2022-05-09
After countless installs of Arch Linux, I want to document a simple LVM on LUKS install that has worked flawlessly for me over the years.
Assumptions
- You have followed the instructions for creating a USB flash installation medium.
- You are installing in UEFI mode.
- You are using an AMD CPU (For Intel:
sed 's/amd-ucode/intel-ucode/'). - You are using an NVMe drive mounted at
/dev/nvme0n1(Checklsblkand ensure you are using the correct drive). - Network configuration and management will not be included.
Installation Process
After booting from the USB installer, you should be dropped into a terminal shell:
// Connect to a wireless network
# iwctl station [station] connect [ssid]
// Synchronize the machine's clock
# timedatectl set-ntp true
// Partition the disk:
// 1. Wipe the device
// 2. Create a 512MiB boot partition
// 3. Create a 100%FREE root partition
# wipefs -a /dev/nvme0n1
# parted -s /dev/nvme0n1 mklabel gpt
# parted -s /dev/nvme0n1 mkpart primary fat32 1MiB 512MiB
# parted -s /dev/nvme0n1 set 1 esp on
# parted -s /dev/nvme0n1 mkpart primary ext4 512MiB 100%
// Format the newly created partitions:
// 1. Set the boot partition to FAT32
// 2. LUKS encrypt the root partition
// 3. Open the encrypted device
# mkfs.fat -F32 /dev/nvme0n1p1
# cryptsetup -y -v luksFormat /dev/nvme0n1p2
# cryptsetup open /dev/nvme0n1p2 cryptlvm
// Prepare the logical volumes:
// 1. Create a physical volume on top of the opened LUKS container
// 2. Create a new volume group from the physical volume
// 3. Create required logical volumes on the volume group
# pvcreate /dev/mapper/cryptlvm
# vgcreate archvg /dev/mapper/cryptlvm
# lvcreate -L 32G archvg -n swap
# lvcreate -L 100G archvg -n root
# lvcreate -l 100%FREE archvg -n home
// Format the filesystems on each logical volume
# mkfs.ext4 /dev/archvg/root
# mkfs.ext4 /dev/archvg/home
# mkswap /dev/archvg/swap
// Mount the filesystems
# mount /dev/archvg/root /mnt
# mount --mkdir /dev/archvg/home /mnt/home
# swapon /dev/archvg/swap
# mount --mkdir /dev/nvme0n1p1 /mnt/boot
// Install system software
# pacstrap /mnt base base-devel linux linux-firmware amd-ucode lvm2 iwd neovim
// Generate an fstab file using UUIDs and chroot into the new system
# genfstab -U /mnt >> /mnt/etc/fstab
# arch-chroot /mnt
// Set the timezone and locale
# ln -sf /usr/share/zoneinfo/[region]/[city] /etc/localtime
# hwclock --systohc
# echo "LANG=en_US.UTF-8" > /etc/locale.conf
# echo "en_US.UTF-8 UTF-8" >> /etc/locale.gen
# locale-gen
// Set hostname and local network conf
# echo [hostname] > /etc/hostname
# echo "127.0.0.1 localhost
::1 localhost
127.0.1.1 [hostname].localdomain [hostname]" >> /etc/hosts
// Configure mkinitcpio to ensure the required hooks are present
// and in the correct order:
// HOOKS=(base udev autodetect keyboard keymap consolefont modconf block encrypt lvm2 filesystems fsck)
# nvim /etc/mkinitcpio.conf
# mkinitcpio -p linux
// Set the root password
# passwd
// Install the bootloader:
// 1. Configure the bootloader entry
// 2. Set the default bootloader entry
// 3. Install systemd-boot
// 4. Verify the default bootloader entry
# mkdir -p /boot/loader/entries
# UUID=$(blkid /dev/nvme0n1p2 -o value -s UUID)
# echo "title Arch Linux
linux /vmlinuz-linux
initrd /amd-ucode.img
initrd /initramfs-linux.img
options cryptdevice=UUID=${UUID}:cryptlvm root=/dev/archvg/root quiet rw" > /boot/loader/entries/arch.conf
# echo "default arch
timeout 0
editor 0" > /boot/loader/loader.conf
# bootctl --esp-path=/boot install
# bootctl list
// Exit and reboot into the new system
# exit
# umount -R /mnt
# reboot