf /usr/share/zoneinfo/Region/City /etc/localtime

Set the hardware clock from the system clock:

# hwclock --systohc


Uncomment needed locales in /etc/locale.gen (e.g., en_US.UTF-8). Then run:

# locale-gen

Set the LANG environment variable the locale:


If you are not using a US keymap, make they keyboard layout permanent:


Network configuration


Set the hostname:

/etc/hosts	localhost
::1		localhost	hostname.localdomain	hostname


systemd-networkd will be used to connect to the internet after installation is complete.

Create a minimal systemd-networkd configuration file. Here interface is the wireless interface or the wired interface if not using wireless.



Enable the systemd-networkd.service unit.

DNS resolution

To use systemd-resolved for DNS resolution, create a symlink as follows:

# ln -s /run/systemd/resolve/stub-resolv.conf /etc/resolv.conf

Enable the systemd-resolved.service unit.


If using a wireless interface, install the iwd package now:

# pacman -S iwd

Additionally enable the iwd.service for wireless on boot.

Note: To prevent a known race condition that causes wireless device renaming problems, create a drop-in file with the following:
After=systemd-udevd.service systemd-networkd.service


If using an encrypted system, add the encrypt hook to your mkinitcpio configuration as shown below.

Add the keymap hook if you are not using the default US keymap.

If using btrfs, you can remove the fsck hook.

HOOKS=(base udev autodetect modconf block filesystems keyboard fsck keymap encrypt)
Tip: Move keyboard in front of autodetect if using an external USB keyboard that was not connected when the image is created.

Regenerate initramfs:

# mkinitcpio -p linux

Root password

Set the root password:

# passwd
Tip: You can skip this step if you are giving your normal user super user privileges via sudo.

Add normal user

Install the sudo package:

# pacman -S sudo

Add a normal user, add it to the wheel group, and set the password:

# useradd -m -G wheel user
# passwd user

Open the sudoers file and uncomment the wheel group, giving that user access to sudo:

# EDITOR=vim visudo

Swap file

If using btrfs, first create a subvolume for the swap file to reside on. Then, create an empty swap file and set it to not use COW:

# btrfs subvolume create /.swap
# truncate -s 0 /.swap/swapfile
# chattr +C /.swap/swapfile

If not using btrfs, simply create a directory:

# mkdir /.swap

In all cases do:

# dd if=/dev/zero of=/.swap/swapfile bs=1M count=2048
# chmod 600 /.swap/swapfile
# mkswap /.swap/swapfile

Update fstab with a line for the swap file:

/.swap/swapfile none swap defaults 0 0
Warning: If using btrfs instead of ext4, do not use a swap file for kernels before v5.0, since it may cause file system corruption. Instead, use a swap partition (not covered here).

Boot loader

Two options are provided here. If you have a UEFI motherboard, use #EFISTUB. Otherwise, use the BIOS setup with #syslinux. In either case, you will need your #kernel parameters.


In the UEFI setup we are not using a boot loader. Instead we are booting the kernel directly via EFISTUB. Previously you should have created a EFI system partition of the size 550MiB and marked it with the partition type EF00.

Exit the chroot and reboot the system. From your Arch Linux live disk, boot into the UEFI Shell v2. Then do:

Shell> map

Note the disk number for the hard drive where you are installing Arch Linux. This guide assumes it is 1.

Now create two UEFI entries using bcfg.

Shell> bcfg boot add 0 fs1:\vmlinuz-linux "Arch Linux"
Shell> bcfg boot add 1 fs1:\vmlinuz-linux "Arch Linux (Fallback)"

Create a file with your #Kernel parameters as a single line:

Shell> edit fs1:\options.txt
Note: Create at least one additional space before the first character of your boot line in your options files. Otherwise, the first character gets squashed by a byte order mark and will not be passed to the initramfs, resulting in an error when booting. Additionally, your options file should be one line, and one line only.

Press F2 to save and F3 to quit. Now add that file as the options to your first boot entry:

Shell> bcfg boot -opt 0 fs1:\options.txt

Repeat the above process for your second, fallback entry, creating a text file named options-fallback.txt containing a single line with your kernel parameters, chaning the intird to the fallback image (i.e., /initramfs-linux-fallback.img).

Add it to the entry using bcfg boot -opt 1 fs:1\options-fallback.txt.


In the BIOS setup we are using syslinux. Previously you should have created a boot partition that was marked with the attribute "legacy BIOS bootable".

Now, while still in the chroot install syslinux:

# pacman -S syslinux

Create the following configuration file:


LABEL arch
  MENU LABEL Arch Linux
  LINUX ../vmlinuz-linux
  APPEND kernel-parameters

LABEL archfallback
  MENU LABEL Arch Linux
  LINUX ../vmlinuz-linux
  APPEND fallback-kernel-parameters

where kernel-parameters is from #kernel parameters. fallback-kernel-parameters is exactly the same except with initrd pointing to the fallback initramfs (i.e., /initramfs-linux-fallback.img).

Exit the chroot and unmount all of the partitions:

# umount -R /mnt

Then install the bootloader:

# syslinux --directory syslinux /dev/sda1

And install the MBR:

# dd bs=440 count=1 conv=notrunc if=/usr/lib/syslinux/bios/gptmbr.bin of=/dev/sda

Kernel parameters

No matter what boot loader you use, you need to pass some kernel parameters to it as indicated in the above sections.

For an encrypted system, the kernel parameters will contain at least:

root=/dev/mapper/cryptroot ro initrd=/initramfs-linux.img init=/usr/lib/systemd/systemd cryptdevice=/dev/sda2:cryptroot
Tip: Add :allow-discards after cryptroot to allow trimming if using an SSD. Then enable the fstrim.timer to trim the device weekly.

For a regular system, the kernel parameters will contain at least:

root=/dev/sda2 ro initrd=/initramfs-linux.img init=/usr/lib/systemd/systemd
  • In either case, if using btrfs, and you want to boot from a specific subvolume, add rootfstype=btrfs rootflags=subvol=/@, where @ is the subvolume you will mount as /.
  • If you have an Intel or AMD CPU, enable microcode updates by adding an /intel-ucode.img or /amd-ucode.img, respectively to initrd= with a comma separating the two images. It must be the first initrd entry on the line. For example: initrd=/intel-ucode.img,/initramfs-linux.img.


When you reboot you should be prompted for your LUKS password if you decided to encrypt the system. See User:Rdeckard/Post-installation.