Systems Integration

Installing Arch Linux with LUKS system encryption under LVM and Bios-GPT with Grub2

Offering a recipe for installing Arch Linux on a Laptop, with swap and system-disk encryption (allowing for secure suspend-to-disk), multiple access keys (file and passphrase).

Originally written by Earnestly (#archlinux on freenode)
Modified by witquicked

Mount Size Description Device
  2M EF02 BIOS Boot /dev/sdX1
/boot 150M Kernel & Grub /dev/sdX2
  +Remaining Extended Partition /dev/sdX3
LUKS ALL /dev/sdX3 LUKS Encrypted  
LVM PV ALL /dev/sdX3 LVM Physical Volume /dev/mapper/arch
/ #G
(Disk size – 40% RAM)
LVM Logical Volume /dev/mapper/arch-root
swap +Remaining (40% of RAM) LVM LV /dev/mapper/arch-swap

: Partitioning
1. gdisk /dev/sdX1 0xEF02
   gdisk /dev/sdX2 boot
   gdisk /dev/sdX3 LVM
2. cryptsetup -c aes-xts-plain -s 2048 luksFormat /dev/sdX3 /media/usbstick/XXXXX.jpg
   cryptsetup luksAddKey –key-file /media/usbstick/XXXXX.jpg –key-slot 1 -v /dev/sdX3
3. cryptsetup luksOpen –key-file /media/usbstick/XXXXX.jpg /dev/sdX3 arch
4. pvcreate /dev/mapper/arch
5. vgcreate archvg /dev/mapper/arch
6. lvcreate -L #G -n root
   lvcreate -l 100%FREE -n swap
7. mkswap /dev/mapper/archvg-swap
   swapon /dev/mapper/archvg-swap
   mkfs.ext2 -L boot /dev/sdX2
   mkfs.ext4 -L root /dev/mapper/archvg-root

: Mounting
1. mount /dev/mapper/archvg-root /mnt
2. mkdir /mnt/boot
   mount /dev/sdX2 /mnt/boot

: Installation
1. pacstrap /mnt base base-devel grub-bios
2. genfstab -p /mnt >> /mnt/etc/fstab
3. arch-chroot /mnt

: Configuration
1. vi /etc/hostname
2. vi /etc/vconsole.conf | KEYMAP="dvorak"
3. vi /etc/locale.gen && locale-gen
4. vi /etc/locale.conf | LANG="en_US.UTF-8"
                       | LC_COLLATE="C"
5. ln -s /usr/share/zoneinfo/America/Los_Angeles /etc/localtime
6. vi /etc/mkinitcpio.conf | HOOKS="…usb usbinput keymap encrypt lvm2 filesystems…"
                           | MODULES="vfat ext2 ext4"
7. mkinitcpio -p linux
8. vi /etc/default/grub | APPEND TO GRUB_CMDLINE_LINUX
                        | cryptdevice=/dev/sdX3:arch:allow-discards
                        | cryptkey=/dev/disk/by-uuid/XXXX-XXXX:vfat:XXXXX.jpg
   grub-mkconfig -o /boot/grub/grub.cfg
9. modprobe dm-mod
   grub-install –target=i386-pc –recheck –debug /dev/sdX
   if test ! -d /boot/grub/locale; then mkdir -p /boot/grub/locale; fi
   cp /usr/share/locale/en\@quot/LC_MESSAGES/grub.mo /boot/grub/locale/en.mo

: Housekeeping
1. exit
2. umount /mnt/{boot,home,foo}
   umount /mnt
3. reboot

2 thoughts on “Installing Arch Linux with LUKS system encryption under LVM and Bios-GPT with Grub2

  1. Pingback: Installing Arch Linux with system encryption on a Dell XPS 15z (L511z) | Fix it until it breaks

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s