This is my walkthrough for how I installed Arch Linux on LVM with encryption, utilizing KDE Plasma as the desktop environment.
This repository includes additional documents pertaining to:
- General Maintenance
- LVM
- Windows 10
Documents within these areas of interest are listed in the Additional Information section of the Table of Contents.
SweatyHands is a work in progress and will be continually updated as I become more familiar with Arch.
- Installation
- Stage 1
- Clear Existing Partitions
- Create New Partitions
- Make Filesystems for EFI and Boot Partitions
- Encrypt and Make Filesystem for the LVM
- Mount Volumes (ALL EXCEPT EFI)
- Get a Network Connection (Wireless Connection)
- Edit Mirror List
- Install
basePackage - Generate and Check
fstabFile - Access In-Progress Installation
- Stage 2
- Stage 3
- Stage 1
- Additional Information
All steps are listed in the order I followed to set up Arch.
All steps are done in the live boot environment.
$ fdisk -l- Find disk path (probably /dev/sda/ on hard drives)
$ fdisk /dev/sda- Use option
dto delete partition, select partition number- Repeat until all existing partitions are deleted
- Use option
pto list pending changes to system throughout process
- Use option
wto write changes
- The order of my partitions, including partition path, purpose, type, and their corresponding sizes:
-
Partition Path Partition Purpose Partition Type Size /dev/sda1 EFI EFI 512MB /dev/sda2 boot Linux Filesystem 512MB /dev/sda3 LVM ( /, /home, swapfile) LVM Remaining disk
-
$ fdisk /dev/sda- Use option
nto create new partitions.- fdisk knows how to number partitions, you can leave it at its default when selecting partition number
- First sector: enter through
- Last sector: ex. +512M to make a 512MB partition
- Simply enter through first and last sector fields if you want to make a partition from the remaining disk space
- If prompted to remove existing filesystem signature,
y - Use option
tto set partition type- EFI option number: 1
- Linux filesystem option number: 20. It is also the default so entering through would set this as the partition type
- Linux LVM option number: 30
- For /dev/sda1 (EFI)
$ mkfs.fat -F32 /dev/sda1
- For /dev/sda2 (boot)
$ mkfs.ext4 /dev/sda2
$ cryptsetup luksFormat /dev/sda3- "Are you sure?" Well, yeah. So type
YES - Enter and re-enter passphrase for encrypted partition
- Open encrypted partition
$ cryptsetup open /dev/sda3 lvmto open partition as "lvm"
- Create physical volume
$ pvcreate --dataalignment 1m /dev/mapper/lvm
- Create volume group
$ vgcreate volgroup0 /dev/mapper/lvmto create volume group "volgroup0"
- Create logical volumes
- Create / (root)
$ lvcreate -L 32GB volgroup0 -n lv_rootto create logical volume of size 32GB with the name "lv_root"
- Create /home
$ lvcreate -l 100%FREE volgroup0 -n lv_hometo use the rest of disk with the name "lv_home"
- Create / (root)
- Make filesystem for LVM groups
- For / (root)
$ mkfs.ext4 /dev/volgroup0/lv_root
- For /home
$ mkfs.ext4 /dev/volgroup0/lv_home
- For / (root)
$ mount /dev/volgroup0/lv_root /mntto mount .../lv_root to /mnt- Create directory in /mnt to mount /home:
$ mkdir /mnt/home $ mount /dev/volgroup0/lv_home /mnt/home- Create directory for boot:
$ mkdir /mnt/boot $ mount /dev/sda2 /mnt/boot$ mkdir /mnt/etcfor later use
$ ip aor$ ip linkto get wireless interface name$ wifi-menu INTERFACE_NAMEto scan for networks with the interface. Edit the name for the new profile if you want.$ ping A_WEBSITEto check connection
$ nano /etc/pacman.d/mirrorlistand move United States mirrors to the top of the list. Pacman prioritizes mirrors at the top of the list, so this would result in a faster download speed.
$ pacstrap -i /mnt base
$ genfstab -U -p /mnt >> /mnt/etc/fstabto generate and store the fstab file in /mnt/etc/fstab$ cat /mnt/etc/fstaband you should see three partitions listed in the file
$ arch-chroot /mnt- You can now do the following steps in any order you'd like
All steps are done in the chroot environment.
$ pacman -S base-devel lvm2 linux-firmware man-db man-pages texinfo linux linux-lts linux-headers linux-lts-headers networkmanager wpa_supplicant wireless_tools netctl dialog mesa grub efibootmgr dosfstools os-prober mtools xorg-server plasma-meta kde-applications intel-ucode nanolvm2- CRITICAL PACKAGE. Required to boot LVMlinuxandlinux-ltsgives us kernel optionslinux-headersandlinux-lts-headersare optional, but recommendednetctlis optional. MAY CONFLICT WITHnetworkmanagermesa- graphics; provides the DRI driver for 3D accelerationgrub efibootmgr dosfstools os-prober mtools- necessary packages to install GRUBplasma-meta kde-applications- installing KDE Plasma as desktop environmentintel-ucode- microcode for Intel cpu; oramd-ucodefor AMD processors
$ nano /etc/mkinitcpio.conf. The file controls modules and scripts added to the image as well as what happens at boot time.- Find
HOOKS=(base udev autodetect ...)line- Add "encrypt lvm2" between "block" and "filesystems". ORDER IS IMPORTANT
$ mkinitcpio -p linuxand$ mkinitcpio -p linux-ltsif both were installed. You only need to run it against whichever linux package was installed.
$ ln -sf /usr/share/zoneinfo/America/Detroit /etc/localtime$ hwclock --systohcto set hardware clock to UTC
$ nano /etc/locale.gen- Uncomment lines that start with "en_US" for United States
$ locale-gen
- Add these lines in
hosts-
127.0.0.1 localhost ::1 localhost 127.0.1.1 arch.localdomain arch
-
- Add this to
hostnamearch
$ passwd
$ useradd -m -g users -G wheel NAMEto create user of NAME in groupsusersandwheel- Set password for user
$ passwd NAME - Make user admin
- Check sudo
$ which sudo. If DNE,$ pacman -S sudo - Configure sudo. Create env variable and edit sudo settings
$ EDITOR=nano visudo- Uncomment line that starts with "%wheel ALL" to give users of group
wheelpermission to execute any command
- Uncomment line that starts with "%wheel ALL" to give users of group
- Check sudo
- Repeat and assign privileges as needed.
$ nano /etc/default/grub- Uncomment "GRUB_ENABLE_CRYPTODISK=y"
- Edit line "GRUB_CMDLINE_LINUX_DEFAULT"
- Add "cryptdevice=/dev/sda3:volgroup0:allow-discards" between "loglevel=3" and "quiet"
- CRITICAL. DO NOT **** UP.
- Add "cryptdevice=/dev/sda3:volgroup0:allow-discards" between "loglevel=3" and "quiet"
$ mkdir /boot/EFI- Finally mount the EFI partition
$ mount /dev/sda1 /boot/EFI $ grub-install --target=x86_64-efi --bootloader-id=grub_uefi --recheck$ mkdir /boot/grub/locale$ cp /usr/share/locale/en\@quot/LC_MESSAGES/grub.mo /boot/grub/locale/en.mo$ grub-mkconfig -o /boot/grub/grub.cfg
- SWAPFILE vs Swap Partition: Can resize at any time whereas resizing a swap partition would be troublesome and risky for system integrity
$ fallocate -l 2G /swapfile$ chmod 600 /swapfile$ mkswap /swapfile- Add SWAPFILE to fstab so that swapfile is initialized during each boot
- Optional but recommended: make a backup of existing fstab file
$ cp /etc/fstab /etc/fstab.backup - Add SWAPFILE to fstab
$ echo '/swapfile none swap sw 0 0' | tee -a /etc/fstabto append line to fstab file
- Optional but recommended: make a backup of existing fstab file
$ cat /etc/fstabto check if SWAPFILE was added correctly
- This assumes you've already installed packages
plasma-metaandkde-applications $ systemctl enable sddm$ systemctl enable NetworkManager
Reboot and Pray to God You Didn't **** Something Up