This is gonna be a “quick” walk-through on how to install Arch Linux with a nearly (/boot won’t be) fully encrypted HDD.
I have tested this guide with the archlinux-2012.09.07-dual.iso which uses systemV and archlinux-2012.10.06-dual.iso which was the first one using systemd, so this tutorial covers both init daemons.
Update: This article got translated to Swedish. Thx Sam!
The tutorials I found were all outdated or caused problems because of one of the following:
- The former included Arch Linux Installation Framework (AIF) executed by /arch/setup is no longer included in the Arch Linux-isos, the command will only respond with: “no such file or directory”.
- GRUB2 replaces GRUB legacy and needs to be configured differently.
- The keyboard layout didn’t fit to mine so i got some problems entering my passphrase;)
Step 1: Prepare the Harddisk
Boot gparted from an usb-stick and configure your disk as follows:
1. Set your partition table to MBR
2. Create the fist partition (later used as /boot): 200 MB, set the bootable flag, filesystem: ext3
3. Create the second partition (later used with LVM, containing /, /swap and /home): use the remaining space, leave it unformatted, set the LVM flag
PS: For more information on partitioning have a look at the Arch Linux wiki. If you don’t want to use gparted you can just boot the Arch Linux Iso and use “parted” or “fdisk”. It’s also possible to use GPT instead of MBR you will need a third partition with about 2MB, but I won’t describe this here – just come back when you figured it out. Using a UEFI setup you also have to search for an other source of information ;)
Step 2: Boot Arch Linux Iso from usb-stick
Search for your keyboard layout and activate it:
Establish WiFi-connection if you don’t have wired access to the Internet:
Step 3: Encrypt partition, configure LVM
Load the kernel module for encryption:
cryptsetup -c aes-xts-plain64 -y -s 512 luksFormat /dev/sda2
And open it, so it will be in /dev/mapper/lvm:
cryptsetup luksOpen /dev/sda2 lvm
Create a physical volume, volume group, logical volumes (details):
pvcreate /dev/mapper/lvm vgcreate main /dev/mapper/lvm lvcreate -L 20GB -n root main lvcreate -L 8GB -n swap main lvcreate -l 100%FREE -n home main
Now we need a filesystem on them:
mkswap /dev/mapper/main-swap mkfs.ext4 /dev/mapper/main-root mkfs.ext4 /dev/mapper/main-home
Step 4: Mount volumes, install Arch Linux
Mount the volumes into the running livesystem:
mount /dev/mapper/main-root /mnt mkdir /mnt/boot mount /dev/sda1 /mnt/boot mkdir /mnt/home mount /dev/mapper/main-home /mnt/home
Install the base and base-devel packets to /mnt (Internet-connection required):
pacstrap /mnt base base-devel
Install GRUB2 to /mnt (part 1):
pacstrap /mnt grub-bios
genfstab -p -U /mnt > /mnt/etc/fstab
Step 5: chroot and configure the system
delete the # in front of your language of choise (e.g. de_DE.UTF-8 UTF-8) in locale.gen and generate the locale:
vi /etc/locale.gen locale-gen echo LANG=de_DE.UTF-8 > /etc/locale.conf export LANG=de_DE.UTF-8
Generate /etc/vconsole.conf with the following 3 lines to bind your keys correctly:
KEYMAP="de-latin1-nodeadkeys" FONT=Lat2-Terminus16 FONT_MAP=
Create a symbolic link /etc/localtime to your zone file /usr/share/zoneinfo/<Zone>/<SubZone>:
ln -s /usr/share/zoneinfo/Europe/Berlin /etc/localtime
Define yout hostename:
echo archserv > /etc/hostname
!Outdated: Edit /etc/rc.conf: delete the # and set USELVM=”yes”
!Update: If you’re using archlinux-2012.10.06-dual.iso or newer the default init-daemon is systemd and rc.conf won’t be used anymore. Use the following command to activate the the lvm service for systemd:
systemctl enable lvm.service
Edit /etc/mkinitcpio.conf: Put “keymap”, “encrypt” and “lvm2″ (in that order!) before “filesystems” in the HOOKS array.
Regenerate the ramdisk:
mkinitcpio -p linux
Now install GRUB (part 2), on a device not a partition or a volume:
In /etc/default/grub edit the line GRUB_CMDLINE_LINUX=”” to GRUB_CMDLINE_LINUX=”cryptdevice=/dev/sda2:main” then run:
grub-mkconfig -o /boot/grub/grub.cfg
set your root password:
Exit the chroot:
Reboot into your new system.
PS: If you want to open your LVM from within an other (live-)system this commands can come in handy:
cryptsetup luksOpen /dev/sd?? sudo pvscan sudo vgscan sudo lvscan sudo vgchange -a y