-
Notifications
You must be signed in to change notification settings - Fork 1
/
ArchLinux-Install
217 lines (152 loc) · 7.12 KB
/
ArchLinux-Install
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
------------------------------------------------------------------------
Specs
------------------------------------------------------------------------
Lenovo Thinkpad t450s
i5-5300u cpu
20gb ram
500g Samsung 850 EVO ssd
2x MyDigitalSSD 42mm m.2 ngff 2242
Goal: Install Arch Linux enabling encryption on all drive and enabling hibernation support
------------------------------------------------------------------------
Creating Patitions and planning layout
------------------------------------------------------------------------
-Using GPT partition table
-Drives should be wiped and zeroed using Ultimate Boot CD (gui)
or dd
# dd if=/dev/zero of=/dev/sdX bs=512 status=progress
List availale block devices
# lsblk
# blkid
Create boot partition and lvm-vg01 swap and root for 500gb ssd. Lvm on luks will allow the encrypt hook to decrypt both root and swap
for hibernation/resume from suspend.
GPT partition table drives need to use cgdisk
# cgdisk /dev/sda
sda1, type: ef00 EFI System, Label: boot drive - 1024MB, non encrypted boot drive
sda2, type: 8e00 Linux LVM, Label: vg01-disk01 - Remaining space will be encrypted first then we'll create lvm volumes
sda2 partition encryption
# cryptsetup -c aes-xts-plain64 -s 512 -h sha512 -i 5000 luksFormat /dev/sda2
type capital YES and enter in passphrase
Open sda2 for lvm setup
# cryptsetup luksOpen /dev/sda2 crypt-disk01
sda2 - crypt-disk01, will contain swap and the rest will be used for /
# pvcreate /dev/mapper/crypt-disk01 (creating physical volume at /dev/mapper/crypt-disk01)
# vgcreate lvm-vg01 /dev/mapper/crypt-disk01 (creating LVM volume group lvm-vg01)
# lvcreate -L 24GB -n swap lvm-vg01 (swap drive, same amount as ram for hibernation)
# lvcreate -l 100%FREE -n root lvm-vg01 (keeping it simple, this will be root,home,and everything else)
Creating lvm-vg02 using luks on lvm spanning multiple disks, will be mounted in /data
# cgdisk /dev/sdb
sdb1, type: 8e00 Linux LVM, Label: lvm-vg02-disk01 - Using all the space for encryption
# cgdisk /dev/sdc
sdb1, type: 8e00 Linux LVM, Label: lvm-vg02-disk02 - Using all the space for encryption
Creating lvm-vg02 first
# pvcreate /dev/sdb1 /dev/sdc1 (creating lvm physical volume for sdb1 and sdc1)
# vgcreate lvm-vg02 /dev/sdb1 /sdc1 (creating LVM volume group lvm-vg02 spanning disk sdb1 and sdc1)
# lvcreate -l 100%FREE -n data lvm-vg02 (backup/snapshots drive)
Generate 20kb of random data for a keyfile for use with encrypting and unlocking lvm-vg02 with a keyfile.
Which will be named lvm-vg02-data-key and located in root of usb installation disk
# dd if=/dev/urandom of=lvm-vg02-key bs=1024 count=20
lvm-vg02 encryption
cryptsetup -c aes-xts-plain64 -s 512 -h sha512 -i 5000 luksFormat /dev/mapper/lvm-vg02-data
Add in keyfile after creating passphrase
# cryptsetup luksAddKey /dev/mapper/data keyfile
unlock lvm-vg02-data
# cryptsetup --key-file lvm-vg02-key luksOpen /dev/mapper/lvm-vg02-data data
Creating filesysystems and swap
Creating fileSystems on /dev/sda
# mkfs.fat -F32 /dev/sda1 (boot drive will be fat32, *very important for type to be ef00 and fs is fat32*)
# mkfs.ext4 /dev/mapper/lvm--vg01-root (ext4 for root)
# mkswap /dev/mapper/lvm--vg01-swap (making swap partition)
# swapon /dev/mapper/lvm--vg01-swap (turning swap on)
# free -h (check to see if swap is on)
Creating fileSystems on lvm-vg02-data-unlocked
# mkfs.ext4 /dev/mapper/data
Create, mount, and install Arch Linux
# mount /dev/mapper/lvm--vg01-root /mnt (mount point /mnt/)
# mkdir /mnt/boot (create boot dir)
# mkdir /mnt/data (create data dir)
# mount /dev/sda1 /mnt/boot (mount point /mnt/boot)
# mount /dev/mapper/data /mnt/data (mount point /mnt/data)
Ethernet cord was plugged in during initial install, internet worked without additional steps
For wifi install stop dhcpcd@network-interface
# systemctl stop dhcpcd@enp0s25.service
Get wifi interface name
# ip link
Bring up wifi interface
# ip link set wlp3s0 up
Scan and connect to wifi network
# wifi-menu -o
If wifi is not connecting, try temporarily changing your wifi security settings from wpa2 to wpa.
Install arch linux base and wifi-menu
# pacstrap /mnt base base-devel dialog wpa_supplicant iw intel-ucode
Once installation completes, we will move our keyfile "lvm-vg02-key" to a location on /mnt/luks-keys
# mkdir /mnt/luks-keys
# mv lvm-vg02-key /mnt/luks-keys/ (copy keyfile to secure location)
Make a backup of the key
cp lvm-vg02-key lvm-vg02-key-backup
Find UUID of lvm-vg02-data-unlocked
# ls -al /dev/mapper (locate lvm-vg02-data-unlocked label: dm-4)
# ls -al /dev/disk/by-uuid
# lsblk -o name,uuid,mountpoint
Record UUID for dm-4
Add entry in crypttab
# nano /mnt/etc/crypttab
Add in this line to auto-unlock lvm--vg02-data at boot time:
data UUID=uuid in here /luk-keys/lvm-vg02-key luks,allow-discard
Generate fstab
# genfstab -U /mnt >> /mnt/etc/fstab
Add discard option onto /boot, /dev/mapper/lvm-vg01-root, and lvm-vg01-swap
# nano /mnt/etc/fstab
# arch-chroot /mnt (chrooting into system)
Timezone
# ln -sf /usr/share/zoneinfo/America/Chicago /etc/localtime
Generate /etc/localtime
# hwclock --systohc
Locale Settings for United States
# nano /etc/locale.gen
Then uncomment: en.US.UTF UTF-8
Generate locale
# locale-gen
Set Language Variable
# echo LANG=en_US.UTF-8 > /etc/locale.conf
Configure hostname
# echo arch-linux > /etc/hostname
Add matching entry to:
# nano /etc/hosts
127.0.0.1 arch-linux.localdomain arch-linux (Add this to /etc/hosts file)
Add hooks to initramfs
# nano /etc/mkinitcpio.conf
Add the following hooks in this exact order:
keymap encrypt lvm2 resume
Add in between block and filesystems, should look like this:
HOOKS="base udev autodetect modconf block keymap encrypt lvm2 resume filesystems keyboard fsck"
Generate initial ramdisk environment
# mkinitcpio -p linux
Add discard option for SSD trim in /etc/lvm/lvm.conf
# nano /etc/lvm/lvm.conf --> issue_discards = 1
Set Password for root
# passwd
Create User
# useradd -m -G wheel,storage,audio,power -s /bin/bash username
Set User Password
# passwd username
Edit sudoers
# EDITOR=nano visudo
Uncomment: %wheel ALL=(ALL) allow
Systemd-Bootloader Install on UEFI firmware system
# bootctl install
Bootloader Configuration
# nano /boot/loader/loader.conf
Add the following:
default arch
timeout 1
editor 0
Add entries and kermel options
# nano /boot/loader/entries/arch.conf
Add the following:
title [[ Arch Linux ]] ( Could basically write anything here, title will show up on boot)
linux /vmlinuz-linux
initrd /intel-ucode.img
initrd /initramfs-linux.img
options cryptdevice=/dev/sda2:crypt-disk01 root=/dev/mapper/lvm--vg01-root resume=/dev/mapper/lvm--vg01-swap rw quiet
Installation Complete. Remove USB installation media and reboot
# reboot