install

making live USB 

gpg --keyserver-options auto-key-retrieve --verify archlinux-version-x86_64.iso.sig

cp path/to/archlinux-version-x86_64.iso /dev/sdx
  • boot from USB (make sure to set correct UEFI order)

in live environment

  • Connect to WiFi (iwd) 
iwctl
[iwd]# help
[iwd]# station list
[iwd]# station wlan0 connect WIFI_NAME
[iwd]# station list
  • Check connection
ping archlinux.org
  • Set system clock
timedatectl set-ntp true
  • Check system time
timedatectl status

partition disk

  • Partition disks: only need UEFI (EFI system partition) and root (/)
  • Swap does not need to be a partition, can be a file for flexibility/ease 
lsblk
fdisk -l

If Tuxedo: by default, partitions look like (1 TB drive)

Devic          ...  Size Type
/dev/nvme0n1p1        1G EFI System
/dev/nvme0n1p2      512M Microsoft basic data
/dev/nvme0n1p3      930G Linux filesystem
  • Normally could use existing EFI partition
  • But file format is wrong (we want FAT32 for GRUB, format is ext3)
  • Will fix later

prepare drive for encryption 

cryptsetup open --type plain -d /dev/urandom /dev/nvme0n1p3 to_be_wiped
  • Verify that it exists
lsblk
  • Wipe container with zeros
dd if=/dev/zero of=/dev/mapper/to_be_wiped status=progress

WARNING: 1 TB disk capacity / (80 MB/s write speed) = ~3.5 hours

  • Close temporary container
cryptsetup close to_be_wiped

encrypt entire drive 

cryptsetup luksFormat /dev/nvme0n1p3
  • Open container (decrypted container now at /dev/mapper/cryptlvm) 
cryptsetup open /dev/nvme0n1p3 cryptlvm
  • Create physical volume
pvcreate /dev/mapper/cryptlvm
  • Create volume group (name VolumeGroup, arbitrary) 
vgcreate VolumeGroup /dev/mapper/cryptlvm
  • Create logical volumes
  • I said we could use a swap file
  • If using LVM, easy to re-size partitions, might as well use swap partition
  • Make swap partition same size as RAM for easy suspend to disk (hibernate)
  • Don't use entire volume group capacity for easy resizing in the future 
lvcreate -L 32G      VolumeGroup -n swap
lvcreate -l 100%FREE VolumeGroup -n root
  • Format filesystems
mkswap    /dev/VolumeGroup/swap
mkfs.ext4 /dev/VolumeGroup/root
  • Mount filesystems
swapon /dev/VolumeGroup/swap
mount /dev/VolumeGroup/root /mnt

  • (n.b. the above steps also work for external storage, e.g. a backup drive)

  • Prepare boot partition

mkfs.fat -F 32 /dev/nvme0n1p1
mkdir /mnt/boot
mount /dev/nvme0n1p1 /mnt/boot

pacstrap /mnt base linux linux-firmware
  • Generate fstab
genfstab -U /mnt >> /mnt/etc/fstab

switch into new system

  • Change root into new system
arch-chroot /mnt
  • Install necessary packages
pacman -S lvm2 grub efibootmgr iwd
  • Install useful packages
pacman -S man-db man-pages neovim fish
  • Set timezone
ln -sf /usr/share/zoneinfo/US/Eastern /etc/localtime
  • Run hwclock
hwclock --systohc
  • Edit /etc/locale.gen and uncomment en_US.UTF-8 UTF-8, run locale-gen 
locale-gen
  • Create /etc/locale.conf with the LANG variable 
LANG=en_US.UTF-8
  • Create hostname in /etc/hostname
myhostname
  • Set root password
passwd

edit initramfs

  • Add the following to /etc/mkinitcpio.conf

    HOOKS=(base udev autodetect keyboard keymap consolefont modconf block encrypt lvm2 filesystems fsck)

  • Recreate initramfs image
mkinitcpio -P

install GRUB 

grub-install --target=x86_64-efi --efi-directory=/boot --bootloader-id=GRUB
  • Edit /etc/default/grub where device-UUID is the UUID of /dev/nvme0n1p1
  • This can be found with lsblk -f
GRUB_CMDLINE_LINUX_DEFAULT="cryptdevice=UUID=device-UUID:cryptlvm root=/dev/VolumeGroup/root resume=/dev/VolumeGroup/swap"
  • Use grub-mkconfig to generate /boot/grub/grub.cfg 
grub-mkconfig -o /boot/grub/grub.cfg
  • Reboot
reboot
  • Hopefully the following:
    • "Arch Linux" appears in GRUB menu
    • Prompt for encryption key
    • Prompt for username
    • Prompt for password
    • Login successful!