The Arch Way
So in the Linux world, like in any other tech fields, there are kids, the men, and then the real men. When you start using Linux, most probably, you are the new kid in town, occasionally cursing things here and there for not being like you saw stuff in windows. Some get enlightened and become teens and then the Men. Finally, then they become the real men.
If you know what I mean, its about the various distros people tend to use during their time being in the Linux world an get acquainted to it. Eventually all those real men might stick to what they like, which could be Ubuntu, Fedora or whatever. But while going through those various phases, there are certain things they should do, to become those!
The Kids - They must have installed Ubuntu on their own
The Men - They must have installed Arch Linux on their own
The Real Men - Heard of Gentoo? That's probably the daily driver for the ultra advanced Linux geeks!
I'm not there yet though! I just found some time to install Arch Linux. I've used it in the past, but never cared to install it from scratch!
Why put it here?
Because the Arch Wiki so exhaustive that you will drown in information. For a basic installation, its all good. It has got and excellent Beginner's Guide. But if you want to slightly more advanced, it might become a tedious job to figure out what to do and in which order. For me, I wanted to install the system with root filesystem encrypted. When I checked Arch wiki, I quickly lost the flow, since there were too many cases to deal with, and the information is scattered across various pages. So I am putting here the steps I did in a chronological order so that you might find it easy to install!
You should use this as a complimentary material to the official installation guide. There is no point in repeating each and every step. I'll just highlight the gotchas and key points.
Lets do it!
All right, so we are ready to install the mighty Arch Linux. Go get the ISO image. Choose the dual image.
Get your media ready
If you are on Linux, easiest way is to use
dd command. This is a destructive method. Contents of your Flash drive will be lost.
dd if=filename.iso of=/dev/sdX bs=4M && sync
Repleace /dev/sdx with whatever your flash drive's identification is. If you only have just this flash drive connected, it will be
/dev/sdb. However, I've seen laptops which have integrated SSD which will take the second place after your main disk, so as to become sdb, and then your flash drive becomes sdc. If you run that command with sda, then.. Puff! Everything on your disk is lost!
If you intend to have a dual booting system with Win8 or newer ones, then its a good time to disable
fastboot from within windows. Once that is done, go to firmware settings and disable
Secure Boot. Optionally, if you have a
fastboot mode in firmware, disable that too. Lets get rid of all evil Windows settings.
DO NOT change any boot modes like Legacy, UEFI or compatibility, or graphics modes from the firmware. Otherwise, the Crapposoft's OS might not boot.
I assume that you have booted up from the newly created flash media, and that you are in a root shell. If you are using a recent computer, you must disable
secureboot and optionally
fastboot mode from the firmware settings. If you want to change keyboard layout, do that as mentioned in the first step of the installation manual.
Try pinging google.com. If you dont have connectivity, its probably because the required services are not started. Just use do:
systemctl start dhcpcd
interface is your ethernet adapter's name. You can get that from
There is nothing much to tell, do it as mentioned in the official guide.
This is probably the most difficult thing to do. We will assume a not so simple yet not so complex style of partitioning. First try to make some sense out the official docs. That should explain the GPT vs MBR thing.
My requirement is that we need to encrypt the root partition. In addition to the
SWAP partition, and any other extra mount points or data partitions, you dont need to create any extra partition, except for the root partition itself. A simplified partitioning scheme would look like below:
NAME SIZE MOUNTPOINT TYPE sda ├─sda1 200M /boot Linux ├─sda2 20G / Linux ├─sda3 2G None swap Free Space
You can use any tool to get this done as mentioned in the official guide. Till here, everthing is straighforward. Now you need to set up encryption for your root partition.
For simplicity, lets not worry about encrypting the Swap and Boot. Though for high security, its recommended to have both these dealt with.
It stands for
Linux Unified Key Setup. It is a standard, which is implemented in Linux through
dm-crypt backend and these tools (userspace) are invoked through a program called
Creating a encrypted device
First we will set up the encrypted partition. We will use the space we reserved for the root partition,
cryptsetup -v luksFormat /dev/sda1
You will be prompted for a password. Dont forget that password, BTW. You can add multiple passwords if you wish. For more details regarding the various options you can change, like encryption algorithm, key size, etc, refer to the Arch Wiki.
Now open the same device we just created:
cryptsetup open --type luks /dev/sda2 root
root is a name we specify. If you wish, you can say
archroot or something like that. This name will show up as the mapped name of this encrypted partition once its unlocked. You then use this as
/dev/mapper/root. It is a virtual standard partition once you unlock.
Now its time for format the root and boot partition with your favorite file system:
mkfs -t ext4 /dev/mapper/root mkfs -t ext4 /dev/sda1
Now lets setup
mkswap /dev/sda3 swapon /dev/sda3
Time to mount all these partitions to our new installation's location.
mount -t ext4 /dev/mapper/root /mnt mount -t ext4 /dev/sda1 /mnt/boot
Install the Arch Linux base
After you configure the mirrorlist as mentioned in official guide you can use the pacstrap command. I suggest you install your choice of bootloader now itself, rather than in the order mentioned in the official section so that its done in one step. You might have a dependency issue if you try to install all of them in one go. So do this:
pacstrap /mnt base base-devel pacstrap /mnt grub os-prober
If you are on a newer system, which comes with EFI firmware, you get to choose between the
Now go to the newly installed system,
cd /mnt. We need to configure the fstab, crypttab, ramdisk image and bootloader configuration. These files are the most crucial stuff because without them you wont be able to boot into the newly installed system.
It will detect your swap partition automatically:
genfstab -U /mnt > /mnt/etc/fstab
Check the generated file and double check if the entries are correct.
This files is the one which is run before fstab for mounting your partition. Here you mention how to unlock the encrypted partition that provides the root partition, which we just configured in
root /dev/sda1 none luks,timeout=180
none is the password field, which will show up a prompt while booting up for you to enter the password.
root is the name as it will appear like
/mnt/etc/mkinitcpio.conf has the required configuration which will be used to generate the Initial Ramdisk for the target system we are installing. Append
encrypt to the line starting
HOOKS =. It should look something like
HOOKS="udev usb ... keyboard encrypt"
Chroot and Ramdisk generation
Now you actually enter the new system with
arch-chroot /mnt /bin/bash
Now you edit the default settings for the bootloader so that the kernel will be able to find the root file system, device to hibernate, etc. Edit the file
/etc/default/grub. Change the line
GRUB_CMDLINE_LINUX_DEFAULT="cryptdevice=/dev/sda1:root root=/dev/mapper/root resume=/dev/sda3"
Now just install the bootloader and update the configuration:
grub-install /dev/sda grub-mkconfig -o /boot/grub2/grub.cfg exit
Done! Now reboot to enter into your new system!
Now that we have installed the bare basic linux system using ample amount of advanced features, we can build on this and make things little more advanced, like having LVM on top of an encrypted partition, encrypting swap and boot, etc.